JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0b:8bc0:2:b57a::1

2a0b:8bc0:2:b57a::1 was found in our database!

This IP was reported 222 times. Confidence of Abuse is 55%: ?

55%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	NextGenWebs, S.L.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41608
Domain Name	nextgenwebs.es
Country	🇳🇱 Netherlands
City	Dronten, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0b:8bc0:2:b57a::1

Whois 2a0b:8bc0:2:b57a::1

IP Abuse Reports for 2a0b:8bc0:2:b57a::1:

This IP address has been reported a total of 222 times from 98 distinct sources. 2a0b:8bc0:2:b57a::1 was first reported on April 13th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇳 evicky2002	2026-05-30 08:05:12 (2 weeks ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇨🇭 4server	2026-05-05 16:08:34 (1 month ago)	[TueMay0518:08:29.4578702026][security2:error][pid3260699:tid3261871][client2a0b:8bc0:2:b57a::1:0]Mo ... show more [TueMay0518:08:29.4578702026][security2:error][pid3260699:tid3261871][client2a0b:8bc0:2:b57a::1:0]ModSecurity:Accessdeniedwithcode403$phase1$.Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"cpcalendars.edilmarra.ch\"][uri\"/.env.local\"][unique_id\"afoV_RZ4AZOwhrIRqVhIfgAAAIU\"] show less	Hacking Web App Attack
🇩🇪 big-cloud.nl	2026-05-05 16:07:40 (1 month ago)	Try to access /app/.env	Web App Attack
🇩🇪 gadix	2026-05-05 06:52:48 (1 month ago)	[05/May/2026:08:52:46.434496 +0200] afmTvhFsSGe0V-ov6HTrRAAAAEI 2a0b:8bc0:2:b57a::1 36248 127.0.0.1 ... show more [05/May/2026:08:52:46.434496 +0200] afmTvhFsSGe0V-ov6HTrRAAAAEI 2a0b:8bc0:2:b57a::1 36248 127.0.0.1 7081 [05/May/2026:08:52:46.641369 +0200] afmTvgFSgkOTcVDqxhl9IwAAAA4 2a0b:8bc0:2:b57a::1 36260 127.0.0.1 7081 [05/May/2026:08:52:46.643498 +0200] afmTvhFsSGe0V-ov6HTrRQAAAEg 2a0b:8bc0:2:b57a::1 36272 127.0.0.1 7081 ... show less	Web App Attack
🇫🇷 HerrWolf	2026-05-05 05:45:02 (1 month ago)	CrowdSec Detection: crowdsecurity/http-sensitive-files	Web App Attack
🇫🇷 lindi	2026-05-04 21:32:59 (1 month ago)	Probing for resource vulnerabilities ...	Web Spam Brute-Force Bad Web Bot Exploited Host Web App Attack
🇺🇸 technojoe99	2026-05-04 20:43:03 (1 month ago)	Exploit scan from 2a0b:8bc0:2:b57a::1. GET /secrets.json HTTP/1.1.	Web App Attack
🇩🇪 4server	2026-05-04 19:25:43 (1 month ago)	[MonMay0421:25:41.3151212026][security2:error][pid625348:tid625419][client2a0b:8bc0:2:b57a::1:0]ModS ... show more [MonMay0421:25:41.3151212026][security2:error][pid625348:tid625419][client2a0b:8bc0:2:b57a::1:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"kvsm-blackstone.com\"][uri\"/api/.env\"][unique_id\"afjytTxO6GFG1J-c3ublUwAAAIM\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 dbmwebdesign	2026-05-04 16:00:50 (1 month ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇩🇪 LRob.fr	2026-05-04 09:00:13 (1 month ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇩🇪 Gwyneth Llewelyn	2026-05-04 07:28:08 (1 month ago)	2a0b:8bc0:2:b57a::1 - - [04/May/2026:08:28:05 +0100] "GET /.env HTTP/2.0" 302 138 "-" "Mozilla/5.0 ( ... show more 2a0b:8bc0:2:b57a::1 - - [04/May/2026:08:28:05 +0100] "GET /.env HTTP/2.0" 302 138 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:149.0) Gecko/20100101 Firefox/149.0" 2026/05/04 08:28:06 [error] 2316#2316: 309589 access forbidden by rule, client: 2a0b:8bc0:2:b57a::1, server: simetria.org, request: "GET /www2.simetria.org/.env HTTP/2.0", host: "www2.simetria.org", referrer: "https://www2.simetria.org/.env" 2026/05/04 08:28:06 [error] 2316#2316: 309594 access forbidden by rule, client: 2a0b:8bc0:2:b57a::1, server: simetria.org, request: "GET /www2.simetria.org/app/.env HTTP/2.0", host: "www2.simetria.org", referrer: "https://www2.simetria.org/app/.env" show less	Brute-Force Web App Attack
🇩🇪 ramazan	2026-05-03 15:47:09 (1 month ago)	Fail2Ban: nginx-4xx \| Failures: 10 \| Log: /.aws/credentials /.env /.env.local /.env.production /api/ ... show more Fail2Ban: nginx-4xx \| Failures: 10 \| Log: /.aws/credentials /.env /.env.local /.env.production /api/.env show less	Web App Attack Hacking
🇫🇷 dynamix	2026-05-03 09:40:18 (1 month ago)	Multiple WAF Violations	Web App Attack
🇫🇷 LRNP	2026-05-03 01:19:13 (1 month ago)	mirror2.urbanterror.info:443 2a0b:8bc0:2:b57a::1 - - [03/May/2026:01:19:12 +0000] "GET /.env HTTP/1. ... show more mirror2.urbanterror.info:443 2a0b:8bc0:2:b57a::1 - - [03/May/2026:01:19:12 +0000] "GET /.env HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0" ... show less	Bad Web Bot Web App Attack
🇧🇪 boxed-it	2026-05-02 22:54:21 (1 month ago)	GET /.env (Tarpitted for 1d15h8m29s, wasted 8.06MB)	Web App Attack

Showing 1 to 15 of 222 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 182.105.123.10

🇧🇾 178.124.221.15

🇧🇷 131.161.249.165

🇫🇷 85.217.140.26

🇵🇱 45.141.233.69

🇰🇷 218.146.163.192

🇺🇸 209.90.232.26

🇧🇪 198.235.24.151

🇺🇸 165.154.218.169

🇹🇼 110.25.109.52

🇺🇸 108.170.28.178

🇳🇱 89.21.67.160

🇯🇵 82.40.35.104

🇸🇪 81.226.129.67

🇷🇴 80.94.92.120

🇩🇪 69.5.169.3

🇺🇸 68.235.62.179

🇯🇵 45.113.82.153

🇹🇼 34.81.221.113

🇩🇪 31.77.156.62