JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0c:9f00:a000:20d1::1

2a0c:9f00:a000:20d1::1 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 93%: ?

93%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RARE MOOD AGENCY SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	raremood.agency
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0c:9f00:a000:20d1::1

Whois 2a0c:9f00:a000:20d1::1

IP Abuse Reports for 2a0c:9f00:a000:20d1::1:

This IP address has been reported a total of 35 times from 19 distinct sources. 2a0c:9f00:a000:20d1::1 was first reported on June 17th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-22 22:03:03 (4 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-21. show less	Web App Attack SSH Hacking
🇳🇱 CryptoYakari	2026-06-21 13:24:16 (6 days ago)	2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:16:24:09 +0300] "GET /application.yml HTTP/1.0" 404 6995 "-" ... show more 2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:16:24:09 +0300] "GET /application.yml HTTP/1.0" 404 6995 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]" 2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:16:24:09 +0300] "GET /secrets.yml HTTP/1.0" 404 3515 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; OAI-SearchBot/1.0; +https://openai.com/searchbot" 2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:16:24:09 +0300] "GET /wp-content/debug.log HTTP/1.0" 404 3515 "-" "anthropic-ai" 2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:16:24:09 +0300] "GET /secrets.json HTTP/1.0" 404 3515 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ChatGPT-User/1.0; +https://openai.com/bot" 2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:16:24:15 +0300] "GET /application.properties HTTP/1.0" 404 3515 "-" "anthropic-ai" ... show less	Web Spam Blog Spam Web App Attack Bad Web Bot
🇺🇦 URAN Publishing Service	2026-06-21 12:40:19 (6 days ago)	2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:15:40:19 +0300] "GET /wp-content/debug.log HTTP/1.1" 404 628 ... show more 2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:15:40:19 +0300] "GET /wp-content/debug.log HTTP/1.1" 404 628 "-" "Mozilla/5.0 (compatible; Claude-Web/1.0; +https://www.anthropic.com)" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 04:31:05 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:20d1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:20d1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 00:30:57.613713 2026] [security2:error] [pid 25552:tid 25608] [client 2a0c:9f00:a000:20d1::1:41990] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.econpage.com"] [uri "/.env.backup"] [unique_id "ajdpAWj6OoGkNQsglMe_pwAAAIA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 gadix	2026-06-21 03:10:34 (6 days ago)	[21/Jun/2026:05:10:33.360112 +0200] ajdWJzKbcPVMshJXamncIQAAACE 2a0c:9f00:a000:20d1::1 41578 127.0.0 ... show more [21/Jun/2026:05:10:33.360112 +0200] ajdWJzKbcPVMshJXamncIQAAACE 2a0c:9f00:a000:20d1::1 41578 127.0.0.1 7081 [21/Jun/2026:05:10:33.361958 +0200] ajdWJ6oRPL9bu6KcVdGA9wAAAAM 2a0c:9f00:a000:20d1::1 41554 127.0.0.1 7081 [21/Jun/2026:05:10:33.378889 +0200] ajdWJ8l8fdDxkN8DR9fZVgAAAAI 2a0c:9f00:a000:20d1::1 41536 127.0.0.1 7081 ... show less	Web App Attack
🇺🇦 URAN Publishing Service	2026-06-21 00:36:46 (6 days ago)	2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:03:36:46 +0300] "GET /api/.env HTTP/1.1" 404 680 "-" "Mozill ... show more 2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:03:36:46 +0300] "GET /api/.env HTTP/1.1" 404 680 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1.0; +https://perplexity.ai/perplexitybot" 2a0c:9f00:a000:20d1::1 - - [21/Jun/2026:03:36:46 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" ... show less	Web App Attack
🇫🇷 SpaceHost-Server	2026-06-20 22:30:26 (6 days ago)		Brute-Force Web App Attack
🇩🇪 Mr-Money	2026-06-20 18:48:50 (1 week ago)	2a0c:9f00:a000:20d1::1 - - [20/Jun/2026:20:48:49 +0200] "GET /.env.example HTTP/1.1" 404 381 "-" "Mo ... show more 2a0c:9f00:a000:20d1::1 - - [20/Jun/2026:20:48:49 +0200] "GET /.env.example HTTP/1.1" 404 381 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" ... show less	Hacking SQL Injection Bad Web Bot Exploited Host Web App Attack
🇩🇪 juutis	2026-06-20 17:59:13 (1 week ago)	Multiple WAF abuses - IP blocked	Hacking Brute-Force Web App Attack
🇩🇪 london2038.com	2026-06-20 17:58:16 (1 week ago)	Probing for exploits 2a0c:9f00:a000:20d1::1 - - [20/Jun/2026:19:58:13 +0200] "GET /.env HTTP/2.0" 42 ... show more Probing for exploits 2a0c:9f00:a000:20d1::1 - - [20/Jun/2026:19:58:13 +0200] "GET /.env HTTP/2.0" 422 0 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ChatGPT-User/1.0; +https://openai.com/bot" 2a0c:9f00:a000:20d1::1 - - [20/Jun/2026:19:58:13 +0200] "GET /.env.example HTTP/2.0" 422 0 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1.0; +https://perplexity.ai/perplexitybot" show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 17:09:31 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:20d1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:20d1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 13:09:27.297759 2026] [security2:error] [pid 9065:tid 9065] [client 2a0c:9f00:a000:20d1::1:57114] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jerusalem-korczak-home.com"] [uri "/api/.env"] [unique_id "ajbJRy9hNaZ9gD_lmC1ikwAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-20 16:37:22 (1 week ago)	[redacted] 2a0c:9f00:a000:20d1::1 - - [20/Jun/2026:17:37:19 +0100] "GET /.aws/credentials HTTP/1.1" ... show more [redacted] 2a0c:9f00:a000:20d1::1 - - [20/Jun/2026:17:37:19 +0100] "GET /.aws/credentials HTTP/1.1" 302 1544 0/107064 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1.0; +https://[redacted]/perplexitybot" [redacted] 2a0c:9f00:a000:20d1::1 - - [20/Jun/2026:17:37:19 +0100] "GET /.[redacted] HTTP/1.1" 302 5273 0/59319 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://[redacted]/go/applebot)" show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 13:22:48 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:20d1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:20d1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 09:22:41.016496 2026] [security2:error] [pid 11301:tid 11301] [client 2a0c:9f00:a000:20d1::1:45534] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.notariapenco.cl"] [uri "/.env"] [unique_id "ajaUIZ6kauambxfh39CXQwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 07:20:06 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:20d1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:20d1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 03:19:59.785090 2026] [security2:error] [pid 8832:tid 8832] [client 2a0c:9f00:a000:20d1::1:58808] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bewdleypizza.com"] [uri "/.env.example"] [unique_id "ajY_H7nWcSgNCigMxINeuAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 04:35:41 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:20d1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:20d1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 00:35:36.043443 2026] [security2:error] [pid 7329:tid 7329] [client 2a0c:9f00:a000:20d1::1:43562] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "caferutadelaseda.com"] [uri "/api/.env"] [unique_id "ajYYmDrXuYwUcf_v86y16gAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 35 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 212.132.64.89

🇺🇸 2600:1f14:2159:6a01:898:e848:2ede:80d1

🇩🇪 185.242.3.195

🇺🇸 170.106.74.215

🇺🇸 162.216.150.239

🇺🇸 64.94.159.234

🇰🇷 47.80.63.229

🇺🇸 20.98.140.180

🇬🇧 172.236.8.193

🇺🇸 162.216.149.227

🇸🇦 154.205.134.214

🇵🇱 95.214.53.157

🇩🇪 62.133.60.87

🇸🇬 47.128.61.16

🇸🇬 43.173.178.139

🇬🇧 35.203.210.7

🇺🇸 23.172.217.87

🇧🇷 177.74.175.83

🇮🇩 103.191.14.210

🇺🇸 91.230.168.220