JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0c:9f00:a000:4196::1

2a0c:9f00:a000:4196::1 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 86%: ?

86%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RARE MOOD AGENCY SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	raremood.agency
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0c:9f00:a000:4196::1

Whois 2a0c:9f00:a000:4196::1

IP Abuse Reports for 2a0c:9f00:a000:4196::1:

This IP address has been reported a total of 43 times from 17 distinct sources. 2a0c:9f00:a000:4196::1 was first reported on June 17th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-22 22:03:04 (3 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-21. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-22 03:30:36 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 23:30:26.219443 2026] [security2:error] [pid 17652:tid 17652] [client 2a0c:9f00:a000:4196::1:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mindmaterial.io"] [uri "/backend/.env"] [unique_id "ajisUg8xQ1fxiFY_EZOSSgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Live Home Cams	2026-06-22 03:08:50 (3 days ago)	WebApp brute force attack detected. Multiple file scanning attempts from 2a0c:9f00:a000:4196::1. Det ... show more WebApp brute force attack detected. Multiple file scanning attempts from 2a0c:9f00:a000:4196::1. Detected by fail2ban. show less	Web App Attack Brute-Force
🇺🇸 TPI-Abuse	2026-06-22 02:30:35 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 22:30:30.407398 2026] [security2:error] [pid 2606:tid 2606] [client 2a0c:9f00:a000:4196::1:50042] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ryanc.net"] [uri "/.env"] [unique_id "ajieRrDj6y2m08j94uy_TQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Gwyneth Llewelyn	2026-06-22 01:57:36 (3 days ago)	2026/06/22 02:56:57 [error] 1094874#1094874: 74604 access forbidden by rule, client: 2a0c:9f00:a000 ... show more 2026/06/22 02:56:57 [error] 1094874#1094874: 74604 access forbidden by rule, client: 2a0c:9f00:a000:4196::1, server: lisboa.betatechnologies.info, request: "GET /backend/.env HTTP/2.0", host: "lisboa.betatechnologies.info", referrer: "http://lisboa.betatechnologies.info/backend/.env" 2026/06/22 02:57:31 [error] 1094874#1094874: 74619 access forbidden by rule, client: 2a0c:9f00:a000:4196::1, server: lisbon-pre-1755-earthquake.org, request: "GET /api/.env HTTP/2.0", host: "lisbon-pre-1755-earthquake.org", referrer: "http://lisbon-pre-1755-earthquake.org/api/.env" 2026/06/22 02:57:35 [error] 1094874#1094874: 74619 access forbidden by rule, client: 2a0c:9f00:a000:4196::1, server: lisbon-pre-1755-earthquake.org, request: "GET /.env HTTP/2.0", host: "lisbon-pre-1755-earthquake.org", referrer: "http://lisbon-pre-1755-earthquake.org/.env" show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 01:39:39 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 21:39:29.448684 2026] [security2:error] [pid 20327:tid 20327] [client 2a0c:9f00:a000:4196::1:44390] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lisadodd.com"] [uri "/.git/config"] [unique_id "ajiSUbdBBQnmJA7t_RHySQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 gadix	2026-06-22 00:54:41 (4 days ago)	[22/Jun/2026:02:54:36.733191 +0200] ajiHzIawhxptc3Xmzn_PyQAAAAc 2a0c:9f00:a000:4196::1 58608 127.0.0 ... show more [22/Jun/2026:02:54:36.733191 +0200] ajiHzIawhxptc3Xmzn_PyQAAAAc 2a0c:9f00:a000:4196::1 58608 127.0.0.1 7081 [22/Jun/2026:02:54:36.737532 +0200] ajiHzFJxStu9omJkpGlYvQAAAEA 2a0c:9f00:a000:4196::1 58636 127.0.0.1 7081 [22/Jun/2026:02:54:36.887369 +0200] ajiHzFJxStu9omJkpGlYvgAAAEE 2a0c:9f00:a000:4196::1 58646 127.0.0.1 7081 ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 00:27:54 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 20:27:47.757933 2026] [security2:error] [pid 6744:tid 6744] [client 2a0c:9f00:a000:4196::1:34972] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "linzylyne.com.easyweb-publishing.com"] [uri "/.env"] [unique_id "ajiBg72GbjdQPunDUv8E0QAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Aetherweb Ark	2026-06-21 23:55:43 (4 days ago)	(mod_security) mod_security (id:949110) triggered by 2a0c:9f00:a000:4196::1 (Unknown): N in the last ... show more (mod_security) mod_security (id:949110) triggered by 2a0c:9f00:a000:4196::1 (Unknown): N in the last X secs show less	Web App Attack
🇺🇸 ambor	2026-06-21 23:12:29 (4 days ago)	Honeypot triggered on tcpdata.com - Attempted to access /wp-content/debug.log (wordpress_probe). Use ... show more Honeypot triggered on tcpdata.com - Attempted to access /wp-content/debug.log (wordpress_probe). User-Agent: Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; GPTBot/1.2; +https://openai.com/gptbot show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 21:19:59 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 17:19:54.439480 2026] [security2:error] [pid 5121:tid 5253] [client 2a0c:9f00:a000:4196::1:43850] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "schoprint.com"] [uri "/.env.example"] [unique_id "ajhVeoSZLMaJZCHWRS3jkwAAAMw"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-21 20:41:34 (4 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 19:42:20 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 15:42:16.427254 2026] [security2:error] [pid 27807:tid 27807] [client 2a0c:9f00:a000:4196::1:60404] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|gunningphysio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gunningphysio.com"] [uri "/wp-content/debug.log"] [unique_id "ajg-mHYLrfwPHDiQWHowMgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 17:11:46 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:11:38.419004 2026] [security2:error] [pid 25662:tid 25679] [client 2a0c:9f00:a000:4196::1:39826] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|southsideeconomic.org\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "southsideeconomic.org"] [uri "/wp-content/debug.log"] [unique_id "ajgbSq9doAOLDpqK8Iu_5gAAAE8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 16:25:46 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4196::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 12:25:40.895929 2026] [security2:error] [pid 8529:tid 8575] [client 2a0c:9f00:a000:4196::1:53882] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "opticaldesignconcepts.com"] [uri "/.env"] [unique_id "ajgQhMyeEbFSG-p2cjwO-gAAAZM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.25.89.113

🇩🇪 51.89.44.65

🇨🇴 45.167.250.45

🇳🇱 45.148.10.157

🇰🇷 34.158.219.219

🇫🇷 34.155.115.59

🇨🇦 34.130.201.190

🇸🇬 34.124.147.232

🇺🇸 34.56.129.56

🇦🇷 186.132.215.105

🇸🇬 185.200.116.80

🇮🇳 122.186.174.35

🇿🇦 102.64.46.50

🇵🇱 83.168.89.49

🇨🇳 58.242.190.39

🇲🇾 49.125.201.69

🇺🇸 35.226.79.12

🇨🇱 34.176.98.2

🇰🇷 34.158.198.209

🇰🇷 34.64.43.232