JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0c:9f00:a000:4441::1

2a0c:9f00:a000:4441::1 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 96%: ?

96%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RARE MOOD AGENCY SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	raremood.agency
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0c:9f00:a000:4441::1

Whois 2a0c:9f00:a000:4441::1

IP Abuse Reports for 2a0c:9f00:a000:4441::1:

This IP address has been reported a total of 29 times from 19 distinct sources. 2a0c:9f00:a000:4441::1 was first reported on June 17th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 alferez	2026-06-21 10:21:20 (3 days ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇳🇱 e.fierstra	2026-06-21 05:56:00 (4 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
Anonymous	2026-06-20 22:59:18 (4 days ago)	[Drupal AbuseIPDB module] Request path is blacklisted. /.env.bak	Web App Attack
🇫🇷 SpaceHost-Server	2026-06-20 22:30:26 (4 days ago)		Brute-Force Web App Attack
Anonymous	2026-06-20 16:53:40 (4 days ago)	2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:05 +0200] "GET /secrets.json HTTP/1.1" 404 29902 2a0c: ... show more 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:05 +0200] "GET /secrets.json HTTP/1.1" 404 29902 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:05 +0200] "GET /application.yml HTTP/1.1" 404 29902 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:06 +0200] "GET /secrets.yml HTTP/1.1" 404 29902 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:06 +0200] "GET /google-services.json HTTP/1.1" 404 29902 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:16 +0200] "GET /application.properties HTTP/1.1" 404 29902 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:21 +0200] "GET /config/secrets.yml HTTP/1.1" 404 29902 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:28 +0200] "GET /firebase-messaging-sw.js HTTP/1.1" 404 29902 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:33 +0200] "GET /config.js HTTP/1.1" 404 29902 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:33 +0200] "GET /openapi.json HTTP/1.1" 404 29902 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:18:53:33 +0200] "GET /config.json HTTP/1.1" 404 29902 ... show less	Web Spam Web App Attack
🇺🇦 URAN Publishing Service	2026-06-20 10:34:29 (4 days ago)	2a0c:9f00:a000:4441::1 - - [20/Jun/2026:13:34:24 +0300] "GET /api/.env HTTP/1.1" 404 4656 "-" "Mozil ... show more 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:13:34:24 +0300] "GET /api/.env HTTP/1.1" 404 4656 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]" ... show less	Web App Attack
🇩🇪 macrob	2026-06-20 09:28:04 (4 days ago)	2026/06/20 09:28:02 [error] 3184354#3184354: 318389547 access forbidden by rule, client: 2a0c:9f00: ... show more 2026/06/20 09:28:02 [error] 3184354#3184354: 318389547 access forbidden by rule, client: 2a0c:9f00:a000:4441::1, server: bin-spin.com, request: "GET /.aws/credentials HTTP/1.1", host: "bin-spin.com" 2026/06/20 09:28:02 [error] 3184354#3184354: 318389548 access forbidden by rule, client: 2a0c:9f00:a000:4441::1, server: bin-spin.com, request: "GET /.env HTTP/1.1", host: "bin-spin.com" 2026/06/20 09:28:02 [error] 3184354#3184354: 318389549 access forbidden by rule, client: 2a0c:9f00:a000:4441::1, server: bin-spin.com, request: "GET /.env.example HTTP/1.1", host: "bin-spin.com" ... show less	Web App Attack
🇩🇪 Hazzard	2026-06-20 08:15:02 (4 days ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted]): (CF_ENABLE)	Bad Web Bot
🇪🇸 alferez	2026-06-20 04:36:21 (5 days ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇺🇦 URAN Publishing Service	2026-06-20 03:20:46 (5 days ago)	2a0c:9f00:a000:4441::1 - - [20/Jun/2026:06:20:35 +0300] "GET /api/.env HTTP/1.1" 404 680 "-" "CCBot/ ... show more 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:06:20:35 +0300] "GET /api/.env HTTP/1.1" 404 680 "-" "CCBot/2.0 (https://commoncrawl.org/faq/)" 2a0c:9f00:a000:4441::1 - - [20/Jun/2026:06:20:43 +0300] "GET /app/.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 (compatible; Google-Extended/1.0; +http://www.google.com/bot.html)" ... show less	Web App Attack
🇮🇹 VHosting	2026-06-19 22:00:05 (5 days ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 21:40:18 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4441::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:4441::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 17:40:10.397243 2026] [security2:error] [pid 32396:tid 32396] [client 2a0c:9f00:a000:4441::1:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.socialstudiesforkids.com"] [uri "/api/.env"] [unique_id "ajW3OrIiltwTbwofUl8tSAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-19 21:06:59 (5 days ago)	[redacted] 2a0c:9f00:a000:4441::1 - - [19/Jun/2026:22:06:53 +0100] "GET /api/.env HTTP/1.1" 302 5320 ... show more [redacted] 2a0c:9f00:a000:4441::1 - - [19/Jun/2026:22:06:53 +0100] "GET /api/.env HTTP/1.1" 302 5320 0/213530 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1.0; +https://[redacted]/perplexitybot" [redacted] 2a0c:9f00:a000:4441::1 - - [19/Jun/2026:22:06:58 +0100] "GET /.[redacted] HTTP/1.1" 302 1559 0/52963 "-" "Mozilla/5.0 (compatible; Amazonbot/0.1; +https://[redacted]/support/amazonbot)" [redacted] 2a0c:9f00:a000:4441::1 - - [19/Jun/2026:22:06:58 +0100] "GET /.env HTTP/1.1" 302 1559 0/66166 "-" "CCBot/2.0 (https://[redacted]/faq/)" [redacted] 2a0c:9f00:a000:4441::1 - - [19/Jun/2026:22:06:58 +0100] "GET /.aws/credentials HTTP/1.1" 302 1559 0/60457 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; Perplexity-User/1.0; +https://[redacted]/perplexity-user" show less	Bad Web Bot Web App Attack
🇩🇪 MarkGGN	2026-06-19 20:26:51 (5 days ago)	Web attack. 2a0c:9f00:a000:4441::1 - - [19/Jun/2026:22:26:50 +0200] "GET /.env.example HTTP/2.0" 403 ... show more Web attack. 2a0c:9f00:a000:4441::1 - - [19/Jun/2026:22:26:50 +0200] "GET /.env.example HTTP/2.0" 403 146 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://www.apple.com/go/applebot)" 2a0c:9f00:a000:4441::1 - - [19/Jun/2026:22:26:50 +0200] "GET /api/.env HTTP/2.0" 403 146 "-" "Mozilla/5.0 (compatible; Claude-Web/1.0; +https://www.anthropic.com)" show less	Web App Attack
🇳🇱 e.fierstra	2026-06-19 19:23:37 (5 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.82

🇭🇰 45.192.184.50

🇬🇧 35.203.211.30

🇷🇺 217.197.236.114

🇺🇸 195.184.76.217

🇮🇶 169.224.89.123

🇵🇭 122.54.227.170

🇪🇪 109.206.241.199

🇺🇸 97.107.129.112

🇫🇷 88.185.14.121

🇧🇬 79.124.62.230

🇹🇼 61.223.79.45

🇱🇹 45.227.254.170

🇺🇸 40.124.185.206

🇧🇪 34.53.146.8

🇧🇪 34.22.226.135

🇺🇸 20.65.192.214

🇨🇦 15.235.27.44

🇺🇸 216.25.89.92

🇨🇳 183.153.32.85