JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0c:9f00:a000:50a1::1

2a0c:9f00:a000:50a1::1 was found in our database!

This IP was reported 40 times. Confidence of Abuse is 95%: ?

95%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RARE MOOD AGENCY SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	raremood.agency
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0c:9f00:a000:50a1::1

Whois 2a0c:9f00:a000:50a1::1

IP Abuse Reports for 2a0c:9f00:a000:50a1::1:

This IP address has been reported a total of 40 times from 18 distinct sources. 2a0c:9f00:a000:50a1::1 was first reported on June 17th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-22 22:03:41 (2 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-21. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-21 20:58:58 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 16:58:51.719734 2026] [security2:error] [pid 14686:tid 14686] [client 2a0c:9f00:a000:50a1::1:48640] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.act-research.com"] [uri "/.env"] [unique_id "ajhQi_NHtWWDlrjshHe0jwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 BlueWire Hosting	2026-06-21 20:57:36 (3 days ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇩🇪 4server	2026-06-21 20:52:29 (3 days ago)	[SunJun2122:52:26.8394092026][security2:error][pid961248:tid961269][client2a0c:9f00:a000:50a1::1:0]M ... show more [SunJun2122:52:26.8394092026][security2:error][pid961248:tid961269][client2a0c:9f00:a000:50a1::1:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"acquaallaspina.ch\"][uri\"/wp-content/debug.log\"][unique_id\"ajhPChEDcpGPBZq8EgkD4wAAAFI\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 20:34:00 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 16:33:53.589884 2026] [security2:error] [pid 11736:tid 11736] [client 2a0c:9f00:a000:50a1::1:50316] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "abstractorangemusic.com"] [uri "/.env"] [unique_id "ajhKsTfTM8mIlXdjmZPCkAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-06-21 20:23:03 (3 days ago)	(modsecurity) srv103 ModSecurity 2a0c:9f00:a000:50a1::1 (US/United States/-): 10 in the last 3600 se ... show more (modsecurity) srv103 ModSecurity 2a0c:9f00:a000:50a1::1 (US/United States/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 20:16:47 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 16:16:43.310212 2026] [security2:error] [pid 1474:tid 1479] [client 2a0c:9f00:a000:50a1::1:45004] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aapm.eu"] [uri "/api/.env"] [unique_id "ajhGq7M3OBsCcRuiCd98eQAAAYE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 6kilowatti	2026-06-21 19:49:35 (3 days ago)	2a0c:9f00:a000:50a1::1 - - [21/Jun/2026:22:49:34 +0300] "GET /.aws/credentials HTTP/1.1" 404 60 "-" ... show more 2a0c:9f00:a000:50a1::1 - - [21/Jun/2026:22:49:34 +0300] "GET /.aws/credentials HTTP/1.1" 404 60 "-" "Mozilla/5.0 (compatible; cohere-ai/1.0; +https://cohere.com)" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 19:48:03 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 15:47:58.909941 2026] [security2:error] [pid 18773:tid 18773] [client 2a0c:9f00:a000:50a1::1:59314] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.67ronin.com"] [uri "/.env"] [unique_id "ajg_7uQhwH_A3L-o48lQ1wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-21 19:37:40 (3 days ago)	Scenarios: http-sensitive-files Total requests: 64	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 19:30:57 (3 days ago)	(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 15:30:53.300678 2026] [security2:error] [pid 20222:tid 20222] [client 2a0c:9f00:a000:50a1::1:34084] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|48consultancy.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "48consultancy.com"] [uri "/wp-content/debug.log"] [unique_id "ajg77eZ_QsF1z3GKYL91egAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 19:12:21 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 15:12:14.372027 2026] [security2:error] [pid 10404:tid 10404] [client 2a0c:9f00:a000:50a1::1:55206] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "3905ccn.org"] [uri "/.env"] [unique_id "ajg3jrs48ciMIriYtVJQGQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 18:43:19 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:43:13.735809 2026] [security2:error] [pid 20699:tid 20699] [client 2a0c:9f00:a000:50a1::1:42358] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "2massociatesllc.com"] [uri "/.env"] [unique_id "ajgwwVe-z8vwfOYbJLw6mgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 17:23:35 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:50a1::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:23:28.677658 2026] [security2:error] [pid 9483:tid 9483] [client 2a0c:9f00:a000:50a1::1:48320] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.1214productions.com"] [uri "/api/.env"] [unique_id "ajgeEIbcjOe-VcLS6HNB1wAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-06-21 17:20:38 (3 days ago)	(modsecurity) srv201 ModSecurity 2a0c:9f00:a000:50a1::1 (US/United States/-): 10 in the last 3600 se ... show more (modsecurity) srv201 ModSecurity 2a0c:9f00:a000:50a1::1 (US/United States/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack

Showing 1 to 15 of 40 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 205.254.168.140

🇨🇱 34.176.166.98

🇷🇺 193.233.48.169

🇺🇸 166.239.184.117

🇺🇸 162.144.88.224

🇺🇸 136.119.87.148

🇸🇬 103.189.235.176

🇧🇩 103.114.97.97

🇬🇧 88.215.1.201

🇪🇸 82.223.15.252

🇨🇳 61.178.209.47

🇺🇦 45.11.57.172

🇮🇩 16.78.21.156

🇨🇭 13.105.180.76

🇺🇸 2a03:2880:f800:40::

🇭🇺 217.65.97.138

🇺🇸 203.88.119.100

🇬🇧 195.206.182.195

🇺🇸 162.216.150.13

🇩🇪 156.236.31.85