JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0c:9f00:a000:5a87::1

2a0c:9f00:a000:5a87::1 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 81%: ?

81%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RARE MOOD AGENCY SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	raremood.agency
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0c:9f00:a000:5a87::1

Whois 2a0c:9f00:a000:5a87::1

IP Abuse Reports for 2a0c:9f00:a000:5a87::1:

This IP address has been reported a total of 18 times from 13 distinct sources. 2a0c:9f00:a000:5a87::1 was first reported on June 17th 2026, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Roderic	2026-06-20 03:48:17 (9 hours ago)	(apache-useragents) Failed apache-useragents trigger with match [redacted])	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-20 03:21:27 (10 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:5a87::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:5a87::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 23:21:23.847478 2026] [security2:error] [pid 25800:tid 25800] [client 2a0c:9f00:a000:5a87::1:40086] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "garon.us"] [uri "/.env.example"] [unique_id "ajYHM-csfQYKj11W-xCvqAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-19 23:01:18 (14 hours ago)	[redacted] 2a0c:9f00:a000:5a87::1 - - [19/Jun/2026:22:14:30 +0100] "GET /api/.env HTTP/1.1" 302 5315 ... show more [redacted] 2a0c:9f00:a000:5a87::1 - - [19/Jun/2026:22:14:30 +0100] "GET /api/.env HTTP/1.1" 302 5315 0/113237 "-" "Mozilla/5.0 (compatible; Applebot/0.1; +http://[redacted]/go/applebot)" [redacted] 2a0c:9f00:a000:5a87::1 - - [19/Jun/2026:22:14:30 +0100] "GET /.env HTTP/1.1" 302 5283 0/355001 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:support@[redacted]" show less	Bad Web Bot Web App Attack
🇨🇦 Anytech	2026-06-19 22:33:30 (15 hours ago)	Blocked by Conn-Monitor: Web scanning activity	Hacking Web App Attack
🇫🇷 Baking333	2026-06-19 21:14:33 (16 hours ago)	[redacted] 2a0c:9f00:a000:5a87::1 - - [19/Jun/2026:22:14:24 +0100] "GET /.[redacted] HTTP/1.1" 302 5 ... show more [redacted] 2a0c:9f00:a000:5a87::1 - - [19/Jun/2026:22:14:24 +0100] "GET /.[redacted] HTTP/1.1" 302 5283 0/65384 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:support@[redacted]" [redacted] 2a0c:9f00:a000:5a87::1 - - [19/Jun/2026:22:14:30 +0100] "GET /.aws/credentials HTTP/1.1" 302 5283 0/78489 "-" "meta-externalagent/1.1 (+https://[redacted]/docs/sharing/webmasters/crawler)" show less	Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2026-06-19 20:27:56 (17 hours ago)	2a0c:9f00:a000:5a87::1 - - [19/Jun/2026:23:27:43 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5. ... show more 2a0c:9f00:a000:5a87::1 - - [19/Jun/2026:23:27:43 +0300] "GET /.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 (compatible; cohere-ai/1.0; +https://cohere.com)" 2a0c:9f00:a000:5a87::1 - - [19/Jun/2026:23:27:55 +0300] "GET /app/.env HTTP/1.1" 404 628 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:[email protected]" ... show less	Web App Attack
Anonymous	2026-06-19 19:15:02 (18 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-19 15:57:01 (21 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:5a87::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:5a87::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 11:56:54.165521 2026] [security2:error] [pid 8823:tid 8823] [client 2a0c:9f00:a000:5a87::1:49084] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "addisonchiropracticcenter.com"] [uri "/.env.example"] [unique_id "ajVmxrRfRsVMIcG__fNRIgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-06-19 14:16:40 (23 hours ago)	Try to access /.aws/credentials	Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 13:39:32 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:5a87::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:5a87::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 09:39:27.464416 2026] [security2:error] [pid 16433:tid 16534] [client 2a0c:9f00:a000:5a87::1:35486] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "achillconsulting.com"] [uri "/api/.env"] [unique_id "ajVGj00S-X6-BDNty8bRwAAAAQM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 12:58:44 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:5a87::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:5a87::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 08:58:39.868504 2026] [security2:error] [pid 28221:tid 28221] [client 2a0c:9f00:a000:5a87::1:46078] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "acatucson.com"] [uri "/.env"] [unique_id "ajU8_1lxq4w6R-FOBkJr0AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Aetherweb Ark	2026-06-19 10:52:59 (1 day ago)	(mod_security) mod_security (id:949110) triggered by 2a0c:9f00:a000:5a87::1 (Unknown): N in the last ... show more (mod_security) mod_security (id:949110) triggered by 2a0c:9f00:a000:5a87::1 (Unknown): N in the last X secs show less	Web App Attack
🇩🇪 LRob.fr	2026-06-18 07:00:13 (2 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇫🇷 conseilgouz	2026-06-17 18:27:56 (2 days ago)	sae-88 : Bloc AI bots=>/google-services.json(meta-external)	Hacking
🇮🇹 VHosting	2026-06-17 17:40:03 (2 days ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 165.154.231.236

🇳🇱 160.119.76.19

🇺🇸 147.185.132.179

🇻🇳 103.48.192.48

🇺🇸 66.132.224.92

🇰🇷 211.216.58.204

🇳🇱 193.176.31.198

🇮🇹 188.152.238.126

🇩🇪 151.243.11.37

🇫🇮 147.185.133.136

🇩🇪 134.122.82.83

🇮🇳 123.253.162.254

🇨🇦 85.217.149.55

🇱🇹 81.30.98.144

🇺🇸 66.132.172.221

🇫🇷 51.83.10.237

🇩🇪 46.101.106.81

🇳🇱 45.148.10.147

🇲🇽 45.134.9.27

🇷🇺 31.173.12.28