JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0c:9f00:a000:6de5::1

2a0c:9f00:a000:6de5::1 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 100%: ?

100%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RARE MOOD AGENCY SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	raremood.agency
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0c:9f00:a000:6de5::1

Whois 2a0c:9f00:a000:6de5::1

IP Abuse Reports for 2a0c:9f00:a000:6de5::1:

This IP address has been reported a total of 49 times from 24 distinct sources. 2a0c:9f00:a000:6de5::1 was first reported on June 17th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-23 21:59:13 (2 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-22. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-21 21:40:16 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 17:40:12.349967 2026] [security2:error] [pid 31668:tid 31668] [client 2a0c:9f00:a000:6de5::1:44176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.couturebikini.com"] [uri "/api/.env"] [unique_id "ajhaPL7VQ23i0itTx2VYMQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 20:22:41 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 16:22:36.077681 2026] [security2:error] [pid 12990:tid 12990] [client 2a0c:9f00:a000:6de5::1:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|colonybet.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "colonybet.com"] [uri "/wp-content/debug.log"] [unique_id "ajhIDPdNhw5scKfVtb3bdQAAAEc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 19:42:28 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 15:42:25.354377 2026] [security2:error] [pid 7013:tid 7013] [client 2a0c:9f00:a000:6de5::1:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.cloudbursttechnologies.com"] [uri "/app/.env"] [unique_id "ajg-oalfppxuAzxr34urfwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 BlueWire Hosting	2026-06-21 19:25:16 (4 days ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇳🇱 Site.eu	2026-06-21 19:08:33 (4 days ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-06-21 18:32:25 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:32:18.033841 2026] [security2:error] [pid 3912:tid 3912] [client 2a0c:9f00:a000:6de5::1:55642] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.chiggerland.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.chiggerland.com"] [uri "/wp-content/debug.log"] [unique_id "ajguMjliM0NgU-12Jrlt1wAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 YF	2026-06-21 18:00:54 (4 days ago)	Config JSON probe	Web App Attack
🇩🇪 gadix	2026-06-21 17:58:30 (4 days ago)	[21/Jun/2026:19:58:29.596814 +0200] ajgmRYY_N7qS48E7nkePaQAAACE 2a0c:9f00:a000:6de5::1 40584 127.0.0 ... show more [21/Jun/2026:19:58:29.596814 +0200] ajgmRYY_N7qS48E7nkePaQAAACE 2a0c:9f00:a000:6de5::1 40584 127.0.0.1 7081 [21/Jun/2026:19:58:29.653951 +0200] ajgmRUlL44bbJnM0khR6dQAAAAE 2a0c:9f00:a000:6de5::1 40586 127.0.0.1 7081 [21/Jun/2026:19:58:29.655955 +0200] ajgmRSRQHgCntpJ8MRSGnQAAABk 2a0c:9f00:a000:6de5::1 40594 127.0.0.1 7081 ... show less	Web App Attack
🇳🇱 e.fierstra	2026-06-21 17:35:08 (4 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 17:11:59 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:11:52.153847 2026] [security2:error] [pid 7279:tid 7279] [client 2a0c:9f00:a000:6de5::1:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "caspina.com"] [uri "/.env.example"] [unique_id "ajgbWERtA0dcZMlZTRV82wAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-21 13:36:02 (4 days ago)	[SunJun2115:35:59.8099682026][security2:error][pid200298:tid200301][client2a0c:9f00:a000:6de5::1:0]M ... show more [SunJun2115:35:59.8099682026][security2:error][pid200298:tid200301][client2a0c:9f00:a000:6de5::1:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"ponzellini.ch\"][uri\"/wp-content/debug.log\"][unique_id\"ajfov9slJn-sq9sE9aeoxAAAAMA\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 13:28:35 (4 days ago)	(mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210730) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 09:28:27.235327 2026] [security2:error] [pid 19553:tid 19553] [client 2a0c:9f00:a000:6de5::1:59112] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.makeupbyindi.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.makeupbyindi.com"] [uri "/wp-content/debug.log"] [unique_id "ajfm-98mkMoHz-FCBSQSDwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 alferez	2026-06-21 13:16:22 (4 days ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 13:09:56 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:6de5::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 09:09:53.580557 2026] [security2:error] [pid 9989:tid 9989] [client 2a0c:9f00:a000:6de5::1:45800] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "chitsey.com"] [uri "/.env"] [unique_id "ajfioZoTgjyz8_vvv6mp3AAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.73.163.105

🇧🇷 187.58.241.90

🇧🇷 186.227.75.58

🇫🇷 167.86.82.207

🇺🇸 146.70.202.24

🇻🇳 14.175.65.219

🇨🇳 218.0.63.25

🇧🇷 205.210.31.199

🇧🇷 187.62.87.27

🇨🇴 181.62.52.38

🇩🇪 130.12.180.52

🇱🇰 123.231.115.230

🇨🇳 120.85.119.14

🇨🇳 60.190.243.162

🇮🇳 34.100.175.233

🇮🇳 182.70.255.242

🇺🇸 172.190.216.105

🇱🇹 172.69.52.171

🇺🇸 141.11.88.5

🇻🇳 103.20.97.192