JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0c:9f00:a000:7c0d::1

2a0c:9f00:a000:7c0d::1 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 91%: ?

91%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RARE MOOD AGENCY SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	raremood.agency
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0c:9f00:a000:7c0d::1

Whois 2a0c:9f00:a000:7c0d::1

IP Abuse Reports for 2a0c:9f00:a000:7c0d::1:

This IP address has been reported a total of 27 times from 19 distinct sources. 2a0c:9f00:a000:7c0d::1 was first reported on June 17th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Baking333	2026-06-21 13:32:19 (3 days ago)	[redacted] 2a0c:9f00:a000:7c0d::1 - - [21/Jun/2026:14:32:17 +0100] "GET /wp-content/[redacted] HTTP/ ... show more [redacted] 2a0c:9f00:a000:7c0d::1 - - [21/Jun/2026:14:32:17 +0100] "GET /wp-content/[redacted] HTTP/1.1" 302 6763 0/72329 "-" "CCBot/2.0 (https://[redacted]/faq/)" [redacted] 2a0c:9f00:a000:7c0d::1 - - [21/Jun/2026:14:32:17 +0100] "GET /api/.env HTTP/1.1" 302 6795 0/40298 "-" "CCBot/2.0 (https://[redacted]/faq/)" show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 06:25:04 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 02:24:56.638870 2026] [security2:error] [pid 23495:tid 23497] [client 2a0c:9f00:a000:7c0d::1:40330] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tomithai.com"] [uri "/api/.env"] [unique_id "ajeDuMfCzcdZMYu7RHAcdwAAAkA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-06-21 04:19:54 (4 days ago)	Try to access /.env	Web App Attack
Anonymous	2026-06-21 03:43:40 (4 days ago)	[ns41.kdns.gr] httpd-404: sites=sostis.gr; logs=/var/log/httpd/domains/sostis.gr.log; samples=/ \| /g ... show more [ns41.kdns.gr] httpd-404: sites=sostis.gr; logs=/var/log/httpd/domains/sostis.gr.log; samples=/ \| /google-services.json \| /api/.env show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 03:38:49 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 23:38:42.483986 2026] [security2:error] [pid 18170:tid 18170] [client 2a0c:9f00:a000:7c0d::1:43438] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.carminestogo.com"] [uri "/.env"] [unique_id "ajdcwgKhvr6pXCZAXZH0QAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-06-20 22:30:27 (4 days ago)		Brute-Force Web App Attack
🇳🇱 e.fierstra	2026-06-20 16:43:59 (4 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 13:59:31 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 09:59:23.329812 2026] [security2:error] [pid 26820:tid 26820] [client 2a0c:9f00:a000:7c0d::1:53750] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.arroceraomoa.com"] [uri "/api/.env"] [unique_id "ajacuzGZ0UbhY_4o2lR59wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 02:21:33 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 22:21:25.800273 2026] [security2:error] [pid 22225:tid 22225] [client 2a0c:9f00:a000:7c0d::1:45876] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "teenybikini.com"] [uri "/.env"] [unique_id "ajX5JSgrOU8eyiJTKK1RkQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 macrob	2026-06-20 00:16:24 (5 days ago)	2026/06/20 00:16:23 [error] 3130777#3130777: 317559692 access forbidden by rule, client: 2a0c:9f00: ... show more 2026/06/20 00:16:23 [error] 3130777#3130777: 317559692 access forbidden by rule, client: 2a0c:9f00:a000:7c0d::1, server: bin-spin.com, request: "GET /.env.example HTTP/1.1", host: "bin-spin.com" 2026/06/20 00:16:23 [error] 3130777#3130777: 317559700 access forbidden by rule, client: 2a0c:9f00:a000:7c0d::1, server: bin-spin.com, request: "GET /.env HTTP/1.1", host: "bin-spin.com" 2026/06/20 00:16:23 [error] 3130777#3130777: 317559701 access forbidden by rule, client: 2a0c:9f00:a000:7c0d::1, server: bin-spin.com, request: "GET /.aws/credentials HTTP/1.1", host: "bin-spin.com" ... show less	Web App Attack
🇺🇸 interbiznw.com	2026-06-19 23:58:48 (5 days ago)	fail2ban-ban	Hacking Brute-Force Exploited Host Web App Attack
🇮🇹 zenmorro	2026-06-19 23:17:43 (5 days ago)	Honeypot hit (imperocms:0) — [honeypot] Tentativo lettura .env \| GET /.env \| UA: Mozilla/5.0 (compat ... show more Honeypot hit (imperocms:0) — [honeypot] Tentativo lettura .env \| GET /.env \| UA: Mozilla/5.0 (compatible; Bytespider; [email protected]). Automated report from honeypot infrastructure show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-19 21:48:19 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 17:48:13.324864 2026] [security2:error] [pid 12622:tid 12622] [client 2a0c:9f00:a000:7c0d::1:44620] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.landjudging.com"] [uri "/.env.example"] [unique_id "ajW5Hc91vIQf-d1uFJ4EKgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 20:18:55 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:7c0d::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 16:18:51.742876 2026] [security2:error] [pid 29282:tid 29282] [client 2a0c:9f00:a000:7c0d::1:33954] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.scoutinsignia.com"] [uri "/.env"] [unique_id "ajWkK42VD3CvDRa6HySZCgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 Scientific Route	2026-06-19 19:04:23 (5 days ago)	2a0c:9f00:a000:7c0d::1 - - [19/Jun/2026:22:04:13 +0300] "GET /.env HTTP/1.1" 404 441 "-" "meta-exter ... show more 2a0c:9f00:a000:7c0d::1 - - [19/Jun/2026:22:04:13 +0300] "GET /.env HTTP/1.1" 404 441 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)" 2a0c:9f00:a000:7c0d::1 - - [19/Jun/2026:22:04:23 +0300] "GET /api/.env HTTP/1.1" 404 441 "-" "Mozilla/5.0 (compatible; Amazonbot/0.1; +https://developer.amazon.com/support/amazonbot)" ... show less	Web App Attack

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.235

🇫🇮 178.20.210.152

🇺🇸 162.216.149.172

🇨🇳 113.201.65.26

🇰🇪 102.205.85.11

🇩🇪 87.106.160.54

🇨🇦 85.217.149.24

🇳🇱 77.168.63.143

🇺🇸 66.132.186.230

🇺🇸 34.228.104.231

🇰🇷 222.111.95.253

🇺🇸 192.34.59.235

🇨🇳 180.153.91.15

🇷🇺 176.112.128.143

🇸🇪 171.25.158.74

🇺🇸 148.153.53.246

🇺🇸 67.215.253.103

🇳🇱 45.148.10.152

🇳🇱 45.148.10.69

🇳🇱 45.142.193.131