JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0c:9f00:a000:98a8::1

2a0c:9f00:a000:98a8::1 was found in our database!

This IP was reported 33 times. Confidence of Abuse is 79%: ?

79%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RARE MOOD AGENCY SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	raremood.agency
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0c:9f00:a000:98a8::1

Whois 2a0c:9f00:a000:98a8::1

IP Abuse Reports for 2a0c:9f00:a000:98a8::1:

This IP address has been reported a total of 33 times from 16 distinct sources. 2a0c:9f00:a000:98a8::1 was first reported on June 17th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-22 22:03:13 (3 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-21. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-06-21 19:18:24 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 15:18:20.183193 2026] [security2:error] [pid 14905:tid 14905] [client 2a0c:9f00:a000:98a8::1:54224] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lightedpath.com"] [uri "/.env.production"] [unique_id "ajg4_KxWaZmBzze7iBWPtgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 18:41:13 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:41:07.364251 2026] [security2:error] [pid 1103:tid 1103] [client 2a0c:9f00:a000:98a8::1:36448] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "banis-associates.com"] [uri "/.env.example"] [unique_id "ajgwQ8_O8_GuOcyK4TwfFAAAAFs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 todix	2026-06-21 18:09:35 (4 days ago)	Web App Attack Exploid from 2a0c:9f00:a000:98a8::1	Web App Attack
Anonymous	2026-06-21 17:41:46 (4 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-probing	Web App Attack Hacking
🇩🇪 big-cloud.nl	2026-06-21 09:55:40 (5 days ago)	Try to access /backend/.env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 05:03:50 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 01:03:45.762967 2026] [security2:error] [pid 24806:tid 24806] [client 2a0c:9f00:a000:98a8::1:38682] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "powerkiteforum.com"] [uri "/api/.env"] [unique_id "ajdwsU_qmYiYD9_PUkt8pQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-20 23:01:57 (5 days ago)	[redacted] 2a0c:9f00:a000:98a8::1 - - [20/Jun/2026:23:46:11 +0100] "GET /.aws/credentials HTTP/1.1" ... show more [redacted] 2a0c:9f00:a000:98a8::1 - - [20/Jun/2026:23:46:11 +0100] "GET /.aws/credentials HTTP/1.1" 302 5288 0/102453 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; ClaudeBot/1.0; +mailto:support@[redacted]" [redacted] 2a0c:9f00:a000:98a8::1 - - [20/Jun/2026:23:46:11 +0100] "GET /.env HTTP/1.1" 302 5288 0/200998 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1.0; +https://[redacted]/perplexitybot" show less	Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-20 22:46:12 (5 days ago)	[redacted] 2a0c:9f00:a000:98a8::1 - - [20/Jun/2026:23:45:56 +0100] "GET /api/.env HTTP/1.1" 302 5320 ... show more [redacted] 2a0c:9f00:a000:98a8::1 - - [20/Jun/2026:23:45:56 +0100] "GET /api/.env HTTP/1.1" 302 5320 0/39599 "-" "meta-externalagent/1.1 (+https://[redacted]/docs/sharing/webmasters/crawler)" [redacted] 2a0c:9f00:a000:98a8::1 - - [20/Jun/2026:23:46:11 +0100] "GET /.[redacted] HTTP/1.1" 302 5288 0/53352 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; Perplexity-User/1.0; +https://[redacted]/perplexity-user" show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 21:45:47 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 17:45:41.714697 2026] [security2:error] [pid 8716:tid 8716] [client 2a0c:9f00:a000:98a8::1:35172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "oceanicpier.com"] [uri "/.env.example"] [unique_id "ajcKBbJTooofkiaahAz5owAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-20 17:37:40 (5 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 17:30:07 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 13:30:00.519838 2026] [security2:error] [pid 16233:tid 16233] [client 2a0c:9f00:a000:98a8::1:33416] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.testrong.com"] [uri "/.env.production"] [unique_id "ajbOGKGG90dkI-L-RvDz-QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Baking333	2026-06-20 16:33:15 (5 days ago)	[redacted] 2a0c:9f00:a000:98a8::1 - - [20/Jun/2026:17:33:12 +0100] "GET /[redacted] HTTP/1.1" 302 15 ... show more [redacted] 2a0c:9f00:a000:98a8::1 - - [20/Jun/2026:17:33:12 +0100] "GET /[redacted] HTTP/1.1" 302 1593 0/341717 "-" "anthropic-ai" [redacted] 2a0c:9f00:a000:98a8::1 - - [20/Jun/2026:17:33:12 +0100] "GET /[redacted] HTTP/1.1" 302 1573 0/151720 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://[redacted]/[redacted])" show less	Bad Web Bot Web App Attack
🇩🇪 Viveronese	2026-06-20 08:36:13 (6 days ago)	HTTP vulnerability scanning	Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 04:35:31 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:98a8::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 00:35:26.462791 2026] [security2:error] [pid 11745:tid 11745] [client 2a0c:9f00:a000:98a8::1:34012] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "matterofbritain.com"] [uri "/.env.production"] [unique_id "ajYYjp0u3-d1ibaUt6ONUwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 33 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 58.209.234.84

🇨🇦 165.22.225.218

🇺🇸 162.216.150.158

🇷🇴 92.118.39.71

🇪🇸 82.223.49.127

🇦🇹 81.16.152.2

🇺🇸 65.49.20.83

🇵🇰 203.135.42.52

🇿🇦 169.0.62.250

🇺🇸 71.6.134.235

🇺🇸 52.161.180.144

🇺🇸 45.206.90.83

🇺🇸 43.173.70.247

🇳🇱 195.178.110.232

🇬🇧 193.163.125.141

🇺🇸 184.105.247.214

🇳🇱 160.119.71.133

🇻🇳 116.97.107.104

🇨🇦 85.217.149.19

🇺🇦 79.143.45.75