JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0c:9f00:a000:d57c::1

2a0c:9f00:a000:d57c::1 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 97%: ?

97%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RARE MOOD AGENCY SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14315
Domain Name	raremood.agency
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0c:9f00:a000:d57c::1

Whois 2a0c:9f00:a000:d57c::1

IP Abuse Reports for 2a0c:9f00:a000:d57c::1:

This IP address has been reported a total of 31 times from 18 distinct sources. 2a0c:9f00:a000:d57c::1 was first reported on June 17th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-20 22:30:28 (1 day ago)		Brute-Force Web App Attack
🇳🇱 BlueWire Hosting	2026-06-20 19:36:53 (1 day ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-20 09:50:22 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 05:50:16.582610 2026] [security2:error] [pid 30174:tid 30174] [client 2a0c:9f00:a000:d57c::1:44786] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.chopstickhouseevansville.com"] [uri "/api/.env"] [unique_id "ajZiWKA0q9AmloLY4Z64xQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 alferez	2026-06-20 07:41:18 (2 days ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 23:12:43 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 19:12:38.915771 2026] [security2:error] [pid 22928:tid 22928] [client 2a0c:9f00:a000:d57c::1:51566] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "gurneysbottleshop.com"] [uri "/.env"] [unique_id "ajXM5m3mMB5U505K267YhQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-06-19 22:30:08 (2 days ago)		Brute-Force Web App Attack
🇩🇪 big-cloud.nl	2026-06-19 21:13:20 (2 days ago)	Try to access /.env	Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 21:10:34 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 17:10:31.407404 2026] [security2:error] [pid 1905:tid 1905] [client 2a0c:9f00:a000:d57c::1:40330] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doctorc.net"] [uri "/.env"] [unique_id "ajWwR_KGptfHGEhuaWRL3wAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 20:43:53 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 16:43:48.045270 2026] [security2:error] [pid 16722:tid 16722] [client 2a0c:9f00:a000:d57c::1:47858] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.trasimeno.ws"] [uri "/.env"] [unique_id "ajWqBKPWeZJjc-X0R4gSowAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 bazter.pro	2026-06-19 20:20:38 (2 days ago)	Auto-Ban [2026-06-19 20:20:38]: CRITICAL: bot trap (soft) \| host=www.geoproceso.com \| route=/.env \| ... show more Auto-Ban [2026-06-19 20:20:38]: CRITICAL: bot trap (soft) \| host=www.geoproceso.com \| route=/.env \| hits=1 \| ua=Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko); compatible; PerplexityBot/1. show less	Hacking Web App Attack
🇩🇪 macrob	2026-06-19 20:19:01 (2 days ago)	2026/06/19 20:18:56 [error] 3130781#3130781: 317268294 access forbidden by rule, client: 2a0c:9f00: ... show more 2026/06/19 20:18:56 [error] 3130781#3130781: 317268294 access forbidden by rule, client: 2a0c:9f00:a000:d57c::1, server: bin-spin.com, request: "GET /api/.env HTTP/1.1", host: "bin-spin.com" 2026/06/19 20:19:00 [error] 3130781#3130781: 317268294 access forbidden by rule, client: 2a0c:9f00:a000:d57c::1, server: bin-spin.com, request: "GET /.aws/credentials HTTP/1.1", host: "bin-spin.com" 2026/06/19 20:19:00 [error] 3130777#3130777: 317268353 access forbidden by rule, client: 2a0c:9f00:a000:d57c::1, server: bin-spin.com, request: "GET /.env.example HTTP/1.1", host: "bin-spin.com" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 18:59:04 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 14:59:00.448075 2026] [security2:error] [pid 1910:tid 1976] [client 2a0c:9f00:a000:d57c::1:49530] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "barstow-station.com"] [uri "/api/.env"] [unique_id "ajWRdLVbCT64MpyRLOrJmwAAAII"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-19 12:36:05 (3 days ago)	Multiple WAF Violations	Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 12:07:44 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 08:07:36.996564 2026] [security2:error] [pid 24922:tid 24922] [client 2a0c:9f00:a000:d57c::1:47198] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aarentes.com"] [uri "/.env"] [unique_id "ajUxCImwdxmh8vrl0Ydy-gAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 04:54:30 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a0c:9f00:a000:d57c::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 00:54:19.772470 2026] [security2:error] [pid 3326:tid 3326] [client 2a0c:9f00:a000:d57c::1:54116] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "hacertests.com"] [uri "/.git/config"] [unique_id "ajTLe34xbelSto_oKTNaCQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 152.163.127.159

🇸🇬 118.139.164.171

🇨🇭 107.189.10.175

🇧🇬 91.148.190.150

🇧🇬 79.124.40.110

🇺🇸 45.8.19.110

🇺🇸 216.73.160.166

🇳🇱 204.76.203.15

🇧🇷 189.75.169.191

🇨🇴 181.32.83.237

🇧🇩 180.149.232.66

🇺🇸 173.252.95.129

🇳🇱 172.253.82.218

🇺🇸 134.122.125.153

🇳🇱 93.123.72.183

🇺🇸 45.8.19.107

🇺🇸 45.8.19.98

🇺🇸 20.14.87.238

🇺🇸 216.73.160.162

🇺🇸 216.73.160.3