JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0d:5940:9:3d40::1

2a0d:5940:9:3d40::1 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 82%: ?

82%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	dataforest GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS58212
Domain Name	dataforest.net
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0d:5940:9:3d40::1

Whois 2a0d:5940:9:3d40::1

IP Abuse Reports for 2a0d:5940:9:3d40::1:

This IP address has been reported a total of 25 times from 16 distinct sources. 2a0d:5940:9:3d40::1 was first reported on June 17th 2026, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 ger-stg-sifi1	2026-06-24 18:23:33 (15 hours ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 17:38:16 (16 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a0d:5940:9:3d40::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a0d:5940:9:3d40::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 13:38:09.324465 2026] [security2:error] [pid 2234:tid 2234] [client 2a0d:5940:9:3d40::1:54782] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "powerlinemultimedia.net"] [uri "/.env"] [unique_id "ajwWAdIZfomTT-WxUMRB5wAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-19 21:59:03 (5 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-18. show less	Web App Attack SSH Hacking
🇳🇱 enpepet	2026-06-19 18:49:57 (5 days ago)	GENERAL: parametres: [url:env=] UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.3 ... show more GENERAL: parametres: [url:env=] UA:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.80 Safari/537.36 URL:/.env show less	Port Scan Hacking Brute-Force Bad Web Bot
🇩🇪 big-cloud.nl	2026-06-19 18:44:06 (5 days ago)	Try to access /.env	Web App Attack
🇩🇪 todix	2026-06-19 16:34:34 (5 days ago)	Web App Attack Exploid from 2a0d:5940:9:3d40::1	Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-19 15:31:32 (5 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇳🇱 BlueWire Hosting	2026-06-18 20:11:19 (6 days ago)	Probing websites for vulnerabilities	Web App Attack
Anonymous	2026-06-18 20:10:15 (6 days ago)	2a0d:5940:9:3d40::1 - - [18/Jun/2026:09:12:40 -0300] "GET /.env HTTP/1.1" 403 874 "-" "Mozilla/5.0 ( ... show more 2a0d:5940:9:3d40::1 - - [18/Jun/2026:09:12:40 -0300] "GET /.env HTTP/1.1" 403 874 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 12_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 MicroMessenger/7.0.4(0x17000428) NetType/WIFI Language/zh_CN" 2a0d:5940:9:3d40::1 - - [18/Jun/2026:17:10:14 -0300] "GET /.env HTTP/1.1" 403 874 "-" "Mozilla/5.0 (compatible; MSIE 10.6; Windows NT 6.1; Trident/5.0; InfoPath.2; SLCC1; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET CLR 2.0.50727) 3gpp-gba UNTRUSTED/1.0" ... show less	Port Scan
🇫🇮 kumiko	2026-06-18 18:57:53 (6 days ago)	[2026-06-18 21:57:53] Probing for dotfiles "GET /.env HTTP/1.1" 302	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 18:15:28 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0d:5940:9:3d40::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2a0d:5940:9:3d40::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 14:15:22.403560 2026] [security2:error] [pid 14229:tid 14244] [client 2a0d:5940:9:3d40::1:40426] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tnccivic.org"] [uri "/.env"] [unique_id "ajQ1un-7rcVOj4tpHICP9AAAAEs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 15:48:00 (6 days ago)	2a0d:5940:9:3d40::1 - - [18/Jun/2026:23:48:00 +0800] "GET /.env HTTP/1.1" 404 196 "-" "SonyEricssonW ... show more 2a0d:5940:9:3d40::1 - - [18/Jun/2026:23:48:00 +0800] "GET /.env HTTP/1.1" 404 196 "-" "SonyEricssonW850i/R1ED Browser/NetFront/3.3 Profile/MIDP-2.0 Configuration/CLDC-1.1" ... show less	Bad Web Bot Web App Attack
🇩🇪 pltcldvlpr	2026-06-18 15:00:13 (6 days ago)	CMS/framework probe: 2a0d:5940:9:3d40::1 - - [18/Jun/2026:17:00:12 +0200] "GET /.env HTTP/1.1" 404 5 ... show more CMS/framework probe: 2a0d:5940:9:3d40::1 - - [18/Jun/2026:17:00:12 +0200] "GET /.env HTTP/1.1" 404 564 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36" asn=58212 org="dataforest GmbH" country=DE ... show less	Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-18 14:15:46 (6 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇩🇪 todix	2026-06-18 13:44:19 (6 days ago)	Web App Attack Exploid from 2a0d:5940:9:3d40::1	Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇹 151.95.211.132

🇻🇳 123.31.20.162

🇨🇳 113.206.196.17

🇭🇰 104.208.98.248

🇷🇴 2.57.121.112

🇩🇪 213.209.159.226

🇳🇱 185.223.235.44

🇨🇦 99.217.94.117

🇵🇱 95.214.53.157

🇳🇱 91.92.40.239

🇩🇪 69.5.169.144

🇮🇳 49.43.135.56

🇸🇪 31.59.160.12

🇺🇸 23.95.80.137

🇺🇸 18.97.9.99

🇫🇷 2a09:bac1:27a0:48::3da:4d

🇰🇷 222.239.251.12

🇺🇸 147.182.202.179

🇺🇸 65.111.4.119

🇩🇪 43.228.157.136