JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a13:9500:16b:c7b2::1

2a13:9500:16b:c7b2::1 was found in our database!

This IP was reported 136 times. Confidence of Abuse is 100%: ?

100%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RARE MOOD AGENCY SRL
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	raremood.agency
Country	🇺🇸 United States of America
City	New York City, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a13:9500:16b:c7b2::1

Whois 2a13:9500:16b:c7b2::1

IP Abuse Reports for 2a13:9500:16b:c7b2::1:

This IP address has been reported a total of 136 times from 75 distinct sources. 2a13:9500:16b:c7b2::1 was first reported on May 18th 2026, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 itsnixk	2026-06-01 15:39:25 (3 days ago)	(mod_security) mod_security (id:930130) triggered by 2a13:9500:16b:c7b2::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:930130) triggered by 2a13:9500:16b:c7b2::1 (Unknown): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Mon Jun 01 11:39:20.538173 2026] [security2:error] [pid 1212747:tid 1213025] [client 2a13:9500:16b:c7b2::1:60834] ModSecurity: Access denied with code 406 (phase 1). Matched phrase ".git/" at REQUEST_FILENAME. [file "/etc/modsecurity.d/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "150"] [id "930130"] [msg "Restricted File Access Attempt"] [redacted] [severity "CRITICAL"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-LFI"] [tag "capec/1000/255/153/126"] [redacted] [uri "/.git/HEAD"] [unique_id "ah2nqN5r1MvZVBw5v7_XtgAAAEw"] show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-01 15:17:45 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a13:9500:16b:c7b2::1 (Unknown): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 2a13:9500:16b:c7b2::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 11:17:39.472200 2026] [security2:error] [pid 28924:tid 28924] [client 2a13:9500:16b:c7b2::1:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail-pmg.com"] [uri "/.git/HEAD"] [unique_id "ah2ikwTqkNa3s8vsg-KI4wAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 gadix	2026-06-01 14:33:57 (3 days ago)	[01/Jun/2026:16:33:56.164419 +0200] ah2YVP2DGur1H8WV4QlBxAAAAAY 2a13:9500:16b:c7b2::1 59114 127.0.0. ... show more [01/Jun/2026:16:33:56.164419 +0200] ah2YVP2DGur1H8WV4QlBxAAAAAY 2a13:9500:16b:c7b2::1 59114 127.0.0.1 7081 [01/Jun/2026:16:33:56.165846 +0200] ah2YVKDOOGj4IYyhTYpTawAAAAQ 2a13:9500:16b:c7b2::1 59118 127.0.0.1 7081 [01/Jun/2026:16:33:56.482060 +0200] ah2YVLECI-mLFyef6--GuQAAAAI 2a13:9500:16b:c7b2::1 59134 127.0.0.1 7081 ... show less	Web App Attack
🇩🇪 wsyq	2026-06-01 13:43:56 (3 days ago)	Fail2Ban - \[NGINX\]40x-Forcing to access a restricted resource ...	Bad Web Bot Web App Attack
🇳🇱 Mangelot Hosting	2026-06-01 13:01:25 (3 days ago)	(modsecurity) srv201 ModSecurity 2a13:9500:16b:c7b2::1 (US/United States/-): 10 in the last 3600 sec ... show more (modsecurity) srv201 ModSecurity 2a13:9500:16b:c7b2::1 (US/United States/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇩🇪 4server	2026-05-31 13:11:41 (4 days ago)	[SunMay3115:11:35.3352032026][security2:error][pid1202390:tid1202490][client2a13:9500:16b:c7b2::1:0] ... show more [SunMay3115:11:35.3352032026][security2:error][pid1202390:tid1202490][client2a13:9500:16b:c7b2::1:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"lascalasagl.ch\"][uri\"/.env.local\"][unique_id\"ahwzh5UUkPX_5XZ8kZfLkAAAAQU\"] show less	Port Scan Brute-Force Web App Attack
🇳🇱 e.fierstra	2026-05-31 12:36:08 (4 days ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 Alvino	2026-05-31 04:27:26 (4 days ago)	Blocked due to using a VPN or data center IP with abuse: 100	Web Spam VPN IP
🇫🇮 as211431.net	2026-05-30 19:08:09 (4 days ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /.git/config UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 0x44	2026-05-30 19:00:35 (4 days ago)	Abusive host detected - Attempt to access sensitive files	Web App Attack Hacking
🇩🇪 0x44	2026-05-30 17:22:46 (5 days ago)	Abusive host detected * Attempt to access sensitive files	Web App Attack Hacking
🇬🇧 pinguin	2026-05-30 16:27:56 (5 days ago)	Triggered Cloudflare WAF (firewallManaged) from US. Action taken: LOG Protocol: HTTP/1.1 (GET method ... show more Triggered Cloudflare WAF (firewallManaged) from US. Action taken: LOG Protocol: HTTP/1.1 (GET method) Endpoint: /backend/.env UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇩🇪 Blexyel	2026-05-30 16:11:01 (5 days ago)	2a13:9500:16b:c7b2::1 - - [30/May/2026:18:11:00 +0200] "GET /.git/config HTTP/1.1" 200 2116 "-" "Moz ... show more 2a13:9500:16b:c7b2::1 - - [30/May/2026:18:11:00 +0200] "GET /.git/config HTTP/1.1" 200 2116 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" ... show less	Brute-Force Web App Attack
🇩🇪 Gwyneth Llewelyn	2026-05-30 15:47:35 (5 days ago)	2026/05/30 16:47:32 [error] 1725771#1725771: 418462 access forbidden by rule, client: 2a13:9500:16b ... show more 2026/05/30 16:47:32 [error] 1725771#1725771: 418462 access forbidden by rule, client: 2a13:9500:16b:c7b2::1, server: [redacted], request: "GET /.env HTTP/1.1", host: "mta-sts.[redacted]", referrer: "https://mta-sts.betatechnologies.info/.env" 2a13:9500:16b:c7b2::1 - - [30/May/2026:16:47:32 +0100] "GET /.env HTTP/1.1" 403 1057 "https://mta-sts.betatechnologies.info/.env" "Mozilla/5.0 (Macintosh; Intel Mac OS X 15_7_5) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/26.0 Safari/605.1.15" 2026/05/30 16:47:33 [error] 1725771#1725771: *418506 access forbidden by rule, client: 2a13:9500:16b:c7b2::1, server: [redacted], request: "GET /backend/.env HTTP/1.1", host: "mta-sts.[redacted]", referrer: "https://mta-sts.betatechnologies.info/backend/.env" show less	Brute-Force Web App Attack
🇪🇸 alferez	2026-05-30 10:30:25 (5 days ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack

Showing 31 to 45 of 136 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 120.193.9.167

🇪🇨 193.30.14.161

🇳🇱 185.223.235.25

🇷🇺 178.185.136.57

🇺🇸 174.35.25.181

🇫🇷 163.172.128.123

🇬🇭 102.223.92.101

🇺🇸 97.100.68.134

🇱🇹 45.227.254.170

🇳🇱 45.156.87.117

🇧🇪 35.187.97.175

🇧🇪 34.79.100.73

🇬🇧 185.166.40.22

🇪🇸 172.110.221.82

🇺🇸 147.185.132.249

🇩🇪 87.106.47.28

🇺🇸 34.138.28.176

🇺🇸 216.180.246.193

🇳🇱 195.178.110.26

🇵🇪 190.119.63.98