JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2001:470:1:fb5::ea

2001:470:1:fb5::ea was found in our database!

This IP was reported 333 times. Confidence of Abuse is 28%: ?

28%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	The Shadowserver Foundation, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS6939
Hostname(s)	scan-57-09.shadowserver.io
Domain Name	shadowserver.org
Country	🇺🇸 United States of America
City	San Francisco, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2001:470:1:fb5::ea

Whois 2001:470:1:fb5::ea

IP Abuse Reports for 2001:470:1:fb5::ea:

This IP address has been reported a total of 333 times from 40 distinct sources. 2001:470:1:fb5::ea was first reported on July 22nd 2023, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-19 00:09:57 (1 day ago)	Blocked by UFW (TCP on 6443) Source port: 45971 Packet length: 60 This report (for 2001:0470:0001:0 ... show more Blocked by UFW (TCP on 6443) Source port: 45971 Packet length: 60 This report (for 2001:0470:0001:0fb5:0000:0000:0000:00ea) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇯🇵 S.O.B.A. Dev.	2026-06-07 02:44:43 (1 week ago)	Persistent port scanning or vulnerability scanning	Port Scan
🇫🇮 6kilowatti	2026-05-14 10:24:53 (1 month ago)	2026-05-14T13:24:52.169372+03:00 6kw kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:b6:e7:09:18:fd:74 ... show more 2026-05-14T13:24:52.169372+03:00 6kw kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:16:3e:b6:e7:09:18:fd:74:f4:53:e7:86:dd SRC=2001:0470:0001:0fb5:0000:0000:0000:00ea DST=2a10:f2c0:aaa8:3efc:0000:0000:0000:0001 LEN=60 TC=0 HOPLIMIT=241 FLOWLBL=0 PROTO=TCP SPT=40861 DPT=17689 WINDOW=65535 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇫🇷 centurion	2026-05-14 07:03:35 (1 month ago)	Unauthorized attempt on uptime [8000/tcp] Source port: 39240 TTL: null Packet length: 60 TOS: null h ... show more Unauthorized attempt on uptime [8000/tcp] Source port: 39240 TTL: null Packet length: 60 TOS: null https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-05-11 09:21:18 (1 month ago)	Blocked by UFW (TCP on 49664) Source port: 37113 Packet length: 60 This report (for 2001:0470:0001: ... show more Blocked by UFW (TCP on 49664) Source port: 37113 Packet length: 60 This report (for 2001:0470:0001:0fb5:0000:0000:0000:00ea) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇫🇮 as211431.net	2026-05-10 05:34:26 (1 month ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (X11; Linux x86_64; rv:109.0) Gecko/20100101 Firefox/119.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 xmission.com	2026-05-06 08:57:08 (1 month ago)	Blocked by UFW (TCP on 82) Source port: 50338 Packet length: 60 This report (for 2001:0470:0001:0fb ... show more Blocked by UFW (TCP on 82) Source port: 50338 Packet length: 60 This report (for 2001:0470:0001:0fb5:0000:0000:0000:00ea) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 cazae	2026-05-05 04:16:08 (1 month ago)	Unauthorized attempt on debian [8888/tcp] Source port: 43751 TTL: null Packet length: 60 TOS: null ... show more Unauthorized attempt on debian [8888/tcp] Source port: 43751 TTL: null Packet length: 60 TOS: null https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇫🇮 as211431.net	2026-03-22 00:38:59 (2 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 xmission.com	2026-03-10 07:04:00 (3 months ago)	Blocked by UFW (TCP on 1883) Source port: 48300 Packet length: 60 This report (for 2001:0470:0001:0 ... show more Blocked by UFW (TCP on 1883) Source port: 48300 Packet length: 60 This report (for 2001:0470:0001:0fb5:0000:0000:0000:00ea) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 shabi	2026-03-10 04:24:58 (3 months ago)	UFW Blocked [9443/TCP] Source: 2001:0470:0001:0fb5:0000:0000:0000:00ea:51169 Lenth: 60	Port Scan
🇩🇪 ps-center	2026-01-28 08:13:35 (4 months ago)	RDM-W: TCP-Scanner. Port: 23	Port Scan
🇩🇪 403veli	2026-01-01 14:53:56 (5 months ago)	Confirmed malicious activity observed via T-Pot honeypot Observed 4 events on port 8443 (unknown) fr ... show more Confirmed malicious activity observed via T-Pot honeypot Observed 4 events on port 8443 (unknown) from 2026-01-01T14:53:56+00:00 to 2026-01-01T14:53:56+00:00. Sample: {"src_ip": "2001:470:1:fb5:0:0:0:ea", "src_port": 22981, "dest_port": 8443} show less	Exploited Host
🇺🇸 shabi	2025-12-31 16:33:34 (5 months ago)	UFW Blocked [8081/TCP] Source: 2001:0470:0001:0fb5:0000:0000:0000:00ea:41639 Lenth: 60	Port Scan
🇺🇸 thororen	2025-12-18 01:17:36 (6 months ago)	Blocked by UFW [389/tcp] Source port: 40242 TTL: null Packet length: 60 TOS: null This report was g ... show more Blocked by UFW [389/tcp] Source port: 40242 TTL: null Packet length: 60 TOS: null This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan

Showing 1 to 15 of 333 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 200.7.1.111

🇷🇺 212.107.233.209

🇧🇪 198.235.24.208

🇵🇱 194.180.49.219

🇵🇪 190.223.60.209

🇧🇴 181.115.171.202

🇷🇺 178.251.140.3

🇺🇸 162.216.150.11

🇨🇳 159.226.119.167

🇺🇸 147.185.132.151

🇰🇷 119.203.251.187

🇨🇭 107.189.3.11

🇻🇳 103.200.23.154

🇺🇸 64.62.197.237

🇦🇷 45.226.228.185

🇵🇬 43.245.57.9

🇬🇧 37.10.113.221

🇧🇪 198.235.24.247

🇸🇦 188.50.34.141

🇷🇺 176.193.124.30