JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a00:1dc0:caff:f4::bad5

2a00:1dc0:caff:f4::bad5 was found in our database!

This IP was reported 25 times. Confidence of Abuse is 25%: ?

25%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Trabia
Usage Type	Data Center/Web Hosting/Transit
ASN	AS43289
Domain Name	trabia.com
Country	🇲🇩 Moldova (the Republic of)
City	Chisinau, Chisinau Municipality

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a00:1dc0:caff:f4::bad5

Whois 2a00:1dc0:caff:f4::bad5

IP Abuse Reports for 2a00:1dc0:caff:f4::bad5:

This IP address has been reported a total of 25 times from 6 distinct sources. 2a00:1dc0:caff:f4::bad5 was first reported on November 12th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-08 19:17:59 (1 day ago)	Blocked by UFW (TCP on 8333) Source port: 33414 Packet length: 80 This report (for 2a00:1dc0:caff:0 ... show more Blocked by UFW (TCP on 8333) Source port: 33414 Packet length: 80 This report (for 2a00:1dc0:caff:00f4:0000:0000:0000:bad5) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-05 16:54:49 (4 days ago)	(mod_security) mod_security (id:949110) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the las ... show more (mod_security) mod_security (id:949110) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 12:54:43.193992 2026] [security2:error] [pid 13621:tid 13621] [client 2a00:1dc0:caff:f4::bad5:29326] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ipv6.freedrm.org"] [uri "/.git/config"] [unique_id "aiL_U0er4BivM37SNMrJMgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:03:16 (1 month ago)	2026-04-26 08:00:42,456 fail2ban.actions [7718]: NOTICE [tor] Ban 2a00:1dc0:caff:f4::bad5 20 ... show more 2026-04-26 08:00:42,456 fail2ban.actions [7718]: NOTICE [tor] Ban 2a00:1dc0:caff:f4::bad5 2026-04-26 12:01:34,831 fail2ban.actions [7718]: NOTICE [tor] Ban 2a00:1dc0:caff:f4::bad5 2026-04-26 18:01:32,534 fail2ban.actions [7718]: NOTICE [tor] Ban 2a00:1dc0:caff:f4::bad5 2026-04-26 21:01:29,976 fail2ban.actions [7718]: NOTICE [tor] Ban 2a00:1dc0:caff:f4::bad5 2026-04-27 00:03:14,979 fail2ban.actions [7718]: NOTICE [tor] Ban 2a00:1dc0:caff:f4::bad5 show less	Brute-Force
🇫🇮 percocet	2026-04-22 15:05:05 (1 month ago)	Cloudflare blocked 62 requests (HTTP 403) in 1h. Country: T1	DDoS Attack Web App Attack
🇨🇭 4server	2026-04-15 17:33:27 (1 month ago)	[WedApr1519:33:22.1080862026][security2:error][pid1069807:tid1069826][client2a00:1dc0:caff:f4::bad5: ... show more [WedApr1519:33:22.1080862026][security2:error][pid1069807:tid1069826][client2a00:1dc0:caff:f4::bad5:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\^/wp-content/plugins/[\^/] /\(readme\\\\\\\\.txt\\|changelog\\\\\\\\.txt\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"359\"][id\"960828\"][msg\"WordPresspluginenumerationblocked\"][hostname\"cadvending.ch\"][uri\"/wp-content/plugins/happy-elementor-addons/readme.txt\"][unique_id\"ad_L4g_cRM1kTIvq97gl_QAAARE\"] show less	Hacking Web App Attack
🇮🇹 VHosting	2026-03-26 21:23:40 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-01 17:36:26 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the las ... show more (mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 01 12:36:18.136374 2026] [security2:error] [pid 18812:tid 18812] [client 2a00:1dc0:caff:f4::bad5:64104] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.frenchla.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.frenchla.com"] [uri "/ww_db.sql"] [unique_id "aaR5Ev6JL72vhniyhFFbDAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-26 01:10:31 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the las ... show more (mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 20:10:25.224342 2026] [security2:error] [pid 24851:tid 24851] [client 2a00:1dc0:caff:f4::bad5:36686] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|phoboschildren.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "phoboschildren.com"] [uri "/ildren_prod.sql"] [unique_id "aZ-dgevKUjmWhlvx6DVvMwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-06 15:40:59 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the las ... show more (mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 06 10:40:52.150961 2026] [security2:error] [pid 12679:tid 12679] [client 2a00:1dc0:caff:f4::bad5:48364] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|rentadeandamioscdmx.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rentadeandamioscdmx.com"] [uri "/ioscdmx_com.sql"] [unique_id "aV0tBIr47ZXPJriheoHymwAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-03 18:59:00 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the las ... show more (mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 03 13:58:55.420659 2026] [security2:error] [pid 3797:tid 3797] [client 2a00:1dc0:caff:f4::bad5:64426] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|angelaknightmusicproductions.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "angelaknightmusicproductions.com"] [uri "/latest.sql"] [unique_id "aVlm70M2iexfF_eukrxowgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-01 20:13:48 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the las ... show more (mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 01 15:13:42.176446 2026] [security2:error] [pid 12395:tid 12395] [client 2a00:1dc0:caff:f4::bad5:45216] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|talkingmess.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "talkingmess.com"] [uri "/kingmess_com.sql"] [unique_id "aVbVdi2WYa6X9qgq3mMx4QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-13 05:58:00 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the las ... show more (mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 13 00:57:51.935799 2025] [security2:error] [pid 20304:tid 20304] [client 2a00:1dc0:caff:f4::bad5:46708] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|sneedvillefarmersmarket.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sneedvillefarmersmarket.com"] [uri "/sneedvillefarmersma.sql"] [unique_id "aT0AX7ud9t0dg6r_pBw1IwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-11 06:00:36 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the las ... show more (mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 11 01:00:28.953050 2025] [security2:error] [pid 11464:tid 11464] [client 2a00:1dc0:caff:f4::bad5:46490] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|greensandbeans.us\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "greensandbeans.us"] [uri "/greensan.sql"] [unique_id "aTpd_C8eiBU2ncD1WyQEXgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-11 04:16:00 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the las ... show more (mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 10 23:15:52.238188 2025] [security2:error] [pid 2056:tid 2056] [client 2a00:1dc0:caff:f4::bad5:36458] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|passy.us\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "passy.us"] [uri "/ssy_com.sql"] [unique_id "aTpFeAuWQeEMy1Ckto1hswAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-10 22:30:46 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the las ... show more (mod_security) mod_security (id:210730) triggered by 2a00:1dc0:caff:f4::bad5 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 10 17:30:38.489521 2025] [security2:error] [pid 29255:tid 29255] [client 2a00:1dc0:caff:f4::bad5:52584] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aroilcontrolsystem.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aroilcontrolsystem.com"] [uri "/aroilcontr.sql"] [unique_id "aTn0jvbJxUGSZCNQAV110gAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 25 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇿 176.223.103.70

🇩🇪 167.94.145.24

🇮🇳 122.165.124.15

🇺🇸 104.152.52.121

🇭🇺 81.0.68.18

🇳🇱 45.148.10.151

🇰🇷 211.251.245.88

🇰🇷 211.223.107.86

🇺🇸 205.210.31.22

🇲🇽 200.68.173.227

🇱🇹 188.69.225.188

🇺🇸 168.100.149.171

🇺🇸 168.100.149.38

🇺🇸 162.216.150.49

🇮🇩 118.96.201.167

🇺🇸 104.152.52.123

🇺🇸 104.152.52.110

🇮🇩 103.166.10.244

🇺🇸 68.5.175.169

🇫🇷 54.37.118.71