JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a03:4000:2b:66e:dead:beef:ca1f:1337

2a03:4000:2b:66e:dead:beef:ca1f:1337 was found in our database!

This IP was reported 108 times. Confidence of Abuse is 17%: ?

17%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	netcup GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS197540
Hostname(s)	this-is-a-tor-node---8.artikel5ev.de
Domain Name	netcup.de
Country	🇩🇪 Germany
City	Nuremberg, Bavaria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a03:4000:2b:66e:dead:beef:ca1f:1337

Whois 2a03:4000:2b:66e:dead:beef:ca1f:1337

IP Abuse Reports for 2a03:4000:2b:66e:dead:beef:ca1f:1337:

This IP address has been reported a total of 108 times from 17 distinct sources. 2a03:4000:2b:66e:dead:beef:ca1f:1337 was first reported on September 21st 2023, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-13 06:45:38 (1 week ago)	Blocked by UFW (TCP on 8333) Source port: 43858 Packet length: 80 This report (for 2a03:4000:002b:0 ... show more Blocked by UFW (TCP on 8333) Source port: 43858 Packet length: 80 This report (for 2a03:4000:002b:066e:dead:beef:ca1f:1337) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-12 11:31:54 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a ... show more (mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a-tor-node---8.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 07:31:46.924672 2026] [security2:error] [pid 17374:tid 17374] [client 2a03:4000:2b:66e:dead:beef:ca1f:1337:49882] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.jimwilsonstudios.com"] [uri "/.git/config"] [unique_id "aivuIjZCT36F9e3XsKLq8wAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-09 17:45:55 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a ... show more (mod_security) mod_security (id:210730) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a-tor-node---8.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 13:45:47.449297 2026] [security2:error] [pid 8328:tid 8328] [client 2a03:4000:2b:66e:dead:beef:ca1f:1337:38488] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cliniquecavalancia.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cliniquecavalancia.com"] [uri "/iniquecavalancia_com.sql"] [unique_id "af9yyw5gqebhoFOWcihOgQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 21:36:00 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a ... show more (mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a-tor-node---8.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 17:35:52.603506 2026] [security2:error] [pid 27158:tid 27158] [client 2a03:4000:2b:66e:dead:beef:ca1f:1337:54932] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "drendels.com"] [uri "/wp-config.phpbak"] [unique_id "afEoODqb-w8tGpGnBUniKgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:03:38 (1 month ago)	2026-04-26 08:00:45,260 fail2ban.actions [7718]: NOTICE [tor] Ban 2a03:4000:2b:66e:dead:beef ... show more 2026-04-26 08:00:45,260 fail2ban.actions [7718]: NOTICE [tor] Ban 2a03:4000:2b:66e:dead:beef:ca1f:1337 2026-04-26 12:01:36,585 fail2ban.actions [7718]: NOTICE [tor] Ban 2a03:4000:2b:66e:dead:beef:ca1f:1337 2026-04-26 18:01:34,256 fail2ban.actions [7718]: NOTICE [tor] Ban 2a03:4000:2b:66e:dead:beef:ca1f:1337 2026-04-26 21:01:31,728 fail2ban.actions [7718]: NOTICE [tor] Ban 2a03:4000:2b:66e:dead:beef:ca1f:1337 2026-04-27 00:03:37,585 fail2ban.actions [7718]: NOTICE [tor] Ban 2a03:4000:2b:66e:dead:beef:ca1f:1337 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-25 20:33:42 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a ... show more (mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a-tor-node---8.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 16:33:38.751955 2026] [security2:error] [pid 9463:tid 9463] [client 2a03:4000:2b:66e:dead:beef:ca1f:1337:52082] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.bak" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bayareamustangs.com"] [uri "/wp-config.bak"] [unique_id "ae0lIl2jzEGc5llDOFlB_wAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-18 04:39:44 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a ... show more (mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a-tor-node---8.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 00:39:38.492381 2026] [security2:error] [pid 4090629:tid 4090629] [client 2a03:4000:2b:66e:dead:beef:ca1f:1337:49290] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "local639.com"] [uri "/wp-config.phpb"] [unique_id "aeMLCgbVMvLIOdSwf_G3QQAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-04-15 10:54:27 (2 months ago)	Blocked by UFW (TCP on 8333) Source port: 51326 Packet length: 80 This report (for 2a03:4000:002b:0 ... show more Blocked by UFW (TCP on 8333) Source port: 51326 Packet length: 80 This report (for 2a03:4000:002b:066e:dead:beef:ca1f:1337) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-04-12 03:46:00 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a ... show more (mod_security) mod_security (id:210730) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a-tor-node---8.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 11 23:45:51.628791 2026] [security2:error] [pid 1302346:tid 1302346] [client 2a03:4000:2b:66e:dead:beef:ca1f:1337:40964] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|paulsingdahlsen.com\|F\|2"] [data ".cfg"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "paulsingdahlsen.com"] [uri "/wp-config.cfg"] [unique_id "adsVb2Xe7xRmKrvQS7z2UQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 19:39:51 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a ... show more (mod_security) mod_security (id:210730) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a-tor-node---8.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 15:39:43.834689 2026] [security2:error] [pid 10164:tid 10175] [client 2a03:4000:2b:66e:dead:beef:ca1f:1337:57826] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|datuinc.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "datuinc.com"] [uri "/tuinc_com.sql"] [unique_id "ac7F_9R0uXaoSUNeBb0ncgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-03-26 20:59:04 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 xmission.com	2026-03-17 17:53:40 (3 months ago)	Blocked by UFW (TCP on 8333) Source port: 58850 Packet length: 80 This report (for 2a03:4000:002b:0 ... show more Blocked by UFW (TCP on 8333) Source port: 58850 Packet length: 80 This report (for 2a03:4000:002b:066e:dead:beef:ca1f:1337) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-02-23 14:11:11 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a ... show more (mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a-tor-node---8.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 09:11:04.321916 2026] [security2:error] [pid 6076:tid 6086] [client 2a03:4000:2b:66e:dead:beef:ca1f:1337:52318] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.acornway.com"] [uri "/.git/config"] [unique_id "aZxf-H7qazxQSQrhE9J90gAAAUg"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-02-09 22:59:11 (4 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-02-08. show less	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2026-02-07 15:25:39 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a ... show more (mod_security) mod_security (id:210492) triggered by 2a03:4000:2b:66e:dead:beef:ca1f:1337 (this-is-a-tor-node---8.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 10:25:36.037427 2026] [security2:error] [pid 1765231:tid 1765231] [client 2a03:4000:2b:66e:dead:beef:ca1f:1337:55520] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.polar-design.com"] [uri "/.git/config"] [unique_id "aYdZcKxfNhhbiyLXigwd6AAAABs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 108 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇿 194.182.64.174

🇲🇽 187.250.197.177

🇺🇸 185.61.220.72

🇺🇸 162.216.149.106

🇺🇸 152.32.233.100

🇩🇪 69.5.169.72

🇨🇳 47.103.36.53

🇺🇸 44.17.219.48

🇮🇹 31.59.89.180

🇺🇸 18.116.101.220

🇳🇱 185.242.226.69

🇩🇪 185.30.32.9

🇮🇩 103.165.139.145

🇧🇬 91.148.190.150

🇮🇷 5.238.30.81

🇳🇱 195.178.110.30

🇵🇱 109.205.211.100

🇺🇸 100.29.192.73

🇯🇲 72.27.82.149

🇮🇹 45.143.182.238