JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0b:f4c2:4::104

2a0b:f4c2:4::104 was found in our database!

This IP was reported 170 times. Confidence of Abuse is 23%: ?

23%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Digitalcourage e.V.
Usage Type	Commercial
ASN	AS60729
Domain Name	digitalcourage.de
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0b:f4c2:4::104

Whois 2a0b:f4c2:4::104

IP Abuse Reports for 2a0b:f4c2:4::104:

This IP address has been reported a total of 170 times from 21 distinct sources. 2a0b:f4c2:4::104 was first reported on February 12th 2024, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-01 13:49:02 (4 days ago)	Blocked by UFW (TCP on 8333) Source port: 52305 Packet length: 72 This report (for 2a0b:f4c2:0004:0 ... show more Blocked by UFW (TCP on 8333) Source port: 52305 Packet length: 72 This report (for 2a0b:f4c2:0004:0000:0000:0000:0000:0104) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 stechusa	2026-05-25 23:16:32 (1 week ago)	[Askari] \| country=DE \| Behavior: Concurrent page load during attack, HTTP/1.1 over TLS, Sequential ... show more [Askari] \| country=DE \| Behavior: Concurrent page load during attack, HTTP/1.1 over TLS, Sequential path crawling show less	Bad Web Bot DDoS Attack
🇺🇸 stechusa	2026-05-25 23:16:32 (1 week ago)	ELEVATED_THREAT \| country=DE \| ASN=Stiftung Erneuerbare Freiheit \| AbuseIPDB=17% \| Sequential facet ... show more ELEVATED_THREAT \| country=DE \| ASN=Stiftung Erneuerbare Freiheit \| AbuseIPDB=17% \| Sequential facet path walking detected (5 paths in order) \| Sequential facet path walking detected (6 paths in order) \| HTTP/1.1 over TLS (elevated=True) show less	Bad Web Bot DDoS Attack
🇺🇸 TPI-Abuse	2026-05-09 14:24:33 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 10:24:27.337670 2026] [security2:error] [pid 12686:tid 12686] [client 2a0b:f4c2:4::104:45663] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|grasslakepizzatime.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "grasslakepizzatime.com"] [uri "/grasslakepizza.sql"] [unique_id "af9Dm7w7gHP_PehN2QD4ywAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-06 19:15:27 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 06 15:15:20.499023 2026] [security2:error] [pid 26067:tid 26067] [client 2a0b:f4c2:4::104:24395] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bluemarineboats.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bluemarineboats.com"] [uri "/bluem.sql"] [unique_id "afuTSJ1ofYnWv-9fWhuznwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-05 10:51:00 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 05 06:50:41.288484 2026] [security2:error] [pid 18787:tid 18787] [client 2a0b:f4c2:4::104:19133] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cajunpicasso.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cajunpicasso.com"] [uri "/casso_com.sql"] [unique_id "afnLgeFgjP2wIoZa4DMkswAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:05:01 (1 month ago)	2026-04-26 08:01:01,196 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2:4::104 2026-04-2 ... show more 2026-04-26 08:01:01,196 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2:4::104 2026-04-26 12:01:46,616 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2:4::104 2026-04-26 18:01:44,201 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2:4::104 2026-04-26 21:01:43,493 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2:4::104 2026-04-27 00:05:00,156 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2:4::104 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-15 11:23:07 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 07:22:59.927595 2026] [security2:error] [pid 2831834:tid 2831834] [client 2a0b:f4c2:4::104:41399] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "idahostem.org"] [uri "/wp-config.php.public"] [unique_id "ad91Eygk_uj4Nd0ise1zAwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-08 16:51:04 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 12:50:56.853491 2026] [security2:error] [pid 3016404:tid 3016404] [client 2a0b:f4c2:4::104:55923] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brbvip.com"] [uri "/wp-config.php.public"] [unique_id "adaHcGLvLPX_atucaO8omwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-04-02 05:08:00 (2 months ago)	Blocked by UFW (TCP on 45540) Source port: 443 Packet length: 60 This report (for 2a0b:f4c2:0004:00 ... show more Blocked by UFW (TCP on 45540) Source port: 443 Packet length: 60 This report (for 2a0b:f4c2:0004:0000:0000:0000:0000:0104) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇮🇹 VHosting	2026-03-27 01:06:53 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-08 04:17:23 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 07 23:17:14.833655 2026] [security2:error] [pid 25781:tid 25781] [client 2a0b:f4c2:4::104:52231] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|climasyequipos.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "climasyequipos.com"] [uri "/latest.sql"] [unique_id "aaz4Sq1AHUSbaZQACDTRpQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-03-07 04:28:21 (2 months ago)	Blocked by UFW (TCP on 8333) Source port: 7761 Packet length: 72 This report (for 2a0b:f4c2:0004:00 ... show more Blocked by UFW (TCP on 8333) Source port: 7761 Packet length: 72 This report (for 2a0b:f4c2:0004:0000:0000:0000:0000:0104) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-03-05 13:27:46 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2:4::104 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 08:27:42.235588 2026] [security2:error] [pid 23380:tid 23380] [client 2a0b:f4c2:4::104:4985] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aboutagingparents.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aboutagingparents.com"] [uri "/db_arents.sql"] [unique_id "aamEztVP0-jGeA3FzcopKwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 i-turnradio.nl	2026-03-04 19:56:46 (3 months ago)	2026-03-04 20:56:46 (CET) ~ Blocked by abusescan risk assessment	Web App Attack

Showing 1 to 15 of 170 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇿 212.96.81.112

🇻🇳 103.161.170.12

🇪🇹 213.55.79.194

🇬🇧 209.42.20.53

🇺🇸 205.210.31.32

🇷🇺 188.0.178.117

🇰🇿 185.229.121.62

🇰🇿 178.91.60.29

🇲🇩 176.123.2.115

🇺🇸 162.216.150.75

🇨🇳 112.97.47.237

🇨🇳 111.43.41.40

🇮🇳 106.205.164.11

🇰🇿 95.82.88.220

🇰🇿 91.229.149.147

🇰🇿 85.193.110.53

🇺🇸 73.17.92.196

🇺🇸 64.62.156.67

🇳🇱 45.148.10.206

🇨🇳 42.236.145.169