JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0b:f4c2::20

2a0b:f4c2::20 was found in our database!

This IP was reported 222 times. Confidence of Abuse is 32%: ?

32%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Artikel10 e.V.
Usage Type	Commercial
ASN	AS60729
Hostname(s)	berlin01.tor-exit.artikel10.org
Domain Name	artikel10.org
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0b:f4c2::20

Whois 2a0b:f4c2::20

IP Abuse Reports for 2a0b:f4c2::20:

This IP address has been reported a total of 222 times from 31 distinct sources. 2a0b:f4c2::20 was first reported on October 14th 2022, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 03:19:39 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 23:19:29.997440 2026] [security2:error] [pid 18141:tid 18141] [client 2a0b:f4c2::20:32578] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.pnwdso.org"] [uri "/.git/config"] [unique_id "ait6wUBMsSytf9bm5xo6aQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-06-11 20:29:00 (1 day ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-06-07 22:04:32 (5 days ago)	Blocked by UFW (TCP on 8333) Source port: 10510 Packet length: 80 This report (for 2a0b:f4c2:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 10510 Packet length: 80 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0020) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-05 10:53:07 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 06:52:57.165424 2026] [security2:error] [pid 7313:tid 7313] [client 2a0b:f4c2::20:36380] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.fvsllc.com"] [uri "/.git/config"] [unique_id "aiKqicYw1Zeg8Wpmq142jgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 05:19:19 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 01:19:13.837989 2026] [security2:error] [pid 15906:tid 15906] [client 2a0b:f4c2::20:10034] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|christianconsulting.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "christianconsulting.net"] [uri "/stianconsulting_com.sql"] [unique_id "agAVUbTLC061jnaLcBYQegAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-09 08:26:47 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 04:26:41.650237 2026] [security2:error] [pid 10232:tid 10232] [client 2a0b:f4c2::20:24722] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kaldaragroup.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kaldaragroup.com"] [uri "/kaldaragroup_com.sql"] [unique_id "af7vwTixH5Ig8k7mlb_ZbwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-08 16:47:05 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 12:46:51.405326 2026] [security2:error] [pid 27196:tid 27196] [client 2a0b:f4c2::20:51960] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|brexitop.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "brexitop.com"] [uri "/backupwp.sql"] [unique_id "af4Te5P0w2JKsig34dzBlgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 gnom4ik	2026-05-03 03:33:27 (1 month ago)	ban-reviewer auto report; ip=2a0b:f4c2::20; scenario=http:scan; verdict=valid_ban; confidence=0.92; ... show more ban-reviewer auto report; ip=2a0b:f4c2::20; scenario=http:scan; verdict=valid_ban; confidence=0.92; categories=14,15,18,22; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=ip_decision_count_high show less	Port Scan Hacking Brute-Force SSH
🇺🇸 xmission.com	2026-04-30 10:47:41 (1 month ago)	Blocked by UFW (TCP on 60112) Source port: 9002 Packet length: 200 This report (for 2a0b:f4c2:0000: ... show more Blocked by UFW (TCP on 60112) Source port: 9002 Packet length: 200 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0020) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-04-30 09:31:39 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 05:31:33.691304 2026] [security2:error] [pid 23542:tid 23602] [client 2a0b:f4c2::20:1882] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "la.productions"] [uri "/wp-config.phpa"] [unique_id "afMhdahQ7rVGkRgKCfZidQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 15:30:34 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 11:30:28.247737 2026] [security2:error] [pid 23702:tid 23704] [client 2a0b:f4c2::20:3918] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cheqs.org\|F\|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cheqs.org"] [uri "/config.old"] [unique_id "afDSlAQXXyoq42Tk345OuQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:04:35 (1 month ago)	2026-04-26 08:00:54,582 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::20 2026-04-26 1 ... show more 2026-04-26 08:00:54,582 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::20 2026-04-26 12:01:42,225 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::20 2026-04-26 18:01:39,877 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::20 2026-04-26 21:01:39,122 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::20 2026-04-27 00:04:31,436 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::20 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-26 20:02:15 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 16:02:07.651437 2026] [security2:error] [pid 14332:tid 14332] [client 2a0b:f4c2::20:49352] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|internetnameregistration.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "internetnameregistration.com"] [uri "/internet.sql"] [unique_id "ae5vPwprV8y25gS7IRUj3AAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-04-17 01:27:16 (1 month ago)	[FriApr1703:27:13.1934972026][security2:error][pid3885775:tid3885786][client2a0b:f4c2::20:0]ModSecur ... show more [FriApr1703:27:13.1934972026][security2:error][pid3885775:tid3885786][client2a0b:f4c2::20:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\^/wp-content/plugins/[\^/] /\(readme\\\\\\\\.txt\\|changelog\\\\\\\\.txt\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"381\"][id\"960828\"][msg\"WordPresspluginenumerationblocked\"][hostname\"www.motogiro.com\"][uri\"/wp-content/plugins/sitepress-multilingual-cms/readme.txt\"][unique_id\"aeGMcZOl6erWOe9qEL6pgwAAAIk\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-04-15 13:18:39 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::20 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 09:18:34.019949 2026] [security2:error] [pid 3195339:tid 3195401] [client 2a0b:f4c2::20:35990] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.mandhco.com"] [uri "/.git/config"] [unique_id "ad-QKrXVhc7eO_J8PyV3TgAAAUU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 222 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.238

🇫🇷 195.154.112.90

🇬🇧 193.163.125.196

🇮🇳 182.70.243.207

🇻🇳 14.191.25.38

🇳🇱 195.178.110.30

🇳🇱 185.223.235.24

🇺🇸 162.216.149.215

🇺🇸 104.245.244.124

🇧🇩 103.154.49.130

🇷🇴 80.94.92.167

🇵🇭 61.28.144.154

🇺🇸 208.84.101.238

🇲🇽 189.203.190.153

🇧🇷 138.255.206.200

🇬🇧 45.43.64.151

🇸🇬 43.159.61.145

🇻🇳 210.211.122.97

🇩🇪 152.89.254.113

🇫🇷 148.135.179.204