JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0b:f4c2::22

2a0b:f4c2::22 was found in our database!

This IP was reported 215 times. Confidence of Abuse is 22%: ?

22%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Artikel10 e.V.
Usage Type	Commercial
ASN	AS60729
Hostname(s)	berlin01.tor-exit.artikel10.org
Domain Name	artikel10.org
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0b:f4c2::22

Whois 2a0b:f4c2::22

IP Abuse Reports for 2a0b:f4c2::22:

This IP address has been reported a total of 215 times from 27 distinct sources. 2a0b:f4c2::22 was first reported on September 28th 2022, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-05 11:31:02 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::22 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::22 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 07:30:54.545443 2026] [security2:error] [pid 24471:tid 24471] [client 2a0b:f4c2::22:36504] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.treeofloveproductions.com"] [uri "/.git/config"] [unique_id "aiKzbkzxEARHT2B1bIbaPgAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-05-14 08:26:31 (3 weeks ago)	Blocked by UFW (TCP on 8333) Source port: 25360 Packet length: 80 This report (for 2a0b:f4c2:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 25360 Packet length: 80 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0022) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-09 17:45:54 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::22 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::22 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 13:45:50.603257 2026] [security2:error] [pid 8334:tid 8334] [client 2a0b:f4c2::22:30988] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cliniquecavalancia.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cliniquecavalancia.com"] [uri "/ncia_com.sql"] [unique_id "af9yzqydIHYCKozLAt5DMQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-05-09 04:37:21 (4 weeks ago)	[SatMay0906:37:18.5473652026][security2:error][pid3025850:tid3025880][client2a0b:f4c2::22:0]ModSecur ... show more [SatMay0906:37:18.5473652026][security2:error][pid3025850:tid3025880][client2a0b:f4c2::22:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"craniosacraltherapy.ch\"][uri\"/craniosacra.sql\"][unique_id\"af65_v4OcYmoZxxRemurOwAAABM\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-08 22:09:11 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::22 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::22 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 18:09:06.437528 2026] [security2:error] [pid 2453:tid 2453] [client 2a0b:f4c2::22:28550] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|hotelausland.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hotelausland.com"] [uri "/lausland_com.sql"] [unique_id "af5fAjXpeHEcOQIDKFiAMQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-05-07 14:08:09 (1 month ago)	[ThuMay0716:08:04.6623772026][security2:error][pid555930:tid556047][client2a0b:f4c2::22:0]ModSecurit ... show more [ThuMay0716:08:04.6623772026][security2:error][pid555930:tid556047][client2a0b:f4c2::22:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"casacarmen.ch\"][uri\"/casaca.sql\"][unique_id\"afycxBDVx0PoaVCQcKrWCwAAAQ8\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 xmission.com	2026-05-06 05:27:13 (1 month ago)	Blocked by UFW (TCP on 8333) Source port: 65512 Packet length: 80 This report (for 2a0b:f4c2:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 65512 Packet length: 80 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0022) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-05-03 03:17:27 (1 month ago)	Blocked by UFW (TCP on 8333) Source port: 46310 Packet length: 80 This report (for 2a0b:f4c2:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 46310 Packet length: 80 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0022) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-04-30 10:50:58 (1 month ago)	Blocked by UFW (TCP on 57622) Source port: 9001 Packet length: 120 This report (for 2a0b:f4c2:0000: ... show more Blocked by UFW (TCP on 57622) Source port: 9001 Packet length: 120 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0022) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-04-28 21:35:19 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::22 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::22 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 17:35:14.679054 2026] [security2:error] [pid 25371:tid 25371] [client 2a0b:f4c2::22:24156] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.txt" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "drendels.com"] [uri "/wp-config.txt"] [unique_id "afEoEtuXBNH2JhmTPeWpVwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:04:36 (1 month ago)	2026-04-26 08:00:54,719 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::22 2026-04-26 1 ... show more 2026-04-26 08:00:54,719 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::22 2026-04-26 12:01:42,303 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::22 2026-04-26 18:01:39,957 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::22 2026-04-26 21:01:39,205 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::22 2026-04-27 00:04:31,990 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::22 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-26 12:56:25 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::22 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::22 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 08:56:18.891354 2026] [security2:error] [pid 11112:tid 11112] [client 2a0b:f4c2::22:3868] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kavahawaii.com"] [uri "/wp-config.php.de"] [unique_id "ae4LcoPGqr-_5fZRR1D_zgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-04-24 16:07:10 (1 month ago)	Blocked by UFW (TCP on 8333) Source port: 36038 Packet length: 80 This report (for 2a0b:f4c2:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 36038 Packet length: 80 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0022) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-04-24 00:48:23 (1 month ago)	Blocked by UFW (TCP on 8333) Source port: 34514 Packet length: 80 This report (for 2a0b:f4c2:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 34514 Packet length: 80 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0022) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇨🇭 4server	2026-04-17 20:13:38 (1 month ago)	[FriApr1722:13:34.4524712026][security2:error][pid3615266:tid3615291][client2a0b:f4c2::22:0]ModSecur ... show more [FriApr1722:13:34.4524712026][security2:error][pid3615266:tid3615291][client2a0b:f4c2::22:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"\^/wp-content/plugins/[\^/] /$readme\\\\\\\\.txt\\|changelog\\\\\\\\.txt$\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"381\"][id\"960828\"][msg\"WordPresspluginenumerationblocked\"][hostname\"www.shadowdrummer.ch\"][uri\"/wp-content/plugins/\*\\\\\"\,\\\\\"/readme.txt\"][unique_id\"aeKUboahE-cete6Cok1UYQAAAQk\"] show less	Hacking Web App Attack

Showing 1 to 15 of 215 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.239.254.216

🇨🇳 183.56.199.49

🇯🇴 176.29.229.159

🇺🇸 162.243.114.171

🇺🇸 154.53.58.161

🇧🇩 103.65.240.34

🇺🇸 91.230.168.184

🇱🇹 91.224.92.32

🇺🇸 64.62.197.204

🇮🇪 64.43.15.29

🇧🇷 45.171.128.223

🇮🇩 36.88.18.218

🇺🇸 3.139.100.75

🇷🇴 2.57.121.112

🇩🇪 213.209.159.175

🇬🇧 185.247.137.142

🇫🇷 185.177.72.10

🇮🇳 115.245.198.214

🇷🇴 92.118.39.236

🇩🇪 91.107.151.199