JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0b:f4c2::27

2a0b:f4c2::27 was found in our database!

This IP was reported 216 times. Confidence of Abuse is 33%: ?

33%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Artikel10 e.V.
Usage Type	Commercial
ASN	AS60729
Hostname(s)	berlin01.tor-exit.artikel10.org
Domain Name	artikel10.org
Country	🇩🇪 Germany
City	Berlin, State of Berlin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0b:f4c2::27

Whois 2a0b:f4c2::27

IP Abuse Reports for 2a0b:f4c2::27:

This IP address has been reported a total of 216 times from 25 distinct sources. 2a0b:f4c2::27 was first reported on June 23rd 2023, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 03:52:43 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 23:52:37.829491 2026] [security2:error] [pid 1708:tid 1708] [client 2a0b:f4c2::27:32620] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.rimaine.org"] [uri "/.git/config"] [unique_id "aiuChey72A_WlshH-pJ9uQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 20:34:28 (1 day ago)	(mod_security) mod_security (id:949110) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:949110) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 16:34:20.020790 2026] [security2:error] [pid 2993:tid 2993] [client 2a0b:f4c2::27:21236] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ipv6.taxijunkremoval.com"] [uri "/.git/config"] [unique_id "aisbzM16BVpxJswLoNAKZQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Savvii	2026-06-10 08:22:18 (3 days ago)	20 attempts against mh-misbehave-ban on web-new	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-05-29 07:36:26 (2 weeks ago)	Blocked by UFW (TCP on 8333) Source port: 29654 Packet length: 80 This report (for 2a0b:f4c2:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 29654 Packet length: 80 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0027) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-05-23 13:38:35 (3 weeks ago)	Blocked by UFW (TCP on 8333) Source port: 50148 Packet length: 80 This report (for 2a0b:f4c2:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 50148 Packet length: 80 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0027) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇵🇱 sefinek.net	2026-05-16 06:37:46 (4 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from T1. Action: BLOCK \| Protocol: HTTP/2 (GET) \| Endpoint ... show more Triggered Cloudflare WAF (firewallCustom) from T1. Action: BLOCK \| Protocol: HTTP/2 (GET) \| Endpoint: /tools/ip-checker \| UA: Mozilla/5.0 (Android 10; Mobile; rv:140.0) Gecko/140.0 Firefox/140.0 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 ipblock.com	2026-05-15 22:31:00 (4 weeks ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-08 16:13:22 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 12:13:14.620441 2026] [security2:error] [pid 31252:tid 31252] [client 2a0b:f4c2::27:55304] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|doctorspainmanagement.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "doctorspainmanagement.com"] [uri "/nmanagement_com.sql"] [unique_id "af4Lmm1LsR30IpiZWowlAAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-05 11:03:13 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210730) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 05 07:03:09.800509 2026] [security2:error] [pid 20469:tid 20469] [client 2a0b:f4c2::27:22686] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|billymitchell.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "billymitchell.com"] [uri "/backupwp.sql"] [unique_id "afnObfpdu2QNNt6POPtymQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-04-30 10:54:43 (1 month ago)	Blocked by UFW (TCP on 47642) Source port: 9002 Packet length: 120 This report (for 2a0b:f4c2:0000: ... show more Blocked by UFW (TCP on 47642) Source port: 9002 Packet length: 120 This report (for 2a0b:f4c2:0000:0000:0000:0000:0000:0027) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-04-29 14:06:30 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 29 10:06:25.103095 2026] [security2:error] [pid 29229:tid 29229] [client 2a0b:f4c2::27:11102] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fernfield.com"] [uri "/wp-config.php1"] [unique_id "afIQYUHcJsp1NJmO01VP_wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:04:37 (1 month ago)	2026-04-26 08:00:55,089 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::27 2026-04-26 1 ... show more 2026-04-26 08:00:55,089 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::27 2026-04-26 12:01:42,508 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::27 2026-04-26 18:01:40,159 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::27 2026-04-26 21:01:39,419 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::27 2026-04-27 00:04:33,329 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0b:f4c2::27 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-25 16:35:49 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 12:35:42.390900 2026] [security2:error] [pid 13263:tid 13263] [client 2a0b:f4c2::27:52226] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kh6jim.com"] [uri "/wp-config.php.de"] [unique_id "aeztXhaoi0DRtuzV5rEZEQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-04-21 12:26:00 (1 month ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-13 03:54:07 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org) ... show more (mod_security) mod_security (id:210492) triggered by 2a0b:f4c2::27 (berlin01.tor-exit.artikel10.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 23:53:48.972875 2026] [security2:error] [pid 4037515:tid 4037515] [client 2a0b:f4c2::27:16440] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "honweneedthis.com"] [uri "/wp-config.php.fr"] [unique_id "adxozFrAh-TANMBWwRDYUAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 216 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇯🇵 162.158.119.227

🇺🇸 18.221.179.104

🇮🇳 223.181.71.122

🇱🇰 220.247.224.226

🇲🇾 202.184.145.225

🇩🇪 167.94.146.52

🇩🇪 164.92.161.148

🇮🇷 81.16.112.42

🇺🇸 54.163.161.231

🇸🇬 43.156.239.194

🇯🇵 207.56.225.34

🇨🇳 117.143.82.37

🇨🇳 115.190.226.99

🇺🇸 113.20.0.58

🇮🇳 103.91.246.73

🇨🇦 85.217.149.9

🇮🇩 41.216.178.119

🇺🇸 217.217.113.105

🇨🇳 202.105.98.252

🇹🇼 198.235.24.46