JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0f:df00:0:255::200

2a0f:df00:0:255::200 was found in our database!

This IP was reported 139 times. Confidence of Abuse is 18%: ?

18%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	KeFF Networks Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41281
Domain Name	keff.org
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0f:df00:0:255::200

Whois 2a0f:df00:0:255::200

IP Abuse Reports for 2a0f:df00:0:255::200:

This IP address has been reported a total of 139 times from 17 distinct sources. 2a0f:df00:0:255::200 was first reported on October 20th 2022, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-01 13:03:36 (3 days ago)	Blocked by UFW (TCP on 8333) Source port: 65441 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 65441 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0200) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-05-19 01:34:15 (2 weeks ago)	Blocked by UFW (TCP on 8333) Source port: 18267 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 18267 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0200) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-09 17:45:56 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 13:45:51.528265 2026] [security2:error] [pid 15757:tid 15757] [client 2a0f:df00:0:255::200:65425] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cliniquecavalancia.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cliniquecavalancia.com"] [uri "/cliniquecavalancia_com.sql"] [unique_id "af9yzx45O0jt4JMEwS4yvgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-09 08:26:35 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 04:26:27.914305 2026] [security2:error] [pid 7094:tid 7094] [client 2a0f:df00:0:255::200:1307] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kaldaragroup.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kaldaragroup.com"] [uri "/group_com.sql"] [unique_id "af7vs1PEHkPZiizJZaY4pgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:05:27 (1 month ago)	2026-04-26 08:01:05,470 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::200 2026- ... show more 2026-04-26 08:01:05,470 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::200 2026-04-26 12:01:49,267 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::200 2026-04-26 18:01:46,817 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::200 2026-04-26 21:01:46,147 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::200 2026-04-27 00:05:25,971 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::200 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-26 04:17:46 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 00:17:38.103091 2026] [security2:error] [pid 7112:tid 7112] [client 2a0f:df00:0:255::200:6865] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|20dekopas.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "20dekopas.com"] [uri "/s_com.sql"] [unique_id "ae2R4u3jmMuPZR_IBPVGoAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-25 16:34:53 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 12:34:44.917495 2026] [security2:error] [pid 7384:tid 7384] [client 2a0f:df00:0:255::200:26725] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kh6jim.com"] [uri "/wp-config.php~~~"] [unique_id "aeztJHHje_dyjkWEgj9KrAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-04-23 04:42:12 (1 month ago)	Blocked by UFW (TCP on 8333) Source port: 51835 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 51835 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0200) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-04-23 00:55:25 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 20:55:15.727614 2026] [security2:error] [pid 3281392:tid 3281392] [client 2a0f:df00:0:255::200:5169] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brbcash.com"] [uri "/wp-config.php.resetwp_bak"] [unique_id "aelt82x0y8SlDAeukCHn8gAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-18 18:48:01 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 14:47:55.675534 2026] [security2:error] [pid 3402478:tid 3402478] [client 2a0f:df00:0:255::200:57617] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "medusakenya.com"] [uri "/wp-config.phpc"] [unique_id "aePR2zbKxX4hZ3Y3jDM52wAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-04-14 10:11:31 (1 month ago)	Blocked by UFW (TCP on 9999) Source port: 22201 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 9999) Source port: 22201 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0200) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Ping of Death
🇺🇸 xmission.com	2026-03-30 15:42:08 (2 months ago)	Blocked by UFW (TCP on 9999) Source port: 35125 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 9999) Source port: 35125 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0200) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Ping of Death
🇺🇸 TPI-Abuse	2026-03-22 18:13:42 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::200 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 22 14:13:29.810154 2026] [security2:error] [pid 18420:tid 18420] [client 2a0f:df00:0:255::200:52603] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|rebelhollowfarm.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rebelhollowfarm.com"] [uri "/rebelhollow.sql"] [unique_id "acAxSX1gRYzFNYzm9E1gPgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-03-22 06:58:00 (2 months ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 dpinse	2026-03-19 23:26:25 (2 months ago)	Malicious activity detected from 41281 KEFF Interplanetary Communications Network (GET HTTP/1.1 /) @ ... show more Malicious activity detected from 41281 KEFF Interplanetary Communications Network (GET HTTP/1.1 /) @ 2026-03-19T23:26:25Z show less	Open Proxy VPN IP Port Scan Hacking SQL Injection Bad Web Bot Exploited Host Web App Attack

Showing 1 to 15 of 139 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 204.168.213.65

🇨🇳 120.48.124.176

🇮🇩 103.59.94.117

🇰🇿 91.229.149.158

🇹🇷 195.85.201.247

🇵🇷 154.64.212.138

🇺🇸 143.198.110.2

🇰🇷 115.68.208.117

🇺🇸 104.232.79.58

🇮🇳 103.251.31.26

🇷🇼 102.22.169.115

🇸🇬 94.231.206.10

🇰🇿 92.47.182.63

🇧🇪 74.125.47.24

🇮🇳 66.116.199.98

🇮🇳 64.227.161.198

🇮🇩 223.25.110.76

🇰🇬 212.241.29.24

🇧🇷 189.51.43.54

🇺🇿 185.213.230.24