AbuseIPDB » 2a0f:df00:0:255::201

2a0f:df00:0:255::201 was found in our database!

This IP was reported 46 times. Confidence of Abuse is 9%: ?

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	KeFF Networks Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41281
Domain Name	keff.org
Country	Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 2a0f:df00:0:255::201

Whois 2a0f:df00:0:255::201

IP Abuse Reports for 2a0f:df00:0:255::201:

This IP address has been reported a total of 46 times from 6 distinct sources. 2a0f:df00:0:255::201 was first reported on November 29th 2022, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
TPI-Abuse	2025-06-13 16:53:32 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 13 12:53:24.350668 2025] [security2:error] [pid 459951:tid 460002] [client 2a0f:df00:0:255::201:50912] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|sandiegosamband.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sandiegosamband.com"] [uri "/migration.sql"] [unique_id "aExXhINMBPXpQlJI1cDtSwAAANQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-03 12:47:08 (1 month ago)	Action: Block, Reason: DDOS attack detected	DDoS Attack
TPI-Abuse	2025-05-22 13:46:32 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 22 09:46:27.402624 2025] [security2:error] [pid 337048:tid 337048] [client 2a0f:df00:0:255::201:39244] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mariarozella.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mariarozella.com"] [uri "/bd.sql"] [unique_id "aC8qs3QNSXgCYQy3HP_hYAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-05-10 22:59:41 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 10 18:59:35.512136 2025] [security2:error] [pid 2818881:tid 2818881] [client 2a0f:df00:0:255::201:41484] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nancymahrer.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nancymahrer.com"] [uri "/administrator/backups/database-sql.sql"] [unique_id "aB_aV6YJdl7axW2KgkffOQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-05-05 00:29:12 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 04 20:29:05.541312 2025] [security2:error] [pid 4072495:tid 4072495] [client 2a0f:df00:0:255::201:42690] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|7bsuperfruit.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "7bsuperfruit.com"] [uri "/administrator/backups/database.sql"] [unique_id "aBgGUWaAUCa7nDHa8DTQzQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-05-04 22:47:14 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 04 18:47:04.217221 2025] [security2:error] [pid 318847:tid 318847] [client 2a0f:df00:0:255::201:47544] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|tonytremblayauthor.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tonytremblayauthor.com"] [uri "/adminer.sql"] [unique_id "aBfuaHrAif1s9-OOJenYdAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-05-03 03:37:24 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 02 23:37:16.809412 2025] [security2:error] [pid 2623526:tid 2623526] [client 2a0f:df00:0:255::201:34968] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|didactrend.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "didactrend.com"] [uri "/end.sql"] [unique_id "aBWPbGpW3PDnVyXzR9Iu8QAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-04-24 05:02:32 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 24 01:02:24.278590 2025] [security2:error] [pid 1554:tid 1554] [client 2a0f:df00:0:255::201:53932] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "billymitchell.com"] [uri "/wp-config.php."] [unique_id "aAnF4FCITAqtYf6VZLgm4gAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-04-20 20:26:16 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 20 16:26:09.526402 2025] [security2:error] [pid 4052008:tid 4052008] [client 2a0f:df00:0:255::201:52516] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.sizefinder.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.sizefinder.com"] [uri "/administrator/backups/database.sql"] [unique_id "aAVYYXITIdPGd_eWKGWtJgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-04-14 15:41:03 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 14 11:40:53.385354 2025] [security2:error] [pid 23543:tid 23543] [client 2a0f:df00:0:255::201:38604] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thepotteriesmesilla.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thepotteriesmesilla.com"] [uri "/database.sql"] [unique_id "Z_0shfswB63oVKkUEmKIdAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-04-13 14:00:07 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 13 09:59:56.890671 2025] [security2:error] [pid 18452:tid 18452] [client 2a0f:df00:0:255::201:39896] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.susanoneill.us\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.susanoneill.us"] [uri "/database.sql"] [unique_id "Z_vDXGEb2Z-BGrVFsbxCRgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-03-31 21:21:24 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 31 17:21:19.520906 2025] [security2:error] [pid 3658:tid 3664] [client 2a0f:df00:0:255::201:47114] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|condo.management\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "condo.management"] [uri "/db.sql"] [unique_id "Z-sHT8KQJIug8D0A2VEtlgAAAMI"] show less	Brute-Force Bad Web Bot Web App Attack
on-com	2025-03-29 02:49:24 (3 months ago)	URL scan	Brute-Force Web App Attack
TPI-Abuse	2025-03-28 20:11:57 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 28 16:11:46.934672 2025] [security2:error] [pid 9394:tid 9394] [client 2a0f:df00:0:255::201:34168] [client 2a0f:df00:0:255::201] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.schlegelcreative.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.schlegelcreative.com"] [uri "/database.sql"] [unique_id "Z-cCgla2P0CH74YDQrp51AAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-03-28 16:35:43 (3 months ago)	Action: Block, Reason: DDOS attack detected	DDoS Attack

Showing 1 to 15 of 46 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

80.94.95.112

102.211.209.39

103.187.146.48

167.94.146.44

2607:f8b0:4004:100d::121

91.196.152.117

162.142.125.231

207.219.221.101

50.87.248.14

190.181.25.210

13.74.58.171

80.94.95.15

15.156.234.60

77.53.240.50

81.166.21.80

192.166.123.111

201.217.66.205

80.94.95.112

91.231.89.9

179.37.60.6