JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0f:df00:0:255::201

2a0f:df00:0:255::201 was found in our database!

This IP was reported 130 times. Confidence of Abuse is 30%: ?

30%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	KeFF Networks Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41281
Domain Name	keff.org
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0f:df00:0:255::201

Whois 2a0f:df00:0:255::201

IP Abuse Reports for 2a0f:df00:0:255::201:

This IP address has been reported a total of 130 times from 17 distinct sources. 2a0f:df00:0:255::201 was first reported on November 29th 2022, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-28 12:32:09 (8 hours ago)	[SunJun2814:32:04.0487982026][security2:error][pid1637703:tid1637815][client2a0f:df00:0:255::201:0]M ... show more [SunJun2814:32:04.0487982026][security2:error][pid1637703:tid1637815][client2a0f:df00:0:255::201:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"ipv6.tpgs.ch\"][uri\"/\"][unique_id\"akEURHrLjO-z47X60nAM1AAAAM4\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 23:27:17 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 19:27:04.770714 2026] [security2:error] [pid 26501:tid 26501] [client 2a0f:df00:0:255::201:2573] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.premiumenterprisessolution.com"] [uri "/.git/config"] [unique_id "aj8KyPZo0ZTEtMsLN_FIMgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-06-25 14:58:18 (3 days ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-19 17:02:36 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 13:02:28.557299 2026] [security2:error] [pid 18228:tid 18228] [client 2a0f:df00:0:255::201:6377] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|astglobalgroup.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "astglobalgroup.com"] [uri "/wp_admin.sql"] [unique_id "ajV2JOcnyvw0TJDPri7vxQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 21:05:06 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 17:04:52.808821 2026] [security2:error] [pid 12647:tid 12647] [client 2a0f:df00:0:255::201:43855] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.thenolangroup.llc"] [uri "/.git/config"] [unique_id "aisi9Pga8bzxmLZaopny0AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-06-07 08:50:12 (3 weeks ago)	Blocked by UFW (TCP on 8333) Source port: 48067 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 48067 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0201) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-09 01:09:17 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 21:09:07.338938 2026] [security2:error] [pid 16108:tid 16108] [client 2a0f:df00:0:255::201:49577] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|areafinancieratf.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "areafinancieratf.com"] [uri "/areafinancierat.sql"] [unique_id "af6JM6-L2icbbDybYAT_7wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:05:27 (2 months ago)	2026-04-26 08:01:05,546 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::201 2026- ... show more 2026-04-26 08:01:05,546 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::201 2026-04-26 12:01:49,305 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::201 2026-04-26 18:01:46,856 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::201 2026-04-26 21:01:46,191 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::201 2026-04-27 00:05:26,228 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::201 show less	Brute-Force
🇫🇮 percocet	2026-04-24 15:05:25 (2 months ago)	Cloudflare blocked 3 requests (HTTP 403) in 1h. Country: T1	DDoS Attack Web App Attack
🇺🇸 TPI-Abuse	2026-04-20 08:11:05 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 20 04:10:54.626162 2026] [security2:error] [pid 21833:tid 21854] [client 2a0f:df00:0:255::201:64141] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "batonrougegazette.com"] [uri "/wp-config.php~~~~"] [unique_id "aeXfjla16Zcr1UL8ONAfAwAAANE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-15 11:22:49 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 07:22:43.672934 2026] [security2:error] [pid 2828725:tid 2828725] [client 2a0f:df00:0:255::201:33599] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "idahostem.org"] [uri "/wp-config.phpn"] [unique_id "ad91AxoJxQLeGTmIjHldwgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-10 00:55:37 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 20:55:29.565472 2026] [security2:error] [pid 3850707:tid 3850707] [client 2a0f:df00:0:255::201:45909] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stonemartco.com"] [uri "/wp-config.php.us"] [unique_id "adhKgR5AkbkYQGX2hJkTNgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-03-20 10:08:52 (3 months ago)	Blocked by UFW (TCP on 9999) Source port: 57563 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 9999) Source port: 57563 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0201) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Ping of Death
🇺🇸 ipblock.com	2026-03-17 22:57:00 (3 months ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-10 04:51:57 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::201 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 00:51:48.924610 2026] [security2:error] [pid 16018:tid 16018] [client 2a0f:df00:0:255::201:55931] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lkabookkeeping.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lkabookkeeping.com"] [uri "/abookkeeping_wp1.sql"] [unique_id "aa-jZBi5GZOhQEr7sE0VMQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 130 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.57

🇧🇷 191.13.65.122

🇨🇳 183.134.40.85

🇫🇷 176.178.52.114

🇺🇸 66.132.224.27

🇩🇪 54.37.74.179

🇵🇦 186.148.99.50

🇧🇴 181.188.176.242

🇳🇱 104.248.193.96

🇪🇸 80.24.1.119

🇺🇸 45.156.129.125

🇩🇪 194.187.176.84

🇦🇷 190.177.178.31

🇭🇰 152.32.129.236

🇯🇵 43.167.175.9

🇫🇮 31.56.204.231

🇬🇧 209.42.21.221

🇵🇰 203.135.42.52

🇵🇰 182.191.83.176

🇸🇬 172.217.43.150