JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0f:df00:0:255::202

2a0f:df00:0:255::202 was found in our database!

This IP was reported 127 times. Confidence of Abuse is 19%: ?

19%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	KeFF Networks Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41281
Domain Name	keff.org
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0f:df00:0:255::202

Whois 2a0f:df00:0:255::202

IP Abuse Reports for 2a0f:df00:0:255::202:

This IP address has been reported a total of 127 times from 19 distinct sources. 2a0f:df00:0:255::202 was first reported on December 8th 2021, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-05 12:07:03 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 08:06:51.367530 2026] [security2:error] [pid 812:tid 812] [client 2a0f:df00:0:255::202:56249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.greighhouse.com"] [uri "/.git/config"] [unique_id "aiK728pGTKmKNwqZN9DFEAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-05-29 11:10:06 (1 week ago)	Blocked by UFW (TCP on 8333) Source port: 30819 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 30819 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0202) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-05-17 18:28:14 (3 weeks ago)	Blocked by UFW (TCP on 8333) Source port: 44295 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 44295 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0202) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 xmission.com	2026-05-11 14:43:09 (4 weeks ago)	Blocked by UFW (TCP on 8333) Source port: 58743 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 58743 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0202) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-09 14:11:20 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 10:11:14.807399 2026] [security2:error] [pid 447:tid 447] [client 2a0f:df00:0:255::202:12855] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|capitalswisscorp.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "capitalswisscorp.com"] [uri "/capitalsw.sql"] [unique_id "af9AgoxKNVVDyVsdK88lswAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-08 22:09:25 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 18:09:13.900250 2026] [security2:error] [pid 2422:tid 2422] [client 2a0f:df00:0:255::202:26497] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|hotelausland.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hotelausland.com"] [uri "/hotela.sql"] [unique_id "af5fCWe1lD3SMGT0VCrXwAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-05-08 19:35:42 (1 month ago)	Blocked by UFW (TCP on 8333) Source port: 53481 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 53481 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0202) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-08 15:01:22 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 11:01:11.683840 2026] [security2:error] [pid 7272:tid 7272] [client 2a0f:df00:0:255::202:64309] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cosplayculture.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cosplayculture.com"] [uri "/bck.sql"] [unique_id "af36twnrWk7F07VmkatYlgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:05:27 (1 month ago)	2026-04-26 08:01:05,608 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::202 2026- ... show more 2026-04-26 08:01:05,608 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::202 2026-04-26 12:01:49,343 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::202 2026-04-26 18:01:46,893 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::202 2026-04-26 21:01:46,231 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::202 2026-04-27 00:05:26,465 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::202 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-26 20:03:02 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 16:02:53.675494 2026] [security2:error] [pid 14333:tid 14333] [client 2a0f:df00:0:255::202:38541] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|internetnameregistration.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "internetnameregistration.com"] [uri "/backup_wp.sql"] [unique_id "ae5vbUk6INd02XFnGiuEawAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-18 18:47:39 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 14:47:32.177357 2026] [security2:error] [pid 3402478:tid 3402478] [client 2a0f:df00:0:255::202:35995] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.bak" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "medusakenya.com"] [uri "/wp-config.bak"] [unique_id "aePRxDbKxX4hZ3Y3jDM52QAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-18 04:39:46 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 00:39:37.898073 2026] [security2:error] [pid 4094156:tid 4094156] [client 2a0f:df00:0:255::202:1227] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "local639.com"] [uri "/wp-config.phpold"] [unique_id "aeMLCXmHVjRi-KOpn3hTqAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-03-27 21:09:00 (2 months ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-26 17:33:03 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::202 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 13:32:53.713053 2026] [security2:error] [pid 24765:tid 24765] [client 2a0f:df00:0:255::202:19559] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.pundtlaw.com"] [uri "/.git/config"] [unique_id "acVtxefF8m9AT7ZFA1PiwgAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 1gz	2026-03-26 08:23:10 (2 months ago)	Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: CHALLENGE Protocol: HTTP/2 (GET met ... show more Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: CHALLENGE Protocol: HTTP/2 (GET method) Endpoint: / UA: Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 15 of 127 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇴 190.60.242.28

🇩🇪 185.242.3.226

🇸🇬 185.200.116.79

🇫🇷 141.94.79.3

🇻🇳 116.110.22.147

🇫🇷 85.217.140.16

🇨🇳 59.52.177.9

🇩🇪 47.245.135.78

🇦🇺 34.126.203.204

🇧🇷 20.206.87.81

🇺🇸 17.241.227.236

🇷🇴 2.57.122.238

🇳🇱 195.178.110.26

🇫🇷 141.94.76.134

🇨🇳 110.249.201.162

🇫🇷 91.196.152.215

🇫🇮 35.228.219.64

🇬🇧 35.203.211.178

🇺🇸 2604:a880:400:d1:0:4:8e6e:e001

🇧🇷 179.48.32.77