JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0f:df00:0:255::204

2a0f:df00:0:255::204 was found in our database!

This IP was reported 131 times. Confidence of Abuse is 28%: ?

28%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	KeFF Networks Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41281
Domain Name	keff.org
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0f:df00:0:255::204

Whois 2a0f:df00:0:255::204

IP Abuse Reports for 2a0f:df00:0:255::204:

This IP address has been reported a total of 131 times from 18 distinct sources. 2a0f:df00:0:255::204 was first reported on December 7th 2021, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-07 21:32:12 (13 hours ago)	Blocked by UFW (TCP on 8333) Source port: 36759 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 36759 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0204) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-05 17:25:51 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 13:25:48.578674 2026] [security2:error] [pid 15318:tid 15318] [client 2a0f:df00:0:255::204:42605] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.circlethreefl.com"] [uri "/.git/config"] [unique_id "aiMGnMLEFusx-ChdXQS64gAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 11:24:47 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 07:24:40.398674 2026] [security2:error] [pid 25873:tid 25873] [client 2a0f:df00:0:255::204:55385] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.lovelybeyondwords.com"] [uri "/.git/config"] [unique_id "aiKx-ABLgh7y3r-VeGtT3gAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:05:28 (1 month ago)	2026-04-26 08:01:05,753 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::204 2026- ... show more 2026-04-26 08:01:05,753 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::204 2026-04-26 12:01:49,418 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::204 2026-04-26 18:01:46,969 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::204 2026-04-26 21:01:46,309 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::204 2026-04-27 00:05:26,964 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::204 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-26 09:52:43 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 05:52:34.377123 2026] [security2:error] [pid 31990:tid 31990] [client 2a0f:df00:0:255::204:15953] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|avienhowell.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "avienhowell.com"] [uri "/avie.sql"] [unique_id "ae3gYuxqgc1ivLlHAdhLnwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 percocet	2026-04-24 15:05:06 (1 month ago)	Cloudflare blocked 59 requests (HTTP 403) in 1h. Country: T1	DDoS Attack Web App Attack
🇺🇸 Hobby Bob	2026-04-22 23:12:02 (1 month ago)	2026-04-22T23:12:02.639763+00:00 server dovecot: pop3-login: Disconnected: Connection closed (no aut ... show more 2026-04-22T23:12:02.639763+00:00 server dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 1 secs): user=, rip=2a0f:df00:0:255::204, lip=X.X.X.X session= show less	Port Scan Hacking
🇨🇭 4server	2026-04-15 19:19:03 (1 month ago)	[WedApr1521:18:58.9009952026][security2:error][pid1466366:tid1466384][client2a0f:df00:0:255::204:0]M ... show more [WedApr1521:18:58.9009952026][security2:error][pid1466366:tid1466384][client2a0f:df00:0:255::204:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\^/wp-content/plugins/[\^/] /\(readme\\\\\\\\.txt\\|changelog\\\\\\\\.txt\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"359\"][id\"960828\"][msg\"WordPresspluginenumerationblocked\"][hostname\"tipicalonline.com\"][uri\"/wp-content/plugins/burst-statistics/readme.txt\"][unique_id\"ad_kos_QEukXm2YD6FD47wAAAJA\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-04-13 03:53:06 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 23:52:59.036295 2026] [security2:error] [pid 4037534:tid 4037534] [client 2a0f:df00:0:255::204:36727] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "honweneedthis.com"] [uri "/wp-config.phpc"] [unique_id "adxomwFNMPjm3S4cg5uVXgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-03-27 01:06:53 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-26 14:00:40 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 10:00:29.889871 2026] [security2:error] [pid 2112:tid 2116] [client 2a0f:df00:0:255::204:26307] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cliffwheeler.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cliffwheeler.com"] [uri "/liffwheeler_com.sql"] [unique_id "acU7_T1rGnPaTapSdraa3QAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-13 19:32:30 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 13 15:32:19.098021 2026] [security2:error] [pid 19685:tid 19685] [client 2a0f:df00:0:255::204:11539] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.moyworld.com"] [uri "/.git/config"] [unique_id "abRmQ2riBl7mOcAZwmR8KgAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-03-08 21:27:05 (2 months ago)	Blocked by UFW (TCP on 9999) Source port: 44063 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 9999) Source port: 44063 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0204) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Ping of Death
🇺🇸 ipblock.com	2026-03-07 14:21:00 (3 months ago)	IPBlock protected site ID [4055-d][s=03]. Rogue crawler, does not respect robots.txt	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-27 11:55:21 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::204 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 27 06:55:15.455059 2026] [security2:error] [pid 29616:tid 29616] [client 2a0f:df00:0:255::204:47249] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.geceindia.com"] [uri "/.git/config"] [unique_id "aaGGI3tzyUIfQT2BLx_aqwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 131 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 217.253.123.44

🇩🇪 217.160.224.99

🇨🇳 180.108.64.6

🇨🇳 118.212.120.101

🇺🇸 107.174.25.205

🇮🇹 83.224.182.11

🇺🇸 54.197.178.107

🇸🇬 47.128.18.145

🇦🇪 31.215.155.80

🇨🇳 27.115.107.234

🇬🇧 217.146.80.99

🇧🇷 187.183.61.37

🇮🇷 185.142.94.1

🇮🇳 125.19.229.62

🇰🇷 119.198.191.180

🇮🇪 2a05:d018:10df:d402:e104:bdae:d29b:cec0

🇺🇸 173.194.103.171

🇨🇳 171.13.242.66

🇺🇸 137.184.134.41

🇨🇳 112.46.212.147