JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0f:df00:0:255::205

2a0f:df00:0:255::205 was found in our database!

This IP was reported 136 times. Confidence of Abuse is 25%: ?

25%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	KeFF Networks Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41281
Domain Name	keff.org
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0f:df00:0:255::205

Whois 2a0f:df00:0:255::205

IP Abuse Reports for 2a0f:df00:0:255::205:

This IP address has been reported a total of 136 times from 14 distinct sources. 2a0f:df00:0:255::205 was first reported on December 7th 2021, and the most recent report was 3 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-06 03:53:57 (3 hours ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 23:53:47.805116 2026] [security2:error] [pid 2216:tid 2216] [client 2a0f:df00:0:255::205:7993] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.johnrobinsonconsulting.com"] [uri "/.git/config"] [unique_id "aiOZy5h4z20q246Nms1i9QAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-06-05 04:58:00 (1 day ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-06-03 02:33:00 (3 days ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-05-26 14:18:00 (1 week ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-05-14 19:51:30 (3 weeks ago)	Blocked by UFW (TCP on 8333) Source port: 45311 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 45311 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0205) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-04-26 21:05:28 (1 month ago)	2026-04-26 08:01:05,816 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::205 2026- ... show more 2026-04-26 08:01:05,816 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::205 2026-04-26 12:01:49,455 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::205 2026-04-26 18:01:47,009 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::205 2026-04-26 21:01:46,348 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::205 2026-04-27 00:05:27,245 fail2ban.actions [7718]: NOTICE [tor] Ban 2a0f:df00:0:255::205 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-26 19:08:29 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 15:08:19.675041 2026] [security2:error] [pid 5589:tid 5589] [client 2a0f:df00:0:255::205:5123] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bonesband.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bonesband.com"] [uri "/bonesband_com.sql"] [unique_id "ae5io1YF9CSeiFRLPGdhaAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 12:56:25 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 08:56:18.100874 2026] [security2:error] [pid 6982:tid 6982] [client 2a0f:df00:0:255::205:56139] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kavahawaii.com"] [uri "/wp-config.php.info"] [unique_id "ae4LcsNyEUAfBd2ZB4RmJQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-14 06:53:01 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 14 02:52:51.814476 2026] [security2:error] [pid 1740647:tid 1740647] [client 2a0f:df00:0:255::205:62679] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.bak" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "twogocamping.com"] [uri "/wp-config.bak"] [unique_id "ad3kQ6rDsBnEk3L3am2yOAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 13:54:59 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 09:54:50.317000 2026] [security2:error] [pid 19214:tid 19214] [client 2a0f:df00:0:255::205:26847] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|disio.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "disio.com"] [uri "/di.sql"] [unique_id "ac51Ki9i4loFPgUXm7V1agAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-03-27 01:06:53 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 xmission.com	2026-03-20 10:09:02 (2 months ago)	Blocked by UFW (TCP on 9999) Source port: 9261 Packet length: 72 This report (for 2a0f:df00:0000:02 ... show more Blocked by UFW (TCP on 9999) Source port: 9261 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0205) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Ping of Death
🇺🇸 TPI-Abuse	2026-03-17 04:18:06 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 17 00:17:54.760691 2026] [security2:error] [pid 29393:tid 29393] [client 2a0f:df00:0:255::205:58253] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nextcloud.butterflygolem.com"] [uri "/.git/HEAD"] [unique_id "abjV8oKfMh8Mq5wzu30DdAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-12 00:37:21 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 11 20:37:10.697020 2026] [security2:error] [pid 25463:tid 25463] [client 2a0f:df00:0:255::205:31843] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.snowfection.com"] [uri "/.git/config"] [unique_id "abIKtoB7PXAFsQML5WKSgAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-09 04:14:45 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::205 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 09 00:14:38.110645 2026] [security2:error] [pid 28856:tid 28856] [client 2a0f:df00:0:255::205:42169] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|geckoturner.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "geckoturner.com"] [uri "/dbckoturner.sql"] [unique_id "aa5JLkPlFTfCo5-sJ91bTwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 136 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2001:470:1:c84::28

🇺🇸 206.189.76.73

🇳🇱 192.42.116.101

🇩🇪 185.242.3.129

🇨🇳 182.54.23.31

🇻🇳 171.231.194.17

🇺🇸 162.216.149.166

🇫🇮 147.185.133.88

🇻🇳 125.212.158.51

🇨🇳 120.195.54.54

🇧🇷 108.165.230.43

🇺🇸 107.174.125.203

🇧🇩 103.153.110.190

🇺🇸 75.127.13.68

🇺🇸 66.132.224.19

🇺🇸 66.132.186.249

🇳🇱 45.148.10.141

🇬🇧 35.203.210.249

🇨🇳 220.197.78.40

🇧🇷 201.139.185.135