JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0f:df00:0:255::206

2a0f:df00:0:255::206 was found in our database!

This IP was reported 115 times. Confidence of Abuse is 20%: ?

20%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	KeFF Networks Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41281
Domain Name	keff.org
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0f:df00:0:255::206

Whois 2a0f:df00:0:255::206

IP Abuse Reports for 2a0f:df00:0:255::206:

This IP address has been reported a total of 115 times from 17 distinct sources. 2a0f:df00:0:255::206 was first reported on October 20th 2022, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-02-25 11:56:18 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 06:56:10.320609 2026] [security2:error] [pid 7947:tid 7947] [client 2a0f:df00:0:255::206:54601] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thesalonx.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thesalonx.com"] [uri "/webmaster.sql"] [unique_id "aZ7jWhMRLlzC3DkkqzMKSQAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-23 14:05:20 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 09:05:16.678013 2026] [security2:error] [pid 4142:tid 4142] [client 2a0f:df00:0:255::206:33527] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.veracurnow.com"] [uri "/.git/config"] [unique_id "aZxenIEIsfqD4-al7XllvQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Hobby Bob	2026-02-16 13:07:23 (3 months ago)	2026-02-16T13:07:22.989173+00:00 server dovecot: pop3-login: Disconnected: Connection closed (no aut ... show more 2026-02-16T13:07:22.989173+00:00 server dovecot: pop3-login: Disconnected: Connection closed (no auth attempts in 1 secs): user=, rip=2a0f:df00:0:255::206, lip=X.X.X.X session= show less	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-02-06 20:24:06 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 06 15:23:58.447898 2026] [security2:error] [pid 6684:tid 6684] [client 2a0f:df00:0:255::206:42147] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.ggaccounting.services"] [uri "/.git/config"] [unique_id "aYZN3m1USeibKuEwEQLJ3wAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-02 21:20:37 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 02 16:20:03.017964 2026] [security2:error] [pid 1997189:tid 1997189] [client 2a0f:df00:0:255::206:29265] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kathydumesnilart.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kathydumesnilart.com"] [uri "/kathydumesni.sql"] [unique_id "aYEVAmOOtrGnHHu5CfKQYAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-01-30 23:02:17 (4 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-01-29. show less	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2026-01-25 22:47:55 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 25 17:47:52.919916 2026] [security2:error] [pid 22656:tid 22656] [client 2a0f:df00:0:255::206:38071] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.biketurtlehill.com"] [uri "/.git/config"] [unique_id "aXadmJQtnonGNyqxVf1auAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-25 21:52:43 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 25 16:52:33.253177 2026] [security2:error] [pid 17447:tid 17447] [client 2a0f:df00:0:255::206:29677] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.lindamsweeney.com"] [uri "/.git/config"] [unique_id "aXaQoYVyznNAMjUiGti5sAAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 15:48:29 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 10:48:23.200844 2026] [security2:error] [pid 13442:tid 13442] [client 2a0f:df00:0:255::206:3659] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|madisonjazzorchestra.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "madisonjazzorchestra.com"] [uri "/stra_com.sql"] [unique_id "aWuvR_bnF6hytbaOtEjL8AAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-01-12 16:58:04 (4 months ago)	Blocked by UFW (TCP on 8333) Source port: 56571 Packet length: 72 This report (for 2a0f:df00:0000:0 ... show more Blocked by UFW (TCP on 8333) Source port: 56571 Packet length: 72 This report (for 2a0f:df00:0000:0255:0000:0000:0000:0206) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-01-12 10:27:05 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 12 05:26:56.528448 2026] [security2:error] [pid 986:tid 986] [client 2a0f:df00:0:255::206:24873] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.jkg1.com"] [uri "/.git/config"] [unique_id "aWTMcD-YumVtIYggHLDH6QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-07 19:52:58 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 07 14:52:52.309103 2026] [security2:error] [pid 8749:tid 8749] [client 2a0f:df00:0:255::206:57899] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|abundantwork.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "abundantwork.com"] [uri "/backup_wp.sql"] [unique_id "aV65lP2Ztlh_OWOqSOJCEgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-30 07:46:24 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 30 02:46:19.934667 2025] [security2:error] [pid 24226:tid 24226] [client 2a0f:df00:0:255::206:17189] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|konahawaiirealty.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "konahawaiirealty.com"] [uri "/hawaiirealty_com.sql"] [unique_id "aVODS4jJ26MecwfhjZd7fgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 14:31:34 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 09:31:30.362140 2025] [security2:error] [pid 1281:tid 1281] [client 2a0f:df00:0:255::206:25643] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|crittergetterpestcontrol.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "crittergetterpestcontrol.com"] [uri "/terpestcontrol_com.sql"] [unique_id "aVKQwp6rbmZU66mPbT8SxwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2025-12-18 04:50:56 (5 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /etpeter.sql (Rule ID: 920440) - URL file extension is restricted by policy show less	Hacking SQL Injection Web App Attack

Showing 16 to 30 of 115 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇷🇴 80.94.92.184

🇺🇸 2602:fb54:1400::34

🇸🇦 178.80.255.138

🇬🇧 178.62.10.69

🇺🇸 172.203.251.111

🇳🇱 158.173.3.200

🇫🇷 129.151.234.14

🇺🇸 65.49.1.95

🇳🇱 45.148.10.141

🇬🇧 45.114.211.33

🇸🇬 34.21.179.49

🇨🇳 27.25.114.100

🇺🇸 23.95.191.204

🇺🇸 20.81.159.6

🇺🇸 20.65.195.123

🇨🇳 14.103.118.120

🇬🇧 5.226.140.77

🇷🇴 2.57.121.25

🇫🇷 2001:861:8b82:21d0:b4fc:2bd8:1ac:1076