JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a0f:df00:0:255::206

2a0f:df00:0:255::206 was found in our database!

This IP was reported 115 times. Confidence of Abuse is 20%: ?

20%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	KeFF Networks Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41281
Domain Name	keff.org
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a0f:df00:0:255::206

Whois 2a0f:df00:0:255::206

IP Abuse Reports for 2a0f:df00:0:255::206:

This IP address has been reported a total of 115 times from 17 distinct sources. 2a0f:df00:0:255::206 was first reported on October 20th 2022, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-12-04 19:18:18 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 14:18:07.659977 2025] [security2:error] [pid 29567:tid 29567] [client 2a0f:df00:0:255::206:53919] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|joevallone.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "joevallone.com"] [uri "/backup.sql"] [unique_id "aTHeb_QQxKQnW4c6r0KuIAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-04 18:08:26 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 13:08:14.886684 2025] [security2:error] [pid 7111:tid 7111] [client 2a0f:df00:0:255::206:47995] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|michaelcarrollgreen.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "michaelcarrollgreen.com"] [uri "/backupdb.sql"] [unique_id "aTHODglNAvdxBfpgZlVTwwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-03 12:15:42 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 03 07:15:38.575319 2025] [security2:error] [pid 17507:tid 17507] [client 2a0f:df00:0:255::206:36437] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mrflatpeople.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mrflatpeople.com"] [uri "/backups.sql"] [unique_id "aTAp6jhARa4GRX1-nNvMpAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-28 14:45:02 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 28 09:44:52.395707 2025] [security2:error] [pid 26813:tid 26813] [client 2a0f:df00:0:255::206:23569] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mixmediallc.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mixmediallc.com"] [uri "/backups.sql"] [unique_id "aSm1ZMOU9X8tIq4A8VpDLAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 el-brujo	2025-11-20 23:39:21 (6 months ago)	Cloudflare WAF: Request Path: /api/settings/preset-profiles Request Query: Host: video.elhacker.net ... show more Cloudflare WAF: Request Path: /api/settings/preset-profiles Request Query: Host: video.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0 Action: block Source: zonelockdown ASN Description: KEFF Interplanetary Communications Network Country: T1 Method: GET Timestamp: 2025-11-20T23:39:21Z ruleId: 9b344b1f2f6c43dd860f1fb2a59d4d32. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-11-19 06:50:48 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 19 01:50:42.112597 2025] [security2:error] [pid 17059:tid 17059] [client 2a0f:df00:0:255::206:51546] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|oogeothermal.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "oogeothermal.com"] [uri "/thermal.sql"] [unique_id "aR1owh5j6jxuZU9YA9na4gAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-16 17:29:18 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 16 12:29:08.075344 2025] [security2:error] [pid 442033:tid 442033] [client 2a0f:df00:0:255::206:51036] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|christineaholtz.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "christineaholtz.com"] [uri "/bck.sql"] [unique_id "aRoJ5Eqo9z3YTsWtxm--ewAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-16 08:15:26 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Nov 16 03:15:20.423105 2025] [security2:error] [pid 14430:tid 14430] [client 2a0f:df00:0:255::206:59862] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|adoniahenterprises.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "adoniahenterprises.com"] [uri "/ad.sql"] [unique_id "aRmIGC94K2gYmpz8TmBDOwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 04:51:25 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 23:51:21.485145 2025] [security2:error] [pid 6154:tid 6154] [client 2a0f:df00:0:255::206:40776] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|misogynyis.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "misogynyis.com"] [uri "/wordpress.sql"] [unique_id "aRVjyfB5EkFVlT_T4t_0WQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-10 17:41:07 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 10 12:40:59.980732 2025] [security2:error] [pid 6379:tid 6379] [client 2a0f:df00:0:255::206:34186] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|jazziientertainment.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jazziientertainment.com"] [uri "/nment.sql"] [unique_id "aRIjq2q8q6ERaVczX86HdwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-04 03:33:40 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Nov 03 22:33:31.220798 2025] [security2:error] [pid 29765:tid 29765] [client 2a0f:df00:0:255::206:41344] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cpking.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cpking.com"] [uri "/backup.sql"] [unique_id "aQl0C7DmcX956Mfo81Hq-QAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 R.G.	2025-10-28 06:11:45 (7 months ago)	(directadmin) Failed DirectAdmin phpMyAdmin login from 2a0f:df00:0:255::206 (Unknown): 5 in the last ... show more (directadmin) Failed DirectAdmin phpMyAdmin login from 2a0f:df00:0:255::206 (Unknown): 5 in the last 900 secs; Ports: *; Direction: inout; Trigger: LF_DIRECTADMIN; Logs: Oct 28 07:11:39 user denied: wordpress (mysql-denied) from 2a0f:df00:0:255::206 show less	Web App Attack
🇺🇸 TPI-Abuse	2025-10-17 21:55:52 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:225170) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 17 17:55:45.276761 2025] [security2:error] [pid 15063:tid 15063] [client 2a0f:df00:0:255::206:47196] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|fatbastardcompetition.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fatbastardcompetition.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aPK7YeJZ7BPl-g1b3SbiBQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-17 01:10:56 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Oct 16 21:10:47.024397 2025] [security2:error] [pid 18393:tid 18393] [client 2a0f:df00:0:255::206:41300] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|onlinesuretybonds.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "onlinesuretybonds.com"] [uri "/tybonds.sql"] [unique_id "aPGXl1qGVImMtKiLw052DwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-15 04:44:16 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 2a0f:df00:0:255::206 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 15 00:44:08.991025 2025] [security2:error] [pid 4298:tid 4351] [client 2a0f:df00:0:255::206:48498] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ward-bergerhouse.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ward-bergerhouse.org"] [uri "/wordpress.sql"] [unique_id "aO8mmMx7nvNRleDpeKNLYAAAAcg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 46 to 60 of 115 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 178.128.51.84

🇳🇱 176.65.148.2

🇭🇰 58.152.42.174

🇬🇧 35.203.211.253

🇹🇷 188.132.199.206

🇰🇿 185.233.3.95

🇸🇪 146.70.21.151

🇺🇸 103.234.62.84

🇬🇭 102.223.92.101

🇺🇸 71.6.134.233

🇺🇸 66.132.224.22

🇫🇮 147.185.133.250

🇧🇷 108.179.193.140

🇩🇪 68.183.242.124

🇳🇱 45.148.10.152

🇬🇧 35.203.211.219

🇬🇧 35.203.211.197

🇬🇧 35.203.210.209

🇬🇧 35.203.210.119

🇺🇸 34.232.187.58