AbuseIPDB » 2a11:27c0:195::1711

2a11:27c0:195::1711 was found in our database!

This IP was reported 40 times. Confidence of Abuse is 39%: ?

39%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	EdgeCenter LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS210756
Domain Name	edgecenter.ru
Country	Russian Federation
City	Khabarovsk, Khabarovsk

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 2a11:27c0:195::1711

Whois 2a11:27c0:195::1711

IP Abuse Reports for 2a11:27c0:195::1711:

This IP address has been reported a total of 40 times from 11 distinct sources. 2a11:27c0:195::1711 was first reported on May 16th 2025, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago. It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
TPI-Abuse	2025-05-19 00:34:54 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 20:34:47.702833 2025] [security2:error] [pid 4005850:tid 4005850] [client 2a11:27c0:195::1711:43676] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|club1069radio.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "club1069radio.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCp8pzPV5hRTY4j89C9oxAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Swiptly	2025-05-18 21:48:53 (3 weeks ago)	Multiple critical ModSecurity events ...	Web Spam Bad Web Bot
TPI-Abuse	2025-05-18 21:43:13 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 17:43:02.699777 2025] [security2:error] [pid 986559:tid 986559] [client 2a11:27c0:195::1711:33462] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|robertanders.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "robertanders.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCpUZnObIGjuEn1wsOlL-QAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
XICTRON	2025-05-18 21:30:02 (3 weeks ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
TPI-Abuse	2025-05-18 20:21:33 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210492) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 16:21:27.077695 2025] [security2:error] [pid 3401630:tid 3401630] [client 2a11:27c0:195::1711:32774] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "uppendahl.net"] [uri "/sftp-config.json"] [unique_id "aCpBR72X319pEJR36bl2qgAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-05-18 17:21:46 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 13:21:39.562240 2025] [security2:error] [pid 708229:tid 708229] [client 2a11:27c0:195::1711:60890] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.rimworld.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.rimworld.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCoXI8dojRzxYdlF380pVAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
SimonB	2025-05-18 15:35:39 (3 weeks ago)	HTTP vulnerability scan	Web App Attack
TPI-Abuse	2025-05-18 13:40:55 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 09:40:46.587779 2025] [security2:error] [pid 2042129:tid 2042129] [client 2a11:27c0:195::1711:48624] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|debzy.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "debzy.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCnjXoAw4DrLMW82_NiLMgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-05-18 12:59:52 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 08:59:46.736365 2025] [security2:error] [pid 2597351:tid 2597351] [client 2a11:27c0:195::1711:51710] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|threewild.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "threewild.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCnZwkq5Luzqd4FrFhFJ0gAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-05-18 12:18:02 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 08:17:56.293364 2025] [security2:error] [pid 411464:tid 411491] [client 2a11:27c0:195::1711:37688] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aafm.us\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aafm.us"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCnP9CQQg8wxJoPtNz7vhQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
4server	2025-05-18 10:54:49 (3 weeks ago)	[SunMay1812:54:43.4651962025][security2:error][pid3883580:tid3883620][client2a11:27c0:195::1711:0][c ... show more[SunMay1812:54:43.4651962025][security2:error][pid3883580:tid3883620][client2a11:27c0:195::1711:0][client2a11:27c0:195::1711]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\\\\\\\\.vscode/\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1189\"][id\"350593\"][rev\"1\"][msg\"Atomicorp.comWAFRules:AttackBlocked-Dataleakage-attempttoaccessstoredvscodepasswords\"][severity\"CRITICAL\"][hostname\"rvengineering.ch\"][uri\"/.vscode/sftp.json\"][unique_id\"aCm8c1kzZwb33QDm0bR7GgAAAM0\"] show less	Port Scan Brute-Force Web App Attack
TPI-Abuse	2025-05-18 09:59:00 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 05:58:53.331414 2025] [security2:error] [pid 2909222:tid 2909222] [client 2a11:27c0:195::1711:52098] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.limobuswichita.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.limobuswichita.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCmvXS84CB4qY0_VQoMOmAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-05-18 09:13:54 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 05:13:46.738678 2025] [security2:error] [pid 1208126:tid 1208126] [client 2a11:27c0:195::1711:58236] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bostonscience.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bostonscience.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCmkysioKR1MYavh5v6gOgAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-05-18 08:31:06 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 04:31:00.386427 2025] [security2:error] [pid 820282:tid 820282] [client 2a11:27c0:195::1711:46786] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|fancycleaners.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "fancycleaners.com"] [uri "/Telerik.Web.UI.WebResource.axd"] [unique_id "aCmaxPz1SFRfYcy8KZsrBQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-05-18 07:50:12 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 30 ... show more(mod_security) mod_security (id:210730) triggered by 2a11:27c0:195::1711 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 18 03:50:05.755265 2025] [security2:error] [pid 3122941:tid 3122941] [client 2a11:27c0:195::1711:41740] [client 2a11:27c0:195::1711] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|circle-h-growers.com\|F\|2"] [data ".web.ui.webresource.axd"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "circle-h-growers.com"] [uri "/ALFA_DATA/.vscode/Telerik.Web.UI.WebResource.axd"] [unique_id "aCmRLVD-QFo_Wmimn69cEQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 40 reports

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩

Recently Reported IPs:

159.223.57.206

52.178.193.37

139.84.131.91

111.46.77.2

80.94.95.15

80.124.54.14

52.169.12.78

123.49.41.210

144.137.130.45

113.22.65.193

94.132.69.119

46.217.93.217

162.216.149.155

86.106.90.59

177.85.247.230

65.49.1.164

103.203.57.23

185.156.73.234

80.94.95.116

27.254.235.4