JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2001:67c:2608::1

2001:67c:2608::1 was found in our database!

This IP was reported 182 times. Confidence of Abuse is 21%: ?

21%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Association Nos Oignons
Usage Type	Data Center/Web Hosting/Transit
ASN	AS197422
Domain Name	nos-oignons.net
Country	🇫🇷 France
City	Toulouse, Occitanie

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2001:67c:2608::1

Whois 2001:67c:2608::1

IP Abuse Reports for 2001:67c:2608::1:

This IP address has been reported a total of 182 times from 37 distinct sources. 2001:67c:2608::1 was first reported on December 11th 2020, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-06-01 15:30:59 (2 days ago)	801 limiting connections by zone (13m59s)	DDoS Attack
🇺🇸 TPI-Abuse	2026-05-09 17:46:04 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 13:45:59.249804 2026] [security2:error] [pid 29618:tid 29618] [client 2001:67c:2608::1:38340] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cliniquecavalancia.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cliniquecavalancia.com"] [uri "/.sql"] [unique_id "af9y1z_6MLMV5I2gWALOYQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-05 11:00:08 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 05 07:00:04.104948 2026] [security2:error] [pid 10106:tid 10106] [client 2001:67c:2608::1:56300] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|billymitchell.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "billymitchell.com"] [uri "/l_com.sql"] [unique_id "afnNtEzMo7B0GMEAbq8luAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:01:26 (1 month ago)	2026-04-26 08:00:22,943 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:2608::1 2026-04-2 ... show more 2026-04-26 08:00:22,943 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:2608::1 2026-04-26 12:01:22,924 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:2608::1 2026-04-26 18:01:20,691 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:2608::1 2026-04-26 21:01:17,693 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:2608::1 2026-04-27 00:01:25,383 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:2608::1 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-26 12:24:33 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 08:24:25.915674 2026] [security2:error] [pid 19454:tid 19467] [client 2001:67c:2608::1:55950] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "iacsb.com"] [uri "/wp-config.old"] [unique_id "ae4D-QEfmBWUHKr-MwBA2QAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-26 01:51:45 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 21:51:38.025555 2026] [security2:error] [pid 15493:tid 15493] [client 2001:67c:2608::1:38466] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|arsndetx.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "arsndetx.com"] [uri "/.sql"] [unique_id "ae1vqsR0X1J5hnr5g8x6_AAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-24 01:26:54 (1 month ago)	(mod_security) mod_security (id:210831) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210831) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 21:26:46.763663 2026] [security2:error] [pid 5774:tid 5774] [client 2001:67c:2608::1:59408] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.traditionalvaluesbooks.com\|F\|4"] [data "panscient.com"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.traditionalvaluesbooks.com"] [uri "/robots.txt"] [unique_id "aerG1nV1dD5QdW_Qu68z1gAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-04-22 15:29:31 (1 month ago)	Blocked by UFW (TCP on 8333) Source port: 40962 Packet length: 80 This report (for 2001:067c:2608:0 ... show more Blocked by UFW (TCP on 8333) Source port: 40962 Packet length: 80 This report (for 2001:067c:2608:0000:0000:0000:0000:0001) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-04-17 02:35:29 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 16 22:35:22.979148 2026] [security2:error] [pid 3849386:tid 3849386] [client 2001:67c:2608::1:50554] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rambleandprose.com"] [uri "/wp-config.php.info"] [unique_id "aeGcas6ZwqDhA3flV_ZRsgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-13 19:20:52 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 13 15:20:48.670420 2026] [security2:error] [pid 499561:tid 499561] [client 2001:67c:2608::1:37680] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.hyps.net"] [uri "/.git/config"] [unique_id "ad1CEGS4NQ-jrEHianelfQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-03-26 19:44:33 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 xmission.com	2026-03-25 02:28:17 (2 months ago)	Blocked by UFW (TCP on 9999) Source port: 59698 Packet length: 80 This report (for 2001:067c:2608:0 ... show more Blocked by UFW (TCP on 9999) Source port: 59698 Packet length: 80 This report (for 2001:067c:2608:0000:0000:0000:0000:0001) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Ping of Death
🇺🇸 TPI-Abuse	2026-03-19 10:26:07 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 19 06:26:00.604158 2026] [security2:error] [pid 5632:tid 5632] [client 2001:67c:2608::1:43310] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.aimer.es.aticom.es"] [uri "/.git/config"] [unique_id "abvPOEMM1BKvirqTMqSa1AAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-17 08:41:04 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 17 04:40:57.552864 2026] [security2:error] [pid 29319:tid 29319] [client 2001:67c:2608::1:60588] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.invisatrax.catzpaw.com"] [uri "/.git/HEAD"] [unique_id "abkTmWB14_b1hgPloavgqgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-15 11:25:39 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 s ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:2608::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 07:25:33.542593 2026] [security2:error] [pid 29790:tid 29790] [client 2001:67c:2608::1:45984] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lapapevip.spyasociados.com"] [uri "/.git/config"] [unique_id "abaXLXq0KzFtjnge8yrERwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 182 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇴 192.145.168.50

🇷🇴 92.118.39.62

🇧🇬 79.124.56.238

🇺🇸 70.40.220.123

🇺🇸 68.69.177.101

🇺🇸 20.29.22.204

🇵🇹 213.205.79.49

🇨🇦 173.230.191.177

🇩🇪 164.90.178.220

🇮🇹 158.173.77.72

🇨🇳 125.106.148.102

🇺🇸 50.118.248.199

🇳🇱 45.148.10.152

🇬🇧 217.146.80.102

🇧🇷 205.210.31.214

🇺🇸 192.249.121.181

🇸🇬 165.22.52.238

🇺🇸 64.31.25.250

🇨🇳 60.24.208.248

🇺🇸 47.251.189.38