JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2001:67c:289c:2::235

2001:67c:289c:2::235 was found in our database!

This IP was reported 141 times. Confidence of Abuse is 17%: ?

17%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Foreningen for digitala fri- och rattigheter
Usage Type	Fixed Line ISP
ASN	AS198093
Domain Name	dfri.net
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2001:67c:289c:2::235

Whois 2001:67c:289c:2::235

IP Abuse Reports for 2001:67c:289c:2::235:

This IP address has been reported a total of 141 times from 19 distinct sources. 2001:67c:289c:2::235 was first reported on November 5th 2022, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-11 22:59:06 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se) ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 18:58:58.215780 2026] [security2:error] [pid 2026:tid 2026] [client 2001:67c:289c:2::235:37570] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.pikcasa.com"] [uri "/.git/config"] [unique_id "ais9sq0ILYwS5ytq-rhVAQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 05:41:38 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se) ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 01:41:31.089438 2026] [security2:error] [pid 28860:tid 28860] [client 2001:67c:289c:2::235:24642] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.dynarol.com"] [uri "/.git/config"] [unique_id "aiUEi-Bl6pm6vufqqB8XdQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 chronos	2026-06-01 06:31:37 (2 weeks ago)	[AUTORAVALT][[01/06/2026 - 03:31:36 -03:00 UTC] Attack from [2001:67c:289c:2::235][tor-exit-read-me. ... show more [AUTORAVALT][[01/06/2026 - 03:31:36 -03:00 UTC] Attack from [2001:67c:289c:2::235][tor-exit-read-me.dfri.se] Action: BLocKed Phishing -> Phishing websites and/or email. Email Spam -> Spam email content, infected attachments, and phishing emails. Hacking... Unauthorized attempts to access the server. Spoofing -> Email sender spoofing. Brute-Force -> Credential] ... show less	Brute-Force Email Spam Spoofing Phishing Hacking
🇺🇸 chronos	2026-05-31 10:15:59 (2 weeks ago)	[AUTORAVALT][[31/05/2026 - 07:15:58 -03:00 UTC] Attack from [2001:67c:289c:2::235][tor-exit-read-me. ... show more [AUTORAVALT][[31/05/2026 - 07:15:58 -03:00 UTC] Attack from [2001:67c:289c:2::235][tor-exit-read-me.dfri.se] Action: BLocKed Phishing -> Phishing websites and/or email. Email Spam -> Spam email content, infected attachments, and phishing emails. Hacking... Unauthorized attempts to access the server. Spoofing -> Email sender spoofing. Brute-Force -> Credential] ... show less	Brute-Force Email Spam Spoofing Phishing Hacking
Anonymous	2026-04-26 21:01:29 (1 month ago)	2026-04-26 08:00:23,738 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::235 2026- ... show more 2026-04-26 08:00:23,738 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::235 2026-04-26 12:01:23,409 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::235 2026-04-26 18:01:21,152 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::235 2026-04-26 21:01:18,181 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::235 2026-04-27 00:01:28,609 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::235 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-25 20:34:58 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se) ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 16:34:51.512137 2026] [security2:error] [pid 10595:tid 10595] [client 2001:67c:289c:2::235:16726] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bayareamustangs.com"] [uri "/wp-config.phpn"] [unique_id "ae0la4HKTOLY0w83b_VsxgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-23 20:29:47 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se) ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 16:29:41.734057 2026] [security2:error] [pid 24199:tid 24199] [client 2001:67c:289c:2::235:2844] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "freemanfoundationcle.org"] [uri "/wp-config.phpnew"] [unique_id "aeqBNZIXNqZOwbv07zA70AAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-18 18:48:22 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se) ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 14:48:17.400264 2026] [security2:error] [pid 3378399:tid 3378399] [client 2001:67c:289c:2::235:17468] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "medusakenya.com"] [uri "/wp-config.phpn"] [unique_id "aePR8VQjFGkW79lppiFyhAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 4server	2026-04-16 16:11:38 (2 months ago)	[ThuApr1618:11:33.6026482026][security2:error][pid1913603:tid1913609][client2001:67c:289c:2::235:0]M ... show more [ThuApr1618:11:33.6026482026][security2:error][pid1913603:tid1913609][client2001:67c:289c:2::235:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\^/wp-content/plugins/[\^/] /\(readme\\\\\\\\.txt\\|changelog\\\\\\\\.txt\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"381\"][id\"960828\"][msg\"WordPresspluginenumerationblocked\"][hostname\"benvenutialfood.ch\"][uri\"/wp-content/plugins/wp-fastest-cache-premium/readme.txt\"][unique_id\"aeEKNVaFnjuekNTUyHV6CAAAAAQ\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-03-26 21:54:22 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se) ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 26 17:54:14.867111 2026] [security2:error] [pid 27171:tid 27171] [client 2001:67c:289c:2::235:24444] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|desertautoworks.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "desertautoworks.com"] [uri "/desertautowor.sql"] [unique_id "acWrBgeWlbIHBK2keYnwjAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-03-26 20:34:00 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-24 01:12:43 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se) ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Mar 23 21:12:38.946997 2026] [security2:error] [pid 21229:tid 21229] [client 2001:67c:289c:2::235:58414] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.mikebenson.com"] [uri "/.git/config"] [unique_id "acHlBgr9V3n0n6JZmvqMXQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-22 18:13:25 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se) ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 22 14:13:15.004676 2026] [security2:error] [pid 19957:tid 19957] [client 2001:67c:289c:2::235:50418] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|rebelhollowfarm.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rebelhollowfarm.com"] [uri "/rm_com.sql"] [unique_id "acAxOpGGWnQoCQRzTwQZtQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-08 17:56:09 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se) ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 08 13:56:00.056728 2026] [security2:error] [pid 4883:tid 4888] [client 2001:67c:289c:2::235:61864] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ioqm.com"] [uri "/.git/config"] [unique_id "aa24MI0_ehiNagf9_LF9ZQAAAQM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-24 06:24:14 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se) ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::235 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 24 01:24:06.936474 2026] [security2:error] [pid 12084:tid 12084] [client 2001:67c:289c:2::235:27366] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.stpvilla.com"] [uri "/.git/config"] [unique_id "aZ1EBi0HE8wEF7vGL2FZ_AAAABI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 141 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇾 201.217.12.57

🇳🇴 193.90.12.30

🇦🇷 186.57.11.88

🇺🇸 159.65.222.96

🇮🇳 152.32.159.97

🇮🇳 139.59.59.165

🇮🇳 122.187.230.104

🇨🇳 115.191.40.50

🇺🇸 66.132.172.225

🇹🇼 59.127.88.58

🇺🇸 44.92.158.4

🇺🇸 35.87.222.187

🇺🇸 2602:80d:1008::8d

🇦🇺 2404:6800:4006:1002::12c

🇨🇳 220.202.112.130

🇺🇸 207.190.90.42

🇺🇿 195.158.14.232

🇨🇳 154.8.225.182

🇳🇱 138.226.239.10

🇨🇳 124.223.160.207