JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2001:67c:289c:2::36

2001:67c:289c:2::36 was found in our database!

This IP was reported 91 times. Confidence of Abuse is 20%: ?

20%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Foreningen for digitala fri- och rattigheter
Usage Type	Fixed Line ISP
ASN	AS198093
Hostname(s)	tor-exit-read-me.dfri.se
Domain Name	dfri.net
Country	🇸🇪 Sweden
City	Solna, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2001:67c:289c:2::36

Whois 2001:67c:289c:2::36

IP Abuse Reports for 2001:67c:289c:2::36:

This IP address has been reported a total of 91 times from 15 distinct sources. 2001:67c:289c:2::36 was first reported on July 23rd 2025, and the most recent report was 5 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-11 20:57:09 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 16:56:59.193141 2026] [security2:error] [pid 29834:tid 29834] [client 2001:67c:289c:2::36:42284] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.manaplas.com"] [uri "/.git/config"] [unique_id "aishG0p5Ux3s6DzdJfVmyQAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Savvii	2026-06-10 08:10:01 (1 day ago)	20 attempts against mh-misbehave-ban on web-new	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 23:18:08 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 19:18:01.413139 2026] [security2:error] [pid 13542:tid 13542] [client 2001:67c:289c:2::36:55082] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.joycebrown.com"] [uri "/.git/config"] [unique_id "aidNqfq6j4svf8OOz84pFwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 19:11:58 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 15:11:45.995661 2026] [security2:error] [pid 11949:tid 11949] [client 2001:67c:289c:2::36:49976] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.loveoflearning.com"] [uri "/.git/config"] [unique_id "aiXCcVFAdZc8yWpPBtIAYAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-08 09:01:39 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 05:01:32.938220 2026] [security2:error] [pid 19840:tid 19840] [client 2001:67c:289c:2::36:57988] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|customhumanrobots.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "customhumanrobots.com"] [uri "/customhumanro.sql"] [unique_id "af2mbDAETtu7wMuMAVuUYQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-06 19:32:14 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 06 15:32:06.188743 2026] [security2:error] [pid 17815:tid 17815] [client 2001:67c:289c:2::36:46646] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|faithlines.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "faithlines.com"] [uri "/s_com.sql"] [unique_id "afuXNpZ5xPJGOoRI-DzRyQAAACo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:01:27 (1 month ago)	2026-04-26 08:00:23,203 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::36 2026-0 ... show more 2026-04-26 08:00:23,203 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::36 2026-04-26 12:01:23,089 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::36 2026-04-26 18:01:20,840 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::36 2026-04-26 21:01:17,859 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::36 2026-04-27 00:01:26,627 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::36 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-25 00:17:02 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 20:16:57.024008 2026] [security2:error] [pid 26268:tid 26268] [client 2001:67c:289c:2::36:37732] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "joqlawn.com"] [uri "/wp-config.php~~~"] [unique_id "aewH-WRB8hnj6bZ1eq0ylQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ketovoila.pl	2026-04-01 19:38:12 (2 months ago)	ketovoila.pl HONEYPOT traffic: count=1, paths=1; sample_path=ketovoila.pl/la_com.sql; UA=Mozilla/5.0 ... show more ketovoila.pl HONEYPOT traffic: count=1, paths=1; sample_path=ketovoila.pl/la_com.sql; UA=Mozilla/5.0 (iPhone; CPU iPhone OS 17_6_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Mobile/15E148 Safari/604.1; window=2026-04-01T18:56:11Z..2026-04-01T18:56:11Z show less	Port Scan Hacking Brute-Force
🇮🇹 VHosting	2026-03-27 01:06:53 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 ipblock.com	2026-03-22 10:34:00 (2 months ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-03-15 03:51:00 (2 months ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-05 13:28:02 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::36 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 05 08:27:55.502618 2026] [security2:error] [pid 17291:tid 17291] [client 2001:67c:289c:2::36:57774] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aboutagingparents.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aboutagingparents.com"] [uri "/wordpress_arents.sql"] [unique_id "aamE24tjFx154llnmIMZbAAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 1gz	2026-03-05 01:37:59 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: CHALLENGE Protocol: HTTP/2 (GET met ... show more Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: CHALLENGE Protocol: HTTP/2 (GET method) Endpoint: / UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇵🇱 sefinek.net	2026-03-01 01:06:14 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from T1. Action: BLOCK \| Protocol: HTTP/2 (GET) \| Endpoint ... show more Triggered Cloudflare WAF (firewallCustom) from T1. Action: BLOCK \| Protocol: HTTP/2 (GET) \| Endpoint: / \| UA: Mozilla/5.0 (X11; Linux x86_64; rv:140.0) Gecko/20100101 Firefox/140.0 • Generated by: github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 15 of 91 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇹 185.242.177.66

🇮🇩 182.10.129.34

🇺🇸 162.216.149.124

🇬🇧 62.56.246.76

🇲🇾 47.254.247.177

🇩🇪 46.101.184.11

🇺🇸 20.80.88.32

🇬🇧 217.146.80.120

🇧🇷 205.210.31.213

🇳🇱 178.16.54.88

🇺🇸 162.216.150.22

🇫🇮 147.185.133.72

🇨🇳 112.102.223.65

🇫🇷 75.119.137.254

🇨🇳 60.255.175.159

🇺🇸 47.251.251.235

🇰🇷 218.148.106.182

🇺🇸 147.185.132.69

🇵🇭 103.249.199.3

🇩🇪 46.101.107.202