JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2001:67c:289c:2::37

2001:67c:289c:2::37 was found in our database!

This IP was reported 101 times. Confidence of Abuse is 18%: ?

18%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Foreningen for digitala fri- och rattigheter
Usage Type	Fixed Line ISP
ASN	AS198093
Domain Name	dfri.net
Country	🇸🇪 Sweden
City	Solna, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2001:67c:289c:2::37

Whois 2001:67c:289c:2::37

IP Abuse Reports for 2001:67c:289c:2::37:

This IP address has been reported a total of 101 times from 15 distinct sources. 2001:67c:289c:2::37 was first reported on July 22nd 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-14 07:50:45 (1 day ago)	[SunJun1409:50:41.7032152026][security2:error][pid2397644:tid2397759][client2001:67c:289c:2::37:0]Mo ... show more [SunJun1409:50:41.7032152026][security2:error][pid2397644:tid2397759][client2001:67c:289c:2::37:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"ipv6.feldenkraisticino.ch\"][uri\"/.DS_Store\"][unique_id\"ai5dURN78kz1JC6M7ycDsgAAAQQ\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-04-26 21:01:27 (1 month ago)	2026-04-26 08:00:23,262 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::37 2026-0 ... show more 2026-04-26 08:00:23,262 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::37 2026-04-26 12:01:23,129 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::37 2026-04-26 18:01:20,877 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::37 2026-04-26 21:01:17,899 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::37 2026-04-27 00:01:26,876 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::37 show less	Brute-Force
🇺🇸 xmission.com	2026-04-21 12:01:49 (1 month ago)	Blocked by UFW (TCP on 8333) Source port: 46176 Packet length: 80 This report (for 2001:067c:289c:0 ... show more Blocked by UFW (TCP on 8333) Source port: 46176 Packet length: 80 This report (for 2001:067c:289c:0002:0000:0000:0000:0037) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-04-19 06:20:31 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 19 02:20:05.121039 2026] [security2:error] [pid 1639536:tid 1639536] [client 2001:67c:289c:2::37:45190] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|starsmogsandiego.com\|F\|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "starsmogsandiego.com"] [uri "/config.old"] [unique_id "aeR0FWQ8NtnWzAGE3KtmSQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-18 18:48:03 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 14:47:57.668296 2026] [security2:error] [pid 3362257:tid 3362257] [client 2001:67c:289c:2::37:41172] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "medusakenya.com"] [uri "/wp-config.php-n"] [unique_id "aePR3Vk-6EVQ8b5_tHlrlQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-11 21:38:59 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 11 17:38:52.476801 2026] [security2:error] [pid 4097705:tid 4097705] [client 2001:67c:289c:2::37:42668] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "telecompros.net"] [uri "/wp-config.phptmp"] [unique_id "adq_bEeja96ERVUbbLUFEAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-03-26 20:34:00 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-22 16:42:40 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 22 12:42:30.476232 2026] [security2:error] [pid 762:tid 762] [client 2001:67c:289c:2::37:38028] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.davidfiss.com"] [uri "/.git/config"] [unique_id "acAb9oSH2Na-WvvwBsUd7QAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2026-03-05 04:51:00 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /wordpress_mberpsychologenpraktijk.sql (Rule ID: 920440) - URL file extension is restricted by policy show less	Web App Attack SQL Injection Hacking
🇺🇸 TPI-Abuse	2026-03-04 14:55:09 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 04 09:54:59.990230 2026] [security2:error] [pid 2402:tid 2422] [client 2001:67c:289c:2::37:41306] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.plumberw9.com"] [uri "/.git/config"] [unique_id "aahHwwZ4qRVxWyXNa8_pSAAAAJA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-26 16:45:53 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 26 11:45:48.042673 2026] [security2:error] [pid 9215:tid 9215] [client 2001:67c:289c:2::37:56192] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ouzcorp.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ouzcorp.com"] [uri "/p_db.sql"] [unique_id "aaB4vIQyfuM-62vgf8Ml0QAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-22 14:18:42 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 22 09:18:33.849387 2026] [security2:error] [pid 30064:tid 30064] [client 2001:67c:289c:2::37:53068] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.usfspirit.com"] [uri "/.git/config"] [unique_id "aZsQOet3GDc0Z84O-OyuIQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 13:08:33 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 20 08:08:24.278066 2026] [security2:error] [pid 1588:tid 1596] [client 2001:67c:289c:2::37:32968] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|tristatepropertymgmt.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tristatepropertymgmt.com"] [uri "/rtymgmt_com.sql"] [unique_id "aZhcyABohqf8rgtINnqs-QAAAMM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 000rosiu	2026-02-06 13:04:11 (4 months ago)	Triggered Cloudflare WAF (firewallCustom) from SE. Action taken: BLOCK ASN: 198093 (DFRI-AS Forening ... show more Triggered Cloudflare WAF (firewallCustom) from SE. Action taken: BLOCK ASN: 198093 (DFRI-AS Foreningen for digitala fri- och rattigheter) Protocol: HTTP/1.1 (GET method) Endpoint: /lambda/.env Timestamp: 2026-02-06T12:51:31Z Ray ID: 9c9ac787baf32d8d UA: python-requests/2.32.5 Report generated by Cloudflare-WAF-To-AbuseIPDB: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-04 05:58:41 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::37 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 04 00:58:36.471049 2026] [security2:error] [pid 1261:tid 1261] [client 2001:67c:289c:2::37:46664] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thespotfurniture.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thespotfurniture.com"] [uri "/niture_com.sql"] [unique_id "aYLgDKOI4vSIrJxxiGFPXQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 101 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇭 182.53.207.106

🇺🇸 206.189.200.41

🇩🇿 197.113.60.7

🇱🇺 178.254.85.96

🇨🇦 106.49.56.231

🇫🇷 91.231.89.168

🇫🇷 85.69.240.210

🇳🇱 45.156.87.234

🇩🇪 31.76.16.115

🇰🇷 203.249.190.85

🇧🇷 191.6.124.151

🇺🇸 172.253.192.149

🇺🇸 157.245.80.247

🇺🇸 148.153.121.223

🇫🇷 91.196.152.95

🇸🇬 8.222.197.220

🇨🇳 220.180.77.55

🇨🇳 219.129.96.2

🇩🇪 193.36.85.91

🇺🇸 142.4.31.180