JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2001:67c:289c:2::38

2001:67c:289c:2::38 was found in our database!

This IP was reported 98 times. Confidence of Abuse is 19%: ?

19%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Foreningen for digitala fri- och rattigheter
Usage Type	Fixed Line ISP
ASN	AS198093
Domain Name	dfri.net
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2001:67c:289c:2::38

Whois 2001:67c:289c:2::38

IP Abuse Reports for 2001:67c:289c:2::38:

This IP address has been reported a total of 98 times from 14 distinct sources. 2001:67c:289c:2::38 was first reported on July 27th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-14 07:51:00 (3 days ago)	[SunJun1409:50:55.5451862026][security2:error][pid2397636:tid2397668][client2001:67c:289c:2::38:0]Mo ... show more [SunJun1409:50:55.5451862026][security2:error][pid2397636:tid2397668][client2001:67c:289c:2::38:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"ipv6.feldenkraistherapy.ch\"][uri\"/.DS_Store\"][unique_id\"ai5dX1JCBUvnhLQgbZW1SQAAABU\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 22:27:08 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 18:27:02.934023 2026] [security2:error] [pid 23151:tid 23151] [client 2001:67c:289c:2::38:58604] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.tomhatcher.us"] [uri "/.git/config"] [unique_id "ais2NvwafkhupAXpJ4153QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 14:03:47 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 10:03:39.190664 2026] [security2:error] [pid 10775:tid 10775] [client 2001:67c:289c:2::38:32796] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.lamporix.com"] [uri "/.git/config"] [unique_id "aiLXO0iNaEQ0hy_UmUVDiQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-30 04:39:06 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 30 00:38:57.900113 2026] [security2:error] [pid 29513:tid 29513] [client 2001:67c:289c:2::38:51204] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.barkdull.org"] [uri "/.git/config"] [unique_id "afLc4cnwya6awHLkaJMYaQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:01:27 (1 month ago)	2026-04-26 08:00:23,338 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::38 2026-0 ... show more 2026-04-26 08:00:23,338 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::38 2026-04-26 12:01:23,171 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::38 2026-04-26 18:01:20,915 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::38 2026-04-26 21:01:17,941 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::38 2026-04-27 00:01:27,107 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::38 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-26 15:31:30 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 11:31:20.853028 2026] [security2:error] [pid 20223:tid 20229] [client 2001:67c:289c:2::38:55396] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.adprospb.com"] [uri "/.git/config"] [unique_id "ae4vyGbBEl4m3zKjla7gowAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-25 20:34:14 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 25 16:34:04.403193 2026] [security2:error] [pid 9753:tid 9753] [client 2001:67c:289c:2::38:33102] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bayareamustangs.com"] [uri "/wp-config.php~~"] [unique_id "ae0lPGp1d726pJWVN6xtQQAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 06:36:40 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 19 02:36:31.040473 2026] [security2:error] [pid 1657809:tid 1657809] [client 2001:67c:289c:2::38:47678] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "starsmogsandiego.com"] [uri "/wp-config.phpn"] [unique_id "aeR37xe_TdIYnoOO84_TQQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-18 18:48:16 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Apr 18 14:48:08.748792 2026] [security2:error] [pid 3389846:tid 3389846] [client 2001:67c:289c:2::38:60456] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "medusakenya.com"] [uri "/wp-config.php_old"] [unique_id "aePR6ASVqyLAIP_oYTajDwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-15 11:23:18 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 07:23:10.589967 2026] [security2:error] [pid 2828725:tid 2828725] [client 2001:67c:289c:2::38:45434] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "idahostem.org"] [uri "/wp-config.php.fr"] [unique_id "ad91HhoJxQLeGTmIjHldxwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-03-16 22:53:07 (3 months ago)	Blocked by UFW (TCP on 9999) Source port: 55944 Packet length: 80 This report (for 2001:067c:289c:0 ... show more Blocked by UFW (TCP on 9999) Source port: 55944 Packet length: 80 This report (for 2001:067c:289c:0002:0000:0000:0000:0038) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Ping of Death
🇺🇸 TPI-Abuse	2026-03-11 01:42:11 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 10 21:42:03.738876 2026] [security2:error] [pid 5259:tid 5259] [client 2001:67c:289c:2::38:44068] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.imerka.com.mx"] [uri "/.git/config"] [unique_id "abDIaxGyCMe5vfrupYAefgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-09 01:41:26 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 08 21:41:18.654834 2026] [security2:error] [pid 3528:tid 3528] [client 2001:67c:289c:2::38:47834] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mobileonlinecasinos.co\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mobileonlinecasinos.co"] [uri "/db_onlinecasinos.sql"] [unique_id "aa4lPjQATnFKz97Wl43EMAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 i-turnradio.nl	2026-03-05 15:38:09 (3 months ago)	2026-03-05 16:38:09 (CET) ~ Blocked by abusescan risk assessment	Web App Attack
🇺🇸 TPI-Abuse	2026-03-03 19:06:44 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::38 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 03 14:06:33.395851 2026] [security2:error] [pid 32700:tid 32700] [client 2001:67c:289c:2::38:60756] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|sekelconsulting.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sekelconsulting.com"] [uri "/wordpress_elconsulting.sql"] [unique_id "aacxOUP74oB70ZyeTucrwwAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 98 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.247

🇺🇸 216.180.246.246

🇺🇸 216.180.246.171

🇺🇸 216.180.246.163

🇺🇸 216.180.246.150

🇺🇸 216.180.246.135

🇺🇸 216.180.246.70

🇺🇸 216.180.246.4

🇺🇸 216.180.246.1

🇧🇷 205.210.31.180

🇺🇸 172.232.3.17

🇮🇪 63.32.104.171

🇲🇾 47.250.37.13

🇺🇸 18.190.15.50

🇸🇬 139.162.49.249

🇺🇸 108.56.241.55

🇮🇳 103.84.236.242

🇬🇧 90.241.112.125

🇨🇳 60.166.82.252

🇺🇸 52.234.42.36