JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2001:67c:289c:2::39

2001:67c:289c:2::39 was found in our database!

This IP was reported 99 times. Confidence of Abuse is 16%: ?

16%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Foreningen for digitala fri- och rattigheter
Usage Type	Fixed Line ISP
ASN	AS198093
Hostname(s)	tor-exit-read-me.dfri.se
Domain Name	dfri.net
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2001:67c:289c:2::39

Whois 2001:67c:289c:2::39

IP Abuse Reports for 2001:67c:289c:2::39:

This IP address has been reported a total of 99 times from 13 distinct sources. 2001:67c:289c:2::39 was first reported on July 28th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-14 18:02:19 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 14:02:07.236078 2026] [security2:error] [pid 1698:tid 1698] [client 2001:67c:289c:2::39:58320] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.ssl-grp.com"] [uri "/.git/config"] [unique_id "ai7sn9hPqYnmY6Miuppd5QAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 22:59:07 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 18:59:01.480890 2026] [security2:error] [pid 2040:tid 2040] [client 2001:67c:289c:2::39:38018] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.brasscadillac.com"] [uri "/.git/config"] [unique_id "ais9te6-jiPdlOhutDO-xAAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 00:28:19 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 20:28:13.776758 2026] [security2:error] [pid 11175:tid 11175] [client 2001:67c:289c:2::39:60170] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.lpass.net"] [uri "/.git/config"] [unique_id "aiivnSYvfrc20Nt1RcJaaAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-05-03 02:08:31 (1 month ago)	Blocked by UFW (TCP on 8333) Source port: 44904 Packet length: 80 This report (for 2001:067c:289c:0 ... show more Blocked by UFW (TCP on 8333) Source port: 44904 Packet length: 80 This report (for 2001:067c:289c:0002:0000:0000:0000:0039) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-04-27 15:42:44 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 27 11:42:37.752969 2026] [security2:error] [pid 4830:tid 4830] [client 2001:67c:289c:2::39:40638] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|americanexportimport.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "americanexportimport.com"] [uri "/rtimport_com.sql"] [unique_id "ae-D7RaHKivV8qMG_SME9wAAADY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:01:28 (1 month ago)	2026-04-26 08:00:23,394 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::39 2026-0 ... show more 2026-04-26 08:00:23,394 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::39 2026-04-26 12:01:23,210 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::39 2026-04-26 18:01:20,953 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::39 2026-04-26 21:01:17,983 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::39 2026-04-27 00:01:27,358 fail2ban.actions [7718]: NOTICE [tor] Ban 2001:67c:289c:2::39 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-26 20:52:15 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 16:52:11.026626 2026] [security2:error] [pid 2795:tid 2795] [client 2001:67c:289c:2::39:36886] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|caferutadelaseda.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "caferutadelaseda.com"] [uri "/caferutadelas.sql"] [unique_id "ae56-2GyOs-BDeGObK8VYQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-23 05:34:50 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 01:34:42.772334 2026] [security2:error] [pid 2666474:tid 2666474] [client 2001:67c:289c:2::39:52272] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "magacine.tv"] [uri "/wp-config.php~~~~"] [unique_id "aemvclsaQY6s_hmUgcMgjAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-15 11:23:19 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 15 07:23:11.384564 2026] [security2:error] [pid 2828882:tid 2828882] [client 2001:67c:289c:2::39:37280] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "idahostem.org"] [uri "/wp-config.php.ca"] [unique_id "ad91H49XbuvPsE2PALEtawAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-03-14 18:33:06 (3 months ago)	Blocked by UFW (TCP on 9999) Source port: 60618 Packet length: 80 This report (for 2001:067c:289c:0 ... show more Blocked by UFW (TCP on 9999) Source port: 60618 Packet length: 80 This report (for 2001:067c:289c:0002:0000:0000:0000:0039) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Ping of Death
🇺🇸 TPI-Abuse	2026-03-09 01:39:52 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 08 21:39:44.045736 2026] [security2:error] [pid 21993:tid 21993] [client 2001:67c:289c:2::39:51398] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mobileonlinecasinos.co\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mobileonlinecasinos.co"] [uri "/eonlinecasinos_db.sql"] [unique_id "aa4k4GbU61q4LolD0xL2zgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 jjnxpct	2026-03-05 04:50:50 (3 months ago)	Automated security incident from hosting server. ModSecurity blocked suspicious request targeting UR ... show more Automated security incident from hosting server. ModSecurity blocked suspicious request targeting URI: /dbaktijk.sql (Rule ID: 920440) - URL file extension is restricted by policy show less	Web App Attack SQL Injection Hacking
🇺🇸 TPI-Abuse	2026-03-03 19:06:27 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 03 14:06:20.536693 2026] [security2:error] [pid 666:tid 666] [client 2001:67c:289c:2::39:58936] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|sekelconsulting.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "sekelconsulting.com"] [uri "/g_db.sql"] [unique_id "aacxLF6DWxF_sylibz8btgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 gnom4ik	2026-03-01 08:37:24 (3 months ago)	ban-reviewer auto report; ip=2001:67c:289c:2::39; scenario=http:scan; verdict=valid_ban; confidence= ... show more ban-reviewer auto report; ip=2001:67c:289c:2::39; scenario=http:scan; verdict=valid_ban; confidence=0.92; categories=14,15,18,22; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=ip_decision_count_high show less	Port Scan Hacking Brute-Force SSH
🇺🇸 TPI-Abuse	2026-02-25 11:56:04 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:289c:2::39 (tor-exit-read-me.dfri.se): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 25 06:55:54.529107 2026] [security2:error] [pid 5036:tid 5036] [client 2001:67c:289c:2::39:36182] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thesalonx.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thesalonx.com"] [uri "/wpadmin.sql"] [unique_id "aZ7jSv5X70TByL_SIdg0AQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 99 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.247

🇺🇸 216.180.246.246

🇺🇸 216.180.246.171

🇺🇸 216.180.246.163

🇺🇸 216.180.246.150

🇺🇸 216.180.246.135

🇺🇸 216.180.246.70

🇺🇸 216.180.246.4

🇺🇸 216.180.246.1

🇧🇷 205.210.31.180

🇺🇸 172.232.3.17

🇮🇪 63.32.104.171

🇲🇾 47.250.37.13

🇺🇸 18.190.15.50

🇸🇬 139.162.49.249

🇺🇸 108.56.241.55

🇮🇳 103.84.236.242

🇬🇧 90.241.112.125

🇨🇳 60.166.82.252

🇺🇸 52.234.42.36