JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2001:67c:89c:702:1ce:1ce:babe:6

2001:67c:89c:702:1ce:1ce:babe:6 was found in our database!

This IP was reported 100 times. Confidence of Abuse is 16%: ?

16%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Forening for DotSrc
Usage Type	Data Center/Web Hosting/Transit
ASN	AS210731
Hostname(s)	tor-project-exit6.dotsrc.org
Domain Name	dotsrc.org
Country	🇩🇰 Denmark
City	Copenhagen, Capital Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2001:67c:89c:702:1ce:1ce:babe:6

Whois 2001:67c:89c:702:1ce:1ce:babe:6

IP Abuse Reports for 2001:67c:89c:702:1ce:1ce:babe:6:

This IP address has been reported a total of 100 times from 13 distinct sources. 2001:67c:89c:702:1ce:1ce:babe:6 was first reported on November 29th 2022, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-10-05 09:00:10 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-ex ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-exit6.dotsrc.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Oct 05 04:59:59.525598 2025] [security2:error] [pid 24511:tid 24511] [client 2001:67c:89c:702:1ce:1ce:babe:6:64414] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|campnecon.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "campnecon.com"] [uri "/backups.sql"] [unique_id "aOIzj_dVsWTMH-73mYSN9AAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-03 09:41:59 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-ex ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-exit6.dotsrc.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Oct 03 05:40:18.945758 2025] [security2:error] [pid 21790:tid 21790] [client 2001:67c:89c:702:1ce:1ce:babe:6:64700] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.theamarals.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.theamarals.com"] [uri "/ls.sql"] [unique_id "aN-aAgARxLaF0I9XTG2k3gAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-26 15:20:12 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-ex ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-exit6.dotsrc.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 26 11:20:02.240565 2025] [security2:error] [pid 1991162:tid 1991162] [client 2001:67c:89c:702:1ce:1ce:babe:6:64704] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|campos.tv\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "campos.tv"] [uri "/backupdb.sql"] [unique_id "aNavIk11dRinVJSUJcOFrAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-26 00:02:50 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-ex ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-exit6.dotsrc.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 25 20:02:41.558464 2025] [security2:error] [pid 4346:tid 4346] [client 2001:67c:89c:702:1ce:1ce:babe:6:64000] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ralphharris.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ralphharris.org"] [uri "/phharris.sql"] [unique_id "aNXYISoMzVkUFN3MOqyulQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 12:20:07 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-ex ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-exit6.dotsrc.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 08:19:59.464431 2025] [security2:error] [pid 6333:tid 6337] [client 2001:67c:89c:702:1ce:1ce:babe:6:65152] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.guitarprimer.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.guitarprimer.com"] [uri "/arprimer.sql"] [unique_id "aNE-7wcdaw52-YCN974TQwAAAYE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-21 08:33:34 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-ex ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-exit6.dotsrc.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Sep 21 04:33:28.080560 2025] [security2:error] [pid 16986:tid 16986] [client 2001:67c:89c:702:1ce:1ce:babe:6:64828] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ashleycroft.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ashleycroft.com"] [uri "/.sql"] [unique_id "aM-4WGFpFlBlI2wkJbw9VwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2025-08-21 23:20:03 (9 months ago)	1109 limiting connections by zone (16h39m59sfromnow)	DDoS Attack
🇧🇪 cmbplf	2025-08-21 19:40:22 (9 months ago)	962 limiting connections by zone (2h48m59sfromnow)	DDoS Attack
🇧🇪 cmbplf	2025-08-21 12:50:55 (9 months ago)	1257 limiting connections by zone (12m59sfromnow)	DDoS Attack
🇺🇸 TPI-Abuse	2025-08-21 09:02:48 (9 months ago)	(mod_security) mod_security (id:210492) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-ex ... show more (mod_security) mod_security (id:210492) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-exit6.dotsrc.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 21 05:02:41.086700 2025] [security2:error] [pid 19665:tid 19665] [client 2001:67c:89c:702:1ce:1ce:babe:6:64736] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.randyshelly.com"] [uri "/wp-config.php.zip"] [unique_id "aKbgsQjLGotv8uJ-4I37mwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-20 09:39:10 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-ex ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-exit6.dotsrc.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 20 05:39:00.296075 2025] [security2:error] [pid 31634:tid 31634] [client 2001:67c:89c:702:1ce:1ce:babe:6:64294] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|doublenaughtspycar.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "doublenaughtspycar.com"] [uri "/d.sql"] [unique_id "aKWXtNj9qr3fXhkja0EmEgAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 exxos	2025-08-19 18:03:01 (9 months ago)	Attacks with Bad user agents	Hacking
🇺🇸 TPI-Abuse	2025-08-07 07:40:23 (9 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-ex ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-exit6.dotsrc.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 07 03:40:15.585730 2025] [security2:error] [pid 3184527:tid 3184531] [client 2001:67c:89c:702:1ce:1ce:babe:6:64762] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|daraluz.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "daraluz.net"] [uri "/daily.sql"] [unique_id "aJRYX29PdMFyrsF_G9COGgAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-08-02 12:10:01 (10 months ago)	\| Multiple common web attacks from same source ip. (multiple servers)	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-07-22 11:19:01 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-ex ... show more (mod_security) mod_security (id:210730) triggered by 2001:67c:89c:702:1ce:1ce:babe:6 (tor-project-exit6.dotsrc.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 22 07:18:55.978878 2025] [security2:error] [pid 3435:tid 3435] [client 2001:67c:89c:702:1ce:1ce:babe:6:64480] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|konahawaiirealty.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "konahawaiirealty.com"] [uri "/migration.sql"] [unique_id "aH9zn6GrLPu1eZ2pRNIlUwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 46 to 60 of 100 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇿 105.96.53.7

🇺🇸 2602:80d:1007::74

🇲🇽 200.76.118.45

🇳🇱 195.178.110.30

🇬🇵 193.251.162.37

🇨🇳 115.191.18.16

🇺🇸 107.141.138.44

🇫🇷 91.196.152.176

🇺🇸 2607:f8b0:4001:c0f::123

🇲🇽 187.251.123.104

🇳🇱 185.223.235.23

🇵🇰 117.102.4.148

🇺🇸 66.132.172.37

🇳🇱 45.148.10.152

🇺🇸 2607:f8b0:4023:1006::120

🇬🇧 193.163.125.214

🇵🇰 182.190.101.124

🇺🇸 157.230.182.242

🇺🇸 66.132.172.110

🇵🇪 45.170.50.2