JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:80d:1005::1f

2602:80d:1005::1f was found in our database!

This IP was reported 189 times. Confidence of Abuse is 49%: ?

49%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Censys, Inc.
Usage Type	Commercial
ASN	AS398705
Hostname(s)	scanner-202.fr7.censys-scanner.com
Domain Name	censys.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:80d:1005::1f

Whois 2602:80d:1005::1f

IP Abuse Reports for 2602:80d:1005::1f:

This IP address has been reported a total of 189 times from 59 distinct sources. 2602:80d:1005::1f was first reported on May 3rd 2024, and the most recent report was 19 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-08 12:07:58 (19 hours ago)	[MonJun0814:07:55.2112802026][security2:error][pid1199443:tid1199569][client2602:80d:1005::1f:0]ModS ... show more [MonJun0814:07:55.2112802026][security2:error][pid1199443:tid1199569][client2602:80d:1005::1f:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"fidmeyer.ch\"][uri\"/\"][unique_id\"aiawm0EYt6RXCRFTtJIAAgAAAQc\"] show less	Port Scan Brute-Force Web App Attack
🇦🇺 Anytech	2026-06-05 18:20:59 (3 days ago)	Blocked by Conn-Monitor: Automated bot activity	Web App Attack
🇩🇪 4server	2026-06-05 12:35:32 (3 days ago)	[FriJun0514:35:30.2802482026][security2:error][pid733449:tid733569][client2602:80d:1005::1f:0]ModSec ... show more [FriJun0514:35:30.2802482026][security2:error][pid733449:tid733569][client2602:80d:1005::1f:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"viveretrentino.it\"][uri\"/\"][unique_id\"aiLCkt7i8RLWt4lZVguZywAAANQ\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 4server	2026-06-01 03:10:13 (1 week ago)	[MonJun0105:10:09.8570992026][security2:error][pid2110512:tid2110545][client2602:80d:1005::1f:0]ModS ... show more [MonJun0105:10:09.8570992026][security2:error][pid2110512:tid2110545][client2602:80d:1005::1f:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.bozza2-flying.artisteer-italia.org\"][uri\"/\"][unique_id\"ahz4EY1FQHHfLCFGJmPmogAAAAs\"] show less	Port Scan Brute-Force Web App Attack
🇨🇭 4server	2026-05-28 19:16:17 (1 week ago)	[ThuMay2821:16:13.5525932026][security2:error][pid1651913:tid1652331][client2602:80d:1005::1f:0]ModS ... show more [ThuMay2821:16:13.5525932026][security2:error][pid1651913:tid1652331][client2602:80d:1005::1f:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"whatsdecor.ch\"][uri\"/\"][unique_id\"ahiUfUvy4WpAzQc7fsvnpQAAAIc\"] show less	Hacking Web App Attack
🇩🇪 SCHAPPY	2026-05-26 18:26:27 (1 week ago)	Malicious activity from IP detected: crowdsecurity/http-bad-user-agent.	Web App Attack Bad Web Bot
🇩🇪 4server	2026-05-26 14:23:51 (1 week ago)	[TueMay2616:23:48.9745052026][security2:error][pid1625283:tid1625422][client2602:80d:1005::1f:0]ModS ... show more [TueMay2616:23:48.9745052026][security2:error][pid1625283:tid1625422][client2602:80d:1005::1f:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"2a01:4f8:212:1561::8\"][uri\"/\"][unique_id\"ahWs9A_4G2rFUdeMfBGdEwAAARU\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-05-24 22:11:57 (2 weeks ago)	2602:80d:1005::1f - - [24/May/2026:22:11:56 +0000] "\x16\x03\x01\x01\x06\x01" 400 432 "-" "-" ...	Bad Web Bot Web App Attack
🇺🇸 Charlesiv	2026-05-24 04:00:10 (2 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK ASN: 398705 (Censys, Inc.) Pr ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK ASN: 398705 (Censys, Inc.) Protocol: HTTP/1.1 (GET method) Endpoint: / Timestamp: 2026-05-24T02:52:30Z Ray ID: a00901318b6aea1e UA: Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/) show less	Bad Web Bot
🇩🇪 ecs.ge	2026-05-23 15:06:16 (2 weeks ago)	Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.	Web App Attack Hacking
🇩🇪 4server	2026-05-23 02:40:18 (2 weeks ago)	[SatMay2304:40:14.1465892026][security2:error][pid300201:tid300238][client2602:80d:1005::1f:0]ModSec ... show more [SatMay2304:40:14.1465892026][security2:error][pid300201:tid300238][client2602:80d:1005::1f:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.hdcadvisory.ch\"][uri\"/\"][unique_id\"ahETjoZjwUHwmjwcH3MkIgAAAEA\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 4server	2026-05-20 05:48:08 (2 weeks ago)	[WedMay2007:48:04.5959442026][security2:error][pid4008635:tid4008701][client2602:80d:1005::1f:0]ModS ... show more [WedMay2007:48:04.5959442026][security2:error][pid4008635:tid4008701][client2602:80d:1005::1f:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.orabonastudio.it\"][uri\"/\"][unique_id\"ag1LFMtdkLZf4WSlrDVp6QAAAIA\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-05-20 03:56:00 (2 weeks ago)		DNS Compromise DDoS Attack
🇩🇪 ecs.ge	2026-05-19 00:06:28 (3 weeks ago)	Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.	Web App Attack Hacking
🇩🇪 SCHAPPY	2026-05-18 23:47:07 (3 weeks ago)	Malicious activity from IP detected: crowdsecurity/http-bad-user-agent.	Web App Attack Bad Web Bot

Showing 1 to 15 of 189 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 172.217.33.144

🇳🇱 142.93.129.190

🇨🇳 60.255.229.249

🇳🇱 45.142.193.12

🇫🇷 31.36.163.95

🇺🇸 2607:f8b0:4001:c0a::129

🇰🇷 222.102.179.202

🇧🇷 205.210.31.229

🇱🇻 185.113.139.84

🇳🇱 176.65.149.220

🇨🇳 124.251.110.186

🇩🇪 91.44.230.162

🇳🇱 64.227.70.2

🇧🇩 43.245.140.251

🇹🇷 5.11.135.25

🇺🇸 216.73.217.101

🇺🇸 209.204.30.18

🇳🇱 193.176.31.214

🇫🇮 178.20.210.208

🇩🇪 155.117.127.123