This IP was reported 142 times. Confidence of
Abuse
is 84%: ?
84%
Important Note: Public IPv6 addresses may implement the SLAAC
privacy extension. With this, the interface identifier is randomly generated. The SLAAC
privacy extension also implements a time out, which is configurable, so that the IPv6
interface addresses will be discarded and a new interface identifier is generated.
This IP address has been reported a total of
142
times from
45 distinct
sources.
2602:80d:1007::63 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Malformed or malicious web request
2602:80d:1007::63 - - [30/Apr/2026:06:54:48 +0200] "\x16\x03\x01\ ...
show moreMalformed or malicious web request
2602:80d:1007::63 - - [30/Apr/2026:06:54:48 +0200] "\x16\x03\x01\x00\xEE\x01\x00\x00\xEA\x03\x03\x9D*\xA4\xC5\x8C\x84g\xCAT\x87\xFEp\xFAk\x9A\xCAM\xB2KaL\xEE\xDA*\xE6()\xC4\x99KJ2 \x83\xDA\x8D\x9D0\xAE\x17\xC6Cw\xCC/\xDFS\x81Gl\x80\xA4\xDBP\xE35\xA28x\xA5J#\xD8`=\x00&\xCC\xA8\xCC\xA9\xC0/\xC00\xC0+\xC0,\xC0\x13\xC0\x09\xC0\x14\xC0" 400 157 "-" "-"
show less
[WedApr2921:28:24.8274422026][security2:error][pid1647794:tid1647878][client2602:80d:1007::63:0]ModS ...
show more[WedApr2921:28:24.8274422026][security2:error][pid1647794:tid1647878][client2602:80d:1007::63:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\|\\\\\\\\bcensysinspect\\\\\\\\b\|\\\\\\\\bcensys\\\\\\\\b\|\\\\\\\\bexpanse\\\\\\\\b\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.selenemodestipastrydetails.it\"][uri\"/\"][unique_id\"afJb2JUwvPMnrYs4epu0ygAAAZY\"]
show less
[SunApr2623:46:31.0427292026][security2:error][pid2618542:tid2618655][client2602:80d:1007::63:0]ModS ...
show more[SunApr2623:46:31.0427292026][security2:error][pid2618542:tid2618655][client2602:80d:1007::63:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\|\\\\\\\\bcensysinspect\\\\\\\\b\|\\\\\\\\bcensys\\\\\\\\b\|\\\\\\\\bexpanse\\\\\\\\b\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"chryptofarm.ch\"][uri\"/\"][unique_id\"ae6Ht7tzOQpG-7Pt0CpA0QAAAMs\"]
show less
[AUTORAVALT][[20/04/2026 - 03:17:51 -03:00 UTC]
Attack from [Censys, Inc.]
[2602:80d:1007::63] Actio ...
show more[AUTORAVALT][[20/04/2026 - 03:17:51 -03:00 UTC]
Attack from [Censys, Inc.]
[2602:80d:1007::63] Action: BLocKed
Bad Web Bot -> Webpage scraping (email extraction, content, etc.) crawlers that do not respect robots.txt. Excessive requests and user agent spoofing.
]
...
show less
[MonApr2007:32:50.7586062026][security2:error][pid1554955:tid1554959][client2602:80d:1007::63:0]ModS ...
show more[MonApr2007:32:50.7586062026][security2:error][pid1554955:tid1554959][client2602:80d:1007::63:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\|\\\\\\\\bcensysinspect\\\\\\\\b\|\\\\\\\\bcensys\\\\\\\\b\|\\\\\\\\bexpanse\\\\\\\\b\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"nuovosito.gruppobalu.com\"][uri\"/\"][unique_id\"aeW6gs8_h78wvdszrYISfAAAAQE\"]
show less
[AUTORAVALT][[18/04/2026 - 21:18:47 -03:00 UTC]
Attack from [Censys, Inc.]
[2602:80d:1007::63] Actio ...
show more[AUTORAVALT][[18/04/2026 - 21:18:47 -03:00 UTC]
Attack from [Censys, Inc.]
[2602:80d:1007::63] Action: BLocKed
Bad Web Bot -> Webpage scraping (email extraction, content, etc.) crawlers that do not respect robots.txt. Excessive requests and user agent spoofing.
]
...
show less