JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:80d:1007::c2

2602:80d:1007::c2 was found in our database!

This IP was reported 59 times. Confidence of Abuse is 89%: ?

89%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Censys, Inc.
Usage Type	Commercial
ASN	AS398324
Domain Name	censys.io
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:80d:1007::c2

Whois 2602:80d:1007::c2

IP Abuse Reports for 2602:80d:1007::c2:

This IP address has been reported a total of 59 times from 30 distinct sources. 2602:80d:1007::c2 was first reported on March 23rd 2026, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 SCHAPPY	2026-06-07 19:10:00 (8 hours ago)	Malicious activity from IP detected: crowdsecurity/http-bad-user-agent.	Web App Attack Bad Web Bot
🇳🇴 noteng.no	2026-06-06 04:51:05 (1 day ago)	2602:80d:1007::c2 - - [06/Jun/2026:06:48:53 +0200] "\x16\x03\x01\x00\xEE\x01\x00\x00\xEA\x03\x03\x8E ... show more 2602:80d:1007::c2 - - [06/Jun/2026:06:48:53 +0200] "\x16\x03\x01\x00\xEE\x01\x00\x00\xEA\x03\x03\x8EE'U\x8F\xE8z\x80a\xAA\xE3\x0F\x93}\xE8\x03\x8F\x95d\xD3?\x17\x92\xDD\x1Eq\xD9\xC5\xB6\x02\x9EM \x8C\x92_5\xA0\xB3\xB7\xD0/\x01\xA3\xAB:2\x0B(\x80\xA6\xC2\xE6\xD7\xE3R\xFB\x8Bv \xE6\x14" 400 150 "-" "-" 2602:80d:1007::c2 - - [06/Jun/2026:06:48:55 +0200] "PRI * HTTP/2.0" 400 150 "-" "-" 2602:80d:1007::c2 - - [06/Jun/2026:06:51:02 +0200] "\x16\x03\x01\x00\xEE\x01\x00\x00\xEA\x03\x03Ya\xC7y^\xFDV\xBA\xB2\x11j1\x9C\xDF\xB1\xBB\xCB\xD2\xD8\xF4\xAB \x86\xE5?\x9F>X\xAB\x8C\xF5\xED \xF2b:{\xA74\xAD T\x1Bws\x844Fp\x08t\xDA\xFD#d\xB1J\x95\xB9-/\xA3\xEF\xC4:\x00&\xCC\xA8\xCC\xA9\xC0/\xC00\xC0+\xC0,\xC0\x13\xC0\x09\xC0\x14\xC0" 400 150 "-" "-" ... show less	Hacking Web App Attack
🇩🇪 ecs.ge	2026-06-06 01:54:08 (2 days ago)	Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.	Web App Attack Hacking
🇩🇪 4server	2026-06-05 18:28:05 (2 days ago)	[FriJun0520:28:02.0026162026][security2:error][pid1123154:tid1123193][client2602:80d:1007::c2:0]ModS ... show more [FriJun0520:28:02.0026162026][security2:error][pid1123154:tid1123193][client2602:80d:1007::c2:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"mail.formet.ch\"][uri\"/\"][unique_id\"aiMVMeZSHriudt2YIJySSwAAABA\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 VanKoh	2026-06-05 10:01:09 (2 days ago)	2602:80d:1007::c2 - - [05/Jun/2026:04:00:57 -0600] "GET /sitemap.xml HTTP/1.1" 200 239 "-" "Mozilla/ ... show more 2602:80d:1007::c2 - - [05/Jun/2026:04:00:57 -0600] "GET /sitemap.xml HTTP/1.1" 200 239 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" 2602:80d:1007::c2 - - [05/Jun/2026:04:01:04 -0600] "GET /favicon.ico HTTP/1.1" 302 0 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" 2602:80d:1007::c2 - - [05/Jun/2026:04:01:08 -0600] "GET /vttcei_n9wcgzxd HTTP/1.1" 404 43945 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" ... show less	DDoS Attack Web App Attack
Anonymous	2026-06-03 16:52:35 (4 days ago)	[04/Jun/2026:02:52:34 +1000] "GET /login HTTP/1.1" 301 286 "Mozilla/5.0 (compatible; CensysInspect/1 ... show more [04/Jun/2026:02:52:34 +1000] "GET /login HTTP/1.1" 301 286 "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" show less	Hacking Web App Attack
🇸🇬 Starburst SysOp Team	2026-06-03 16:48:07 (4 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-sin2-2)	Hacking Bad Web Bot
🇩🇪 filstal.org	2026-06-02 19:36:45 (5 days ago)	Automated security scan or exploit attempt detected by Fail2Ban	Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-02 05:16:31 (5 days ago)	[TueJun0207:16:27.3431462026][security2:error][pid3823075:tid3823155][client2602:80d:1007::c2:0]ModS ... show more [TueJun0207:16:27.3431462026][security2:error][pid3823075:tid3823155][client2602:80d:1007::c2:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.pulispina.ch\"][uri\"/\"][unique_id\"ah5nK2VOtuHSJx7MmahX1wAAAI8\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-05-30 21:00:18 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Web App Attack Bad Web Bot
🇺🇸 Starburst SysOp Team	2026-05-30 15:31:45 (1 week ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-14)	Hacking Bad Web Bot
🇩🇪 4server	2026-05-30 06:26:53 (1 week ago)	[SatMay3008:26:49.7358962026][security2:error][pid3358447:tid3358592][client2602:80d:1007::c2:0]ModS ... show more [SatMay3008:26:49.7358962026][security2:error][pid3358447:tid3358592][client2602:80d:1007::c2:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.safeoncloud.ch\"][uri\"/\"][unique_id\"ahqDKXW7cVl0ZG64H02MHQAAAMY\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-05-29 13:36:22 (1 week ago)	2026-05-29T15:36:21.397626+02:00 mx1 sshd-session[2892498]: Connection closed by 2602:80d:1007::c2 p ... show more 2026-05-29T15:36:21.397626+02:00 mx1 sshd-session[2892498]: Connection closed by 2602:80d:1007::c2 port 35648 [preauth] show less	Brute-Force SSH
🇩🇪 Melle	2026-05-29 11:09:01 (1 week ago)	Blocked by CrowdSec \| Scenario: crowdsecurity/http-bad-user-agent \| 2602:80d:1007::c2 triggered 2 ev ... show more Blocked by CrowdSec \| Scenario: crowdsecurity/http-bad-user-agent \| 2602:80d:1007::c2 triggered 2 events \| Detected: 2026-05-29T11:08:55.392502418Z show less	Web App Attack Bad Web Bot
🇩🇪 london2038.com	2026-05-28 18:59:37 (1 week ago)	Probing for exploits 2602:80d:1007::c2 - - [28/May/2026:20:57:26 +0200] "GET / HTTP/1.1" 422 0 "-" " ... show more Probing for exploits 2602:80d:1007::c2 - - [28/May/2026:20:57:26 +0200] "GET / HTTP/1.1" 422 0 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" 2602:80d:1007::c2 - - [28/May/2026:20:59:34 +0200] "GET /.well-known/security.txt HTTP/1.1" 422 0 "-" "Mozilla/5.0 (compatible; CensysInspect/1.1; +https://about.censys.io/)" show less	Hacking Web App Attack

Showing 1 to 15 of 59 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 212.30.36.134

🇨🇳 106.12.157.104

🇷🇺 85.95.189.201

🇺🇸 2a03:2880:16ff:45::

🇩🇪 213.209.159.235

🇩🇪 212.30.36.133

🇻🇪 201.243.107.95

🇪🇸 196.196.150.6

🇲🇽 189.157.191.145

🇨🇳 140.246.137.102

🇩🇪 88.214.25.125

🇨🇦 85.217.149.33

🇬🇧 81.19.219.194

🇮🇳 68.183.89.16

🇫🇷 51.68.107.161

🇨🇳 42.51.33.162

🇮🇩 36.64.131.68

🇨🇳 8.135.49.171

🇲🇽 206.135.24.10

🇬🇧 193.163.125.123