JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:80d:1007::c9

2602:80d:1007::c9 was found in our database!

This IP was reported 54 times. Confidence of Abuse is 71%: ?

71%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Censys, Inc.
Usage Type	Commercial
ASN	AS398324
Domain Name	censys.io
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:80d:1007::c9

Whois 2602:80d:1007::c9

IP Abuse Reports for 2602:80d:1007::c9:

This IP address has been reported a total of 54 times from 22 distinct sources. 2602:80d:1007::c9 was first reported on March 28th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-03 15:04:17 (1 day ago)	[WedJun0317:04:13.2832332026][security2:error][pid1922962:tid1923030][client2602:80d:1007::c9:0]ModS ... show more [WedJun0317:04:13.2832332026][security2:error][pid1922962:tid1923030][client2602:80d:1007::c9:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"2a01:4f8:212:1561::8\"][uri\"/\"][unique_id\"aiBCba22sc38SczFwHu7OAAAAFc\"] show less	Port Scan Brute-Force Web App Attack
🇨🇭 4server	2026-06-02 23:36:14 (2 days ago)	[WedJun0301:36:09.0357372026][security2:error][pid98125:tid98437][client2602:80d:1007::c9:0]ModSecur ... show more [WedJun0301:36:09.0357372026][security2:error][pid98125:tid98437][client2602:80d:1007::c9:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"mail.leonitraslochi.ch\"][uri\"/\"][unique_id\"ah9o6WXOxCurfZqeDQu8LAAAAMw\"] show less	Hacking Web App Attack
🇺🇸 Starburst SysOp Team	2026-06-02 11:48:21 (2 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-14)	Hacking Bad Web Bot
Anonymous	2026-06-01 16:01:07 (3 days ago)		DNS Compromise DDoS Attack
🇦🇺 Starburst SysOp Team	2026-06-01 15:52:14 (3 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-syd2-4)	Hacking Bad Web Bot
🇳🇱 ParaBug	2026-06-01 07:32:00 (3 days ago)	2602:80d:1007::c9 - - [01/Jun/2026:09:31:59 +0200] "\x16\x03\x01\x01\x06\x01" 400 432 "-" "-" ...	Phishing Brute-Force Web App Attack
🇩🇪 4server	2026-05-30 16:15:06 (5 days ago)	[SatMay3018:15:02.6334832026][security2:error][pid4000126:tid4000201][client2602:80d:1007::c9:0]ModS ... show more [SatMay3018:15:02.6334832026][security2:error][pid4000126:tid4000201][client2602:80d:1007::c9:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.lascalasagl.ch\"][uri\"/\"][unique_id\"ahsNBmZoX-0HtF-cj6HQAwAAAIU\"] show less	Port Scan Brute-Force Web App Attack
Anonymous	2026-05-30 03:00:21 (5 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Web App Attack Bad Web Bot
🇩🇪 SCHAPPY	2026-05-29 13:52:12 (6 days ago)	Malicious activity from IP detected: crowdsecurity/http-bad-user-agent.	Web App Attack Bad Web Bot
🇩🇪 4server	2026-05-26 04:10:19 (1 week ago)	[TueMay2606:10:14.2324132026][security2:error][pid920662:tid920796][client2602:80d:1007::c9:0]ModSec ... show more [TueMay2606:10:14.2324132026][security2:error][pid920662:tid920796][client2602:80d:1007::c9:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"mail.giuliani.li\"][uri\"/\"][unique_id\"ahUdJgF6G_YmTI_A-T0TfQAAAM0\"] show less	Port Scan Brute-Force Web App Attack
🇳🇱 BlueWire Hosting	2026-05-22 16:32:06 (1 week ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇨🇭 4server	2026-05-20 20:17:44 (2 weeks ago)	[WedMay2022:17:41.3969142026][security2:error][pid4151993:tid4152001][client2602:80d:1007::c9:0]ModS ... show more [WedMay2022:17:41.3969142026][security2:error][pid4151993:tid4152001][client2602:80d:1007::c9:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"whatsdecor.ch\"][uri\"/\"][unique_id\"ag4W5RbmTFNI_d4L_me9uQAAAAY\"] show less	Hacking Web App Attack
🇫🇷 pm33	2026-05-19 16:47:48 (2 weeks ago)	Unsolicited connection attempts or aggressive port scan.	Port Scan
🇳🇱 BlueWire Hosting	2026-05-18 23:25:01 (2 weeks ago)	Bad bot ignoring robot.txt	Bad Web Bot
🇩🇪 Melle	2026-05-18 21:03:31 (2 weeks ago)	Blocked by CrowdSec \| Scenario: crowdsecurity/http-bad-user-agent \| 2602:80d:1007::c9 triggered 2 ev ... show more Blocked by CrowdSec \| Scenario: crowdsecurity/http-bad-user-agent \| 2602:80d:1007::c9 triggered 2 events \| Detected: 2026-05-18T21:03:25.33679739Z show less	Web App Attack Bad Web Bot

Showing 1 to 15 of 54 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 92.118.39.62

🇨🇳 183.221.20.144

🇨🇳 180.167.207.234

🇮🇩 103.122.34.142

🇨🇳 27.24.90.94

🇨🇳 223.88.252.204

🇮🇪 52.169.217.131

🇱🇹 45.227.254.170

🇳🇱 176.65.149.194

🇨🇳 101.96.203.52

🇲🇾 47.250.43.66

🇨🇱 200.123.39.150

🇩🇪 167.99.132.8

🇭🇰 161.81.122.148

🇮🇳 103.183.231.137

🇺🇸 62.132.18.53

🇺🇸 20.96.179.87

🇺🇸 20.29.126.217

🇷🇴 2.57.121.112

🇸🇮 176.65.134.20