JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:80d:1007::cd

2602:80d:1007::cd was found in our database!

This IP was reported 58 times. Confidence of Abuse is 59%: ?

59%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Censys, Inc.
Usage Type	Commercial
ASN	AS398324
Domain Name	censys.io
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:80d:1007::cd

Whois 2602:80d:1007::cd

IP Abuse Reports for 2602:80d:1007::cd:

This IP address has been reported a total of 58 times from 27 distinct sources. 2602:80d:1007::cd was first reported on March 24th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-03 15:05:52 (2 days ago)	[WedJun0317:05:47.5394882026][security2:error][pid1922962:tid1923016][client2602:80d:1007::cd:0]ModS ... show more [WedJun0317:05:47.5394882026][security2:error][pid1922962:tid1923016][client2602:80d:1007::cd:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"2a01:4f8:212:1561::8\"][uri\"/\"][unique_id\"aiBCy622sc38SczFwHu7PgAAAEk\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 SCHAPPY	2026-06-02 16:18:33 (3 days ago)	Malicious activity from IP detected: crowdsecurity/http-bad-user-agent.	Web App Attack Bad Web Bot
🇨🇭 4server	2026-05-31 14:36:51 (5 days ago)	[SunMay3116:36:48.0133512026][security2:error][pid4024994:tid4025241][client2602:80d:1007::cd:0]ModS ... show more [SunMay3116:36:48.0133512026][security2:error][pid4024994:tid4025241][client2602:80d:1007::cd:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"2a02:29b8:dc01:545::625:de4f\"][uri\"/\"][unique_id\"ahxHgMiChMElajcBlrvKFwAAARU\"] show less	Hacking Web App Attack
🇩🇪 4server	2026-05-30 07:28:48 (1 week ago)	[SatMay3009:28:44.2775272026][security2:error][pid3455773:tid3455831][client2602:80d:1007::cd:0]ModS ... show more [SatMay3009:28:44.2775272026][security2:error][pid3455773:tid3455831][client2602:80d:1007::cd:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"mail.gustotondo.ch\"][uri\"/\"][unique_id\"ahqRrDymTas79vF3wlJ7qAAAAEs\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 Starburst SysOp Team	2026-05-28 20:00:58 (1 week ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-17)	Hacking Bad Web Bot
🇩🇪 4server	2026-05-27 18:38:58 (1 week ago)	[WedMay2720:38:54.3306242026][security2:error][pid3590034:tid3590100][client2602:80d:1007::cd:0]ModS ... show more [WedMay2720:38:54.3306242026][security2:error][pid3590034:tid3590100][client2602:80d:1007::cd:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.buletti-panettoni.ch\"][uri\"/\"][unique_id\"ahc6PlsH_xlyelIHRLrC4wAAAIU\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 ecs.ge	2026-05-26 14:51:10 (1 week ago)	Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.	Web App Attack Hacking
🇫🇷 pm33	2026-05-26 13:01:40 (1 week ago)	Probing for resource vulnerabilities HTTP(S)	Web App Attack
Anonymous	2026-05-25 14:32:38 (1 week ago)	2602:80d:1007::cd - - [25/May/2026:14:32:37 +0000] "\x16\x03\x01" 400 432 "-" "-" ...	Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-05-25 07:58:17 (1 week ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-14)	Hacking Bad Web Bot
Anonymous	2026-05-22 01:05:08 (2 weeks ago)	2602:80d:1007::cd - - [22/May/2026:01:05:07 +0000] "\x16\x03\x01\x01\x0e\x01" 400 432 "-" "-" ...	Bad Web Bot Web App Attack
🇩🇪 4server	2026-05-20 17:15:26 (2 weeks ago)	[WedMay2019:15:21.6573422026][security2:error][pid614043:tid614141][client2602:80d:1007::cd:0]ModSec ... show more [WedMay2019:15:21.6573422026][security2:error][pid614043:tid614141][client2602:80d:1007::cd:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.ilmiotrentino.it\"][uri\"/\"][unique_id\"ag3sKfIhTNI_EzoG-37wPwAAAMs\"] show less	Port Scan Brute-Force Web App Attack
🇨🇭 4server	2026-05-18 17:24:47 (2 weeks ago)	[MonMay1819:24:42.7855972026][security2:error][pid533142:tid533152][client2602:80d:1007::cd:0]ModSec ... show more [MonMay1819:24:42.7855972026][security2:error][pid533142:tid533152][client2602:80d:1007::cd:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.vetreriaperletti.ch\"][uri\"/\"][unique_id\"agtLWhNrE9T6qGsxGhZVjAAAAEg\"] show less	Hacking Web App Attack
Anonymous	2026-05-18 02:38:04 (2 weeks ago)	2026-05-18T04:38:03.285991+02:00 mx1 sshd-session[3409312]: Connection closed by 2602:80d:1007::cd p ... show more 2026-05-18T04:38:03.285991+02:00 mx1 sshd-session[3409312]: Connection closed by 2602:80d:1007::cd port 15320 [preauth] show less	Brute-Force SSH
Anonymous	2026-05-16 08:01:08 (2 weeks ago)	2602:80d:1007::cd - - [16/May/2026:08:01:08 +0000] "\x16\x03\x01\x01\x13\x01" 400 432 "-" "-" ...	Bad Web Bot Web App Attack

Showing 1 to 15 of 58 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.91

🇺🇸 137.184.159.183

🇩🇪 128.14.225.164

🇧🇷 45.233.218.160

🇩🇪 213.209.159.227

🇺🇸 164.92.107.44

🇨🇳 118.145.131.27

🇪🇸 212.30.33.137

🇹🇳 197.5.145.150

🇹🇼 175.182.37.66

🇦🇺 119.18.3.4

🇮🇳 103.168.201.71

🇺🇸 67.20.132.65

🇺🇸 66.132.195.46

🇨🇦 66.56.80.167

🇳🇱 45.198.224.23

🇨🇳 14.103.122.187

🇳🇱 185.223.235.56

🇻🇳 103.75.184.31

🇳🇴 89.185.81.112