JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:80d:1008::97

2602:80d:1008::97 was found in our database!

This IP was reported 76 times. Confidence of Abuse is 86%: ?

86%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Censys, Inc.
Usage Type	Commercial
ASN	AS398324
Domain Name	censys.io
Country	🇺🇸 United States of America
City	Chicago, Illinois

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:80d:1008::97

Whois 2602:80d:1008::97

IP Abuse Reports for 2602:80d:1008::97:

This IP address has been reported a total of 76 times from 31 distinct sources. 2602:80d:1008::97 was first reported on March 30th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 ecs.ge	2026-06-02 10:55:16 (2 days ago)	Automatic Fail2Ban report from jail plesk-modsecurity: multiple matching events detected.	Web App Attack Hacking
🇺🇸 cwytech	2026-06-01 12:48:30 (3 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/tactical-rmm-lockdown-high.	Hacking
Anonymous	2026-06-01 03:14:45 (3 days ago)	2602:80d:1008::97 - - [01/Jun/2026:03:14:44 +0000] "\x16\x03\x01\x01\x06\x01" 400 432 "-" "-" ...	Bad Web Bot Web App Attack
🇩🇪 evilrave	2026-06-01 00:47:03 (3 days ago)	2602:80d:1008::97 - - [01/Jun/2026:00:47:03 +0000] "\x16\x03\x01\x00\xEE\x01\x00\x00\xEA\x03\x03a\x9 ... show more 2602:80d:1008::97 - - [01/Jun/2026:00:47:03 +0000] "\x16\x03\x01\x00\xEE\x01\x00\x00\xEA\x03\x03a\x92\x85KTm\xEC\x99\xF0\xEF\xB2\x87t\x1E\x11k\x86\xCFv^\xCC\xE0\xBF\xF7\xCAEp\xC9T\xF2E\xAC \xB2*\xD5\xB6\x07gV\x8C\x93\x00\xF6\xE0\x04\x9A\x9A\x82\xA1" 400 150 Host="_" SNI="-" ... show less	Web App Attack
🇺🇸 Starburst SysOp Team	2026-05-31 22:53:53 (3 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-mnz6-4)	Hacking Bad Web Bot
🇩🇪 4server	2026-05-31 14:34:57 (3 days ago)	[SunMay3116:34:54.8919322026][security2:error][pid1273626:tid1273663][client2602:80d:1008::97:0]ModS ... show more [SunMay3116:34:54.8919322026][security2:error][pid1273626:tid1273663][client2602:80d:1008::97:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"2a01:4f8:212:1561::8\"][uri\"/\"][unique_id\"ahxHDmSZQnbHaT0vQAUy-AAAAAg\"] show less	Port Scan Brute-Force Web App Attack
🇩🇰 swrlly	2026-05-30 18:48:01 (4 days ago)	1 unauthorized webserver connection	Web App Attack
Anonymous	2026-05-30 08:37:07 (5 days ago)	2602:80d:1008::97 - - [30/May/2026:08:37:07 +0000] "\x16\x03\x01\x01\x06\x01" 400 432 "-" "-" ...	Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-05-30 01:16:54 (5 days ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-13)	Hacking Bad Web Bot
🇩🇪 4server	2026-05-29 01:26:32 (6 days ago)	[FriMay2903:26:27.6472512026][security2:error][pid1473066:tid1473125][client2602:80d:1008::97:0]ModS ... show more [FriMay2903:26:27.6472512026][security2:error][pid1473066:tid1473125][client2602:80d:1008::97:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?:\\\\\\\\bshodan\\\\\\\\b\\|\\\\\\\\bcensysinspect\\\\\\\\b\\|\\\\\\\\bcensys\\\\\\\\b\\|\\\\\\\\bexpanse\\\\\\\\b\\|\\\\\\\\bnetsystemsresearch\\\\\\\\b\\|\\\\\\\\bnetcraftsurveyagent\\\\\\\\b\)\"atREQUEST_HEADERS:User-Agent.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"73\"][id\"338801\"][rev\"1\"][msg\"Atomicorp.comWAFRules:Blockedinternet-widesurveyorUA\"][severity\"ERROR\"][hostname\"www.selenemodestipastrydetails.it\"][uri\"/\"][unique_id\"ahjrQ5oHbq2QRnv5G0PbBgAAAEU\"] show less	Port Scan Brute-Force Web App Attack
🇦🇺 2000cn.com.au	2026-05-27 13:07:24 (1 week ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Web App Attack Bad Web Bot
🇩🇪 SCHAPPY	2026-05-26 18:50:07 (1 week ago)	Malicious activity from IP detected: crowdsecurity/http-bad-user-agent.	Web App Attack Bad Web Bot
🇺🇸 Starburst SysOp Team	2026-05-25 00:56:03 (1 week ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-stl2-17)	Hacking Bad Web Bot
Anonymous	2026-05-24 07:06:45 (1 week ago)	2602:80d:1008::97 - - [24/May/2026:07:06:44 +0000] "\x16\x03\x01\x01\t\x01" 400 432 "-" "-" ...	Bad Web Bot Web App Attack
🇫🇷 pm33	2026-05-22 07:55:20 (1 week ago)	Probing for resource vulnerabilities HTTP(S)	Web App Attack

Showing 1 to 15 of 76 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 222.110.147.56

🇨🇳 115.190.181.18

🇺🇸 50.17.56.187

🇺🇸 4.236.167.2

🇨🇦 2001:1810:4201:175:0:4:4531:7046

🇸🇰 217.79.119.48

🇹🇳 197.14.99.26

🇱🇹 188.69.225.188

🇷🇺 185.16.214.226

🇳🇱 172.94.9.158

🇦🇹 156.146.60.65

🇨🇳 125.69.195.7

🇨🇳 117.83.83.235

🇪🇸 85.86.181.39

🇮🇪 34.251.84.23

🇷🇴 2.57.121.112

🇲🇦 196.83.24.204

🇳🇱 195.178.110.30

🇺🇸 185.191.231.211

🇧🇷 162.241.203.107