JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:f6f6:2:65fe::1

2602:f6f6:2:65fe::1 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 39%: ?

39%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Fourplex Telecom LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS27284
Domain Name	fourplex.net
Country	🇺🇸 United States of America
City	New York City, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:f6f6:2:65fe::1

Whois 2602:f6f6:2:65fe::1

IP Abuse Reports for 2602:f6f6:2:65fe::1:

This IP address has been reported a total of 14 times from 8 distinct sources. 2602:f6f6:2:65fe::1 was first reported on February 23rd 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 KingHost	2026-06-21 14:51:42 (1 day ago)		Brute-Force
🇩🇪 filstal.org	2026-06-20 20:26:03 (2 days ago)	CrowdSec: crowdsecurity/postfix-non-smtp-command	Email Spam Hacking
🇺🇸 TPI-Abuse	2026-06-19 07:49:02 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:65fe::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:65fe::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 03:48:49.505324 2026] [security2:error] [pid 20253:tid 20253] [client 2602:f6f6:2:65fe::1:31998] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.qxoticdivas.postermodelsworldwideinc.com"] [uri "/.env.example"] [unique_id "ajT0YfXAUnHzQTQJpQGp5gAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-19 05:22:07 (3 days ago)	Automated report (2026-06-19T01:22:07-04:00). Caught probing for env file.	Hacking Web App Attack Open Proxy VPN IP
🇺🇸 TPI-Abuse	2026-06-19 05:20:01 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:65fe::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:65fe::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 01:19:52.476636 2026] [security2:error] [pid 11535:tid 11535] [client 2602:f6f6:2:65fe::1:53970] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "garyandthegroove.com"] [uri "/config/.env"] [unique_id "ajTReBcXxAaHiyXnyRCh5AAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-17 12:08:39 (5 days ago)	[WedJun1714:08:32.7304032026][security2:error][pid2757574:tid2757747][client2602:f6f6:2:65fe::1:0]Mo ... show more [WedJun1714:08:32.7304032026][security2:error][pid2757574:tid2757747][client2602:f6f6:2:65fe::1:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"mail.wildpferde.ch\"][uri\"/.env.staging\"][unique_id\"ajKOQIcRbfUGGPB3lw5wcgAAANQ\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 10:58:32 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:65fe::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:65fe::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 06:58:23.968342 2026] [security2:error] [pid 11075:tid 11085] [client 2602:f6f6:2:65fe::1:27314] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "richardleeweatherman.com"] [uri "/.env.gemini.gpg"] [unique_id "ajJ9zyPfdOydAGJgxnU6JwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 01:02:21 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:65fe::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:65fe::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 21:02:12.013508 2026] [security2:error] [pid 7891:tid 7891] [client 2602:f6f6:2:65fe::1:45664] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.construction.bonefrog.com"] [uri "/.env.backup"] [unique_id "ajCglCON1tybvPmuH7rxQQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 16:23:42 (1 week ago)	(mod_security) mod_security (id:243320) triggered by 2602:f6f6:2:65fe::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:243320) triggered by 2602:f6f6:2:65fe::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:23:31.049131 2026] [security2:error] [pid 369:tid 478] [client 2602:f6f6:2:65fe::1:56358] ModSecurity: Access denied with code 403 (phase 2). String match "/.profile" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "6621"] [id "243320"] [rev "1"] [msg "COMODO WAF: Information disclosure vulnerability in Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products (CVE-2016-6639)\|\|coloradomohs.aafm.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "coloradomohs.aafm.us"] [uri "/.profile"] [unique_id "ajAnAy-ffj300-_6BbFPkAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-05-01 23:03:00 (1 month ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇺🇸 canine.tools	2026-04-25 22:28:42 (1 month ago)	[fail2ban Auto Report] {"time":"2026-04-25T18:28:41.862498242-04:00","level":"INFO","source":{"funct ... show more [fail2ban Auto Report] {"time":"2026-04-25T18:28:41.862498242-04:00","level":"INFO","source":{"function":"github.com/TecharoHQ/anubis/lib.(*Server).checkRules","file":"/Users/cadey/Code/TecharoHQ/botstopper/upstream/anubis/lib/anubis.go","line":309},"msg":"explicit deny","subsystem":"anubis","host":"searxng.canine.tools","method":"GET","path":"/","user_agent":"","accept_language":"zh-CN","priority":"u=0, i","x-forwarded-for":"2602:f6f6:2:65fe::1","x-real-ip":"2602:f6f6:2:65fe::1","host":"searxng.canine.tools","check_result":{"name":"bot/no-user-agent-string","rule":"DENY","weight":0}} ... show less	Bad Web Bot
🇺🇸 mind5t0rm	2026-04-04 09:50:58 (2 months ago)	(WPLOGIN) WP Login Attack 2602:f6f6:2:65fe::1 (Unknown): 3 in the last 3600 secs; Ports: ; Directio ... show more (WPLOGIN) WP Login Attack 2602:f6f6:2:65fe::1 (Unknown): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 2602:f6f6:2:65fe::1 - - [04/Apr/2026:16:37:38 +0700] "POST /wp-login.php?action=register HTTP/2.0" 302 0 "https://guruhospitality.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.181 Safari/537.36" 2602:f6f6:2:65fe::1 - - [04/Apr/2026:16:38:34 +0700] "POST /wp-login.php?action=register HTTP/2.0" 302 0 "https://guruhospitality.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:83) Gecko/20100101 Firefox/83" 2602:f6f6:2:65fe::1 - - [04/Apr/2026:16:50:55 +0700] "POST /wp-login.php?action=register HTTP/2.0" 302 0 "https://guruhospitality.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.5414.181 Safari/537.36" show less	Port Scan
🇺🇸 mind5t0rm	2026-02-23 02:01:39 (3 months ago)	(WPLOGIN) WP Login Attack 2602:f6f6:2:65fe::1 (Unknown): 3 in the last 3600 secs; Ports: ; Directio ... show more (WPLOGIN) WP Login Attack 2602:f6f6:2:65fe::1 (Unknown): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 2602:f6f6:2:65fe::1 - - [23/Feb/2026:08:44:06 +0700] "POST /wp-login.php?action=register HTTP/2.0" 302 0 "https://guruhospitality.com/wp-login.php?action=register" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.36 Safari/537.36" 2602:f6f6:2:65fe::1 - - [23/Feb/2026:08:44:58 +0700] "POST /wp-login.php?action=register HTTP/2.0" 302 0 "https://guruhospitality.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.9 Safari/537.36" 2602:f6f6:2:65fe::1 - - [23/Feb/2026:09:01:36 +0700] "POST /wp-login.php?action=register HTTP/2.0" 302 0 "https://guruhospitality.com/wp-login.php?action=register" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.36 Safari/537.36" show less	Port Scan
🇺🇸 mind5t0rm	2026-02-23 00:44:11 (4 months ago)	(WPLOGIN) WP Login Attack 2602:f6f6:2:65fe::1 (Unknown): 3 in the last 3600 secs; Ports: ; Directio ... show more (WPLOGIN) WP Login Attack 2602:f6f6:2:65fe::1 (Unknown): 3 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_TRIGGER; Logs: 2602:f6f6:2:65fe::1 - - [23/Feb/2026:07:42:22 +0700] "POST /wp-login.php?action=register HTTP/2.0" 302 0 "https://guruhospitality.com/wp-login.php?action=register" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.5249.47 Safari/537.36" 2602:f6f6:2:65fe::1 - - [23/Feb/2026:07:43:14 +0700] "POST /wp-login.php?action=register HTTP/2.0" 302 0 "https://guruhospitality.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.158 Safari/537.36" 2602:f6f6:2:65fe::1 - - [23/Feb/2026:07:44:06 +0700] "POST /wp-login.php?action=register HTTP/2.0" 302 0 "https://guruhospitality.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/111.0.5563.205 Safari/537.36" show less	Port Scan

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2001:470:1:332::28

🇺🇸 184.105.139.99

🇨🇷 170.246.157.234

🇺🇸 162.216.150.136

🇨🇳 125.35.109.214

🇰🇪 105.27.148.94

🇮🇩 103.112.5.7

🇫🇷 91.231.89.162

🇩🇪 69.5.169.94

🇧🇷 45.205.1.246

🇧🇪 34.22.124.200

🇮🇳 20.244.95.134

🇹🇭 202.29.221.2

🇲🇽 192.178.95.85

🇨🇦 165.245.231.110

🇺🇸 159.89.137.248

🇭🇰 152.32.251.44

🇺🇸 143.198.57.147

🇺🇸 143.198.15.12

🇱🇹 91.224.92.190