JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:f6f6:2:bab9::1

2602:f6f6:2:bab9::1 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 16%: ?

16%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Fourplex Telecom LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS27284
Domain Name	fourplex.net
Country	🇺🇸 United States of America
City	New York City, New York

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:f6f6:2:bab9::1

Whois 2602:f6f6:2:bab9::1

IP Abuse Reports for 2602:f6f6:2:bab9::1:

This IP address has been reported a total of 43 times from 7 distinct sources. 2602:f6f6:2:bab9::1 was first reported on November 14th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-08 03:20:05 (2 days ago)	\| Multiple SQL injection attempts from same source ip.(multiple servers)	Web App Attack Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-05-08 15:00:55 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 11:00:46.643830 2026] [security2:error] [pid 343:tid 343] [client 2602:f6f6:2:bab9::1:38644] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cosplayculture.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cosplayculture.com"] [uri "/cosplaycultu.sql"] [unique_id "af36nr_vXf_xYKw0Q1U40wAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-08 09:02:20 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 05:02:10.847574 2026] [security2:error] [pid 18255:tid 18255] [client 2602:f6f6:2:bab9::1:50092] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|customhumanrobots.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "customhumanrobots.com"] [uri "/dump.sql"] [unique_id "af2mkpNfxwNjCUjeQuaTdgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:02:08 (1 month ago)	2026-04-26 08:00:28,821 fail2ban.actions [7718]: NOTICE [tor] Ban 2602:f6f6:2:bab9::1 2026-0 ... show more 2026-04-26 08:00:28,821 fail2ban.actions [7718]: NOTICE [tor] Ban 2602:f6f6:2:bab9::1 2026-04-26 12:01:26,471 fail2ban.actions [7718]: NOTICE [tor] Ban 2602:f6f6:2:bab9::1 2026-04-26 18:01:24,256 fail2ban.actions [7718]: NOTICE [tor] Ban 2602:f6f6:2:bab9::1 2026-04-26 21:01:21,335 fail2ban.actions [7718]: NOTICE [tor] Ban 2602:f6f6:2:bab9::1 2026-04-27 00:02:07,647 fail2ban.actions [7718]: NOTICE [tor] Ban 2602:f6f6:2:bab9::1 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-23 00:54:45 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 22 20:54:35.324572 2026] [security2:error] [pid 3281244:tid 3281244] [client 2602:f6f6:2:bab9::1:59256] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "brbcash.com"] [uri "/wp-config.phpOLD"] [unique_id "aelty6pSAMnQDE8VgjSbpwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-19 06:19:56 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 19 02:19:48.863736 2026] [security2:error] [pid 1640880:tid 1640880] [client 2602:f6f6:2:bab9::1:46278] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.bak" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "starsmogsandiego.com"] [uri "/wp-config.bak"] [unique_id "aeR0BCnsYh3ND8K7Y4VNhgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-16 22:03:10 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 16 18:03:00.628407 2026] [security2:error] [pid 3321245:tid 3321245] [client 2602:f6f6:2:bab9::1:34028] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marv.us"] [uri "/wp-config.phpo"] [unique_id "aeFclCUSYGdQtUKkfzYhawAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 ipblock.com	2026-03-30 02:48:00 (2 months ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-03-26 21:34:50 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇨🇦 1gz	2026-03-02 03:08:51 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: CHALLENGE Protocol: HTTP/2 (GET met ... show more Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: CHALLENGE Protocol: HTTP/2 (GET method) Endpoint: / UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:140.0) Gecko/20100101 Firefox/140.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-23 20:15:38 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 15:15:34.684517 2026] [security2:error] [pid 27097:tid 27097] [client 2602:f6f6:2:bab9::1:59386] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dwightbrown.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dwightbrown.com"] [uri "/n_db.sql"] [unique_id "aZy1ZvCR431HO0wWWpK21QAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-23 13:33:37 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 23 08:33:32.605440 2026] [security2:error] [pid 29027:tid 29027] [client 2602:f6f6:2:bab9::1:38792] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|artspacecleveland.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "artspacecleveland.com"] [uri "/rtspacecleveland_prod.sql"] [unique_id "aZxXLPo_O2pKydwU2z11HQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-07 10:01:33 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 07 05:01:28.070212 2026] [security2:error] [pid 21797:tid 21797] [client 2602:f6f6:2:bab9::1:40118] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.sguard.co"] [uri "/.git/config"] [unique_id "aYcNeGnyYoakWtDDQ76dzQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 homeshowdomain.nl	2026-01-31 23:00:56 (4 months ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-01-30. show less	Hacking Web App Attack SSH
🇺🇸 TPI-Abuse	2026-01-25 23:38:54 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:f6f6:2:bab9::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 25 18:38:49.214764 2026] [security2:error] [pid 10163:tid 10163] [client 2602:f6f6:2:bab9::1:44050] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.ypsisda.net"] [uri "/.git/config"] [unique_id "aXapid0SlZ1sRlcUCmP4qwAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 202.145.0.18

🇩🇪 193.41.226.27

🇳🇱 185.99.99.95

🇮🇳 168.144.78.95

🇫🇷 95.111.230.218

🇯🇵 47.74.4.118

🇸🇬 43.159.55.235

🇨🇳 221.131.139.70

🇨🇳 220.250.10.201

🇨🇳 218.26.204.42

🇦🇺 209.38.30.35

🇨🇳 203.195.82.4

🇿🇼 197.221.232.44

🇫🇮 147.185.133.93

🇻🇳 123.24.150.37

🇨🇳 115.190.230.82

🇺🇸 100.29.192.12

🇧🇬 79.124.62.230

🇨🇳 219.147.106.14

🇫🇮 193.164.155.103