JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2602:fb54:1400::1b2

2602:fb54:1400::1b2 was found in our database!

This IP was reported 219 times. Confidence of Abuse is 100%: ?

100%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	Advin Services LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS22295
Domain Name	advinservers.com
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2602:fb54:1400::1b2

Whois 2602:fb54:1400::1b2

IP Abuse Reports for 2602:fb54:1400::1b2:

This IP address has been reported a total of 219 times from 97 distinct sources. 2602:fb54:1400::1b2 was first reported on April 4th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-10 15:55:46 (2 hours ago)	(mod_security) mod_security (id:210730) triggered by 2602:fb54:1400::1b2 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2602:fb54:1400::1b2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 11:55:43.164648 2026] [security2:error] [pid 9076:tid 9076] [client 2602:fb54:1400::1b2:0] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|email.thectegroup.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "email.thectegroup.net"] [uri "/wp-content/debug.log"] [unique_id "aimI_3xkuIm8sjw2DfvpQwAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-10 15:48:47 (2 hours ago)	Excessive multi-domain requests	Brute-Force
🇧🇪 Scampi_ml	2026-06-10 13:15:23 (4 hours ago)	7x HTTP 403/404 responses in short timeframe. Likely vulnerability scanner or brute-force attack on ... show more 7x HTTP 403/404 responses in short timeframe. Likely vulnerability scanner or brute-force attack on web application paths. show less	Bad Web Bot Web App Attack
🇳🇱 SysAdmin Dylan	2026-06-09 16:21:40 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2602:fb54:1400::1b2 (Unknown): 10 in the last 3 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fb54:1400::1b2 (Unknown): 10 in the last 3600 secs show less	Brute-Force
🇩🇪 4server	2026-06-09 12:43:29 (1 day ago)	[TueJun0914:43:25.0538842026][security2:error][pid2928577:tid2928618][client2602:fb54:1400::1b2:0]Mo ... show more [TueJun0914:43:25.0538842026][security2:error][pid2928577:tid2928618][client2602:fb54:1400::1b2:0]ModSecurity:Accessdeniedwithcode403$phase1$.Patternmatch\"$\?i$$\?:/\(\?:\^\\|/$\\\\\\\\.$env\\|git\\|svn\\|hg\\|DS_Store$\\|/$\?:wp-config\\|\\\\\\\\.htaccess\\|\\\\\\\\.htpasswd$\\|\\\\\\\\.$\?:sql\\|bak\\|old\\|log$\$\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"156\"][id\"960720\"][msg\"Forbiddenfileaccessattempt\"][severity\"CRITICAL\"][hostname\"maurokorangraf.ch\"][uri\"/wp-content/debug.log\"][unique_id\"aigKbXaHRAIZJwpWG2LErQAAAA8\"] show less	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 07:35:48 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 2602:fb54:1400::1b2 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 2602:fb54:1400::1b2 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 03:35:43.490146 2026] [security2:error] [pid 2840:tid 2840] [client 2602:fb54:1400::1b2:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.swarnar.com"] [uri "/.env"] [unique_id "aifCT42-iLUFUP08WLSKtQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-08 23:21:17 (1 day ago)	Excessive multi-domain requests	Brute-Force
🇩🇪 LRob.fr	2026-06-07 05:45:04 (3 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
🇳🇱 Site.eu	2026-06-06 13:18:06 (4 days ago)	Excessive multi-domain requests	Brute-Force
🇳🇱 Mangelot Hosting	2026-06-06 08:14:26 (4 days ago)	(modsecurity) srv103 ModSecurity 2602:fb54:1400::1b2 (US/United States/-): 10 in the last 3600 secs; ... show more (modsecurity) srv103 ModSecurity 2602:fb54:1400::1b2 (US/United States/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇳🇱 Mangelot Hosting	2026-06-05 22:00:49 (4 days ago)	(modsecurity) srv201 ModSecurity 2602:fb54:1400::1b2 (US/United States/-): 10 in the last 3600 secs; ... show more (modsecurity) srv201 ModSecurity 2602:fb54:1400::1b2 (US/United States/-): 10 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: show less	Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-05 21:48:31 (4 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇩🇪 4server	2026-06-05 20:09:02 (4 days ago)	[FriJun0522:08:55.8953692026][security2:error][pid1238619:tid1238663][client2602:fb54:1400::1b2:0]Mo ... show more [FriJun0522:08:55.8953692026][security2:error][pid1238619:tid1238663][client2602:fb54:1400::1b2:0]ModSecurity:Accessdeniedwithcode403$phase2$.OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded$TotalScore:5$\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"mail.pietroviviani.ch\"][uri\"/.env.local\"][unique_id\"aiMs1wP9bD6ZR0VZp0w5IQAAABM\"] show less	Port Scan Brute-Force Web App Attack
🇫🇷 dynamix	2026-06-05 18:14:08 (4 days ago)	Multiple WAF Violations	Web App Attack
🇹🇷 baku.hosting	2026-06-04 15:08:03 (6 days ago)	CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 2602:fb54:1400::1b2 (Unknown): ... show more CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 2602:fb54:1400::1b2 (Unknown): 5 in the last 3600 secs show less	Brute-Force Web App Attack

Showing 1 to 15 of 219 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 180.243.13.154

🇷🇴 143.20.185.242

🇺🇸 103.143.231.24

🇫🇷 51.158.101.255

🇺🇸 34.106.215.130

🇯🇵 8.216.14.127

🇨🇭 2620:171:a5:f001:9999::242

🇬🇧 193.163.125.27

🇨🇳 182.138.158.69

🇳🇱 176.65.148.132

🇨🇳 123.145.7.103

🇨🇳 113.218.207.89

🇻🇳 103.75.182.132

🇺🇸 100.29.192.81

🇩🇪 64.89.163.158

🇫🇷 51.158.78.231

🇺🇸 40.124.172.146

🇳🇱 176.65.139.251

🇫🇷 163.172.149.158

🇵🇱 151.115.44.171