JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2605:7980:0:206e::1

2605:7980:0:206e::1 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 58%: ?

58%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	RouterHosting LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS14956
Domain Name	cloudzy.com
Country	🇺🇸 United States of America
City	Dallas, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2605:7980:0:206e::1

Whois 2605:7980:0:206e::1

IP Abuse Reports for 2605:7980:0:206e::1:

This IP address has been reported a total of 34 times from 13 distinct sources. 2605:7980:0:206e::1 was first reported on May 15th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-10 20:05:31 (1 week ago)	(mod_security) mod_security (id:243320) triggered by 2605:7980:0:206e::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:243320) triggered by 2605:7980:0:206e::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 16:05:22.451147 2026] [security2:error] [pid 4519:tid 4519] [client 2605:7980:0:206e::1:58175] ModSecurity: Access denied with code 403 (phase 2). String match "/.profile" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "6621"] [id "243320"] [rev "1"] [msg "COMODO WAF: Information disclosure vulnerability in Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP Buildpack Cf-release before 242, as used in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.38 and 1.7.x before 1.7.19 and other products (CVE-2016-6639)\|\|whoore.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whoore.com"] [uri "/.profile"] [unique_id "ainDggEVMcSlwdsuerqKPQAAAFk"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-10 12:00:50 (1 week ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇨🇭 SOC [GOLINE SA]	2026-06-09 19:40:05 (1 week ago)	Automated Attack === ATTACK === Service: nextjs-404 \| Type: Automated Attack / Bad Bot === SOURCE == ... show more Automated Attack === ATTACK === Service: nextjs-404 \| Type: Automated Attack / Bad Bot === SOURCE === IP: 2605:7980:0:206e::1 (IPv6) \| Country: United States \| ISP: NET6-2605-7980-1 \| rDNS: None === TARGET === Host: time.goline.ch === RESPONSE === Time: 2026-06-09 21:40:04 \| Action: Blocked show less	Brute-Force Bad Web Bot
🇸🇬 Cloudkul Cloudkul	2026-06-09 15:02:27 (1 week ago)	Attempted Not Found (404 status code) requests on our application, more than 30% of their total requ ... show more Attempted Not Found (404 status code) requests on our application, more than 30% of their total requests. show less	Brute-Force Web App Attack
🇳🇱 Site.eu	2026-06-09 13:10:26 (1 week ago)	Excessive multi-domain requests	Brute-Force
🇳🇱 e.fierstra	2026-06-09 09:55:29 (1 week ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 03:05:08 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 2605:7980:0:206e::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2605:7980:0:206e::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 23:05:01.426200 2026] [security2:error] [pid 15467:tid 15467] [client 2605:7980:0:206e::1:56456] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ssion.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ssion.com"] [uri "/config/php.ini"] [unique_id "aieC3VyKQxU5wu5TRURgbgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 alferez	2026-06-08 19:26:23 (1 week ago)	Searching .(env\|sql\|zip\|tar\|rar) files	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 12:37:20 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 2605:7980:0:206e::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2605:7980:0:206e::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 08:37:11.779062 2026] [security2:error] [pid 30246:tid 30246] [client 2605:7980:0:206e::1:62231] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|scadco.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "scadco.com"] [uri "/config/php.ini"] [unique_id "aia3d_X-uOQL3VXTca4kwgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-08 09:27:57 (1 week ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-07 07:07:47 (1 week ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-06 18:28:02 (1 week ago)	Excessive multi-domain requests	Brute-Force
🇺🇸 TPI-Abuse	2026-06-06 08:48:08 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 2605:7980:0:206e::1 (Unknown): 1 in the last 30 ... show more (mod_security) mod_security (id:210730) triggered by 2605:7980:0:206e::1 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 04:48:02.866875 2026] [security2:error] [pid 29694:tid 29702] [client 2605:7980:0:206e::1:56715] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|inal.org\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "inal.org"] [uri "/config.ini"] [unique_id "aiPewhBeOp91XL1blvUxJQAAAkU"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 e.fierstra	2026-06-06 01:03:46 (1 week ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-05 23:00:16 (1 week ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 185.183.177.222

🇻🇳 116.99.173.91

🇧🇼 83.143.28.163

🇺🇸 69.74.29.21

🇱🇺 46.151.182.34

🇺🇸 20.65.195.23

🇨🇭 194.230.5.7

🇳🇱 185.242.226.60

🇮🇩 182.253.156.173

🇬🇧 167.99.87.1

🇭🇰 101.36.116.45

🇨🇳 220.181.108.146

🇺🇸 216.180.246.136

🇲🇽 206.135.24.10

🇦🇷 186.19.188.69

🇨🇳 115.190.211.2

🇳🇱 91.92.40.204

🇬🇧 87.236.176.54

🇫🇷 51.68.34.131

🇺🇸 48.214.144.100