JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2605:6400:30:f174:cafe::

2605:6400:30:f174:cafe:: was found in our database!

This IP was reported 37 times. Confidence of Abuse is 9%: ?

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	FranTech Solutions
Usage Type	Data Center/Web Hosting/Transit
ASN	AS53667
Hostname(s)	polyphemus3.brandonkuschel.com
Domain Name	frantech.ca
Country	🇨🇭 Switzerland
City	Zurich, Zurich

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2605:6400:30:f174:cafe::

Whois 2605:6400:30:f174:cafe::

IP Abuse Reports for 2605:6400:30:f174:cafe:::

This IP address has been reported a total of 37 times from 9 distinct sources. 2605:6400:30:f174:cafe:: was first reported on October 20th 2022, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Savvii	2026-06-10 08:55:27 (2 weeks ago)	20 attempts against mh-misbehave-ban on web-new	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:02:28 (1 month ago)	2026-04-26 08:00:32,883 fail2ban.actions [7718]: NOTICE [tor] Ban 2605:6400:30:f174:cafe:: 2 ... show more 2026-04-26 08:00:32,883 fail2ban.actions [7718]: NOTICE [tor] Ban 2605:6400:30:f174:cafe:: 2026-04-26 12:01:28,890 fail2ban.actions [7718]: NOTICE [tor] Ban 2605:6400:30:f174:cafe:: 2026-04-26 18:01:26,702 fail2ban.actions [7718]: NOTICE [tor] Ban 2605:6400:30:f174:cafe:: 2026-04-26 21:01:24,085 fail2ban.actions [7718]: NOTICE [tor] Ban 2605:6400:30:f174:cafe:: 2026-04-27 00:02:27,278 fail2ban.actions [7718]: NOTICE [tor] Ban 2605:6400:30:f174:cafe:: show less	Brute-Force
🇮🇹 VHosting	2026-03-26 20:10:59 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇺🇸 xmission.com	2026-03-09 15:06:31 (3 months ago)	Blocked by UFW (TCP on 9999) Source port: 18589 Packet length: 80 This report (for 2605:6400:0030:f ... show more Blocked by UFW (TCP on 9999) Source port: 18589 Packet length: 80 This report (for 2605:6400:0030:f174:cafe:0000:0000:0000) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Ping of Death
🇺🇸 TPI-Abuse	2026-02-13 23:59:51 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210492) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 13 18:59:47.647463 2026] [security2:error] [pid 29005:tid 29005] [client 2605:6400:30:f174:cafe:::43183] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.nue18.com"] [uri "/.git/config"] [unique_id "aY-68yfs5sG2o6WnCC6KqgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-13 05:53:53 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 13 00:53:48.615276 2025] [security2:error] [pid 30013:tid 30013] [client 2605:6400:30:f174:cafe:::44529] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ohanameetup.party\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ohanameetup.party"] [uri "/anameetup_com.sql"] [unique_id "aTz_bJCyVQ4ltkPb8MqQDAAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-12 11:22:29 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 12 06:22:20.916765 2025] [security2:error] [pid 13683:tid 13683] [client 2605:6400:30:f174:cafe:::18215] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lifestylemedica.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lifestylemedica.com"] [uri "/festylemedica_com.sql"] [unique_id "aTv67KiG43boX8btv1jSvwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-09 00:33:53 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 19:33:48.195075 2025] [security2:error] [pid 24125:tid 24125] [client 2605:6400:30:f174:cafe:::20269] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|moversandshakers.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "moversandshakers.org"] [uri "/mov.sql"] [unique_id "aTdubKkzKq4hUvOSJ6kBWQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-08 16:15:03 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 08 11:14:55.971782 2025] [security2:error] [pid 11763:tid 11763] [client 2605:6400:30:f174:cafe:::14709] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bigislandhawaiicoffee.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bigislandhawaiicoffee.com"] [uri "/dhawaiicoffee.sql"] [unique_id "aTb5fwG02QxVNuFhyNPBMQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 18:24:58 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 07 13:24:51.453685 2025] [security2:error] [pid 23984:tid 23984] [client 2605:6400:30:f174:cafe:::43419] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|corporatepresentation.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "corporatepresentation.net"] [uri "/latest.sql"] [unique_id "aTXGcyRtmY_r4pAYwU7lBQAAAHQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-07 04:16:10 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 23:16:04.101190 2025] [security2:error] [pid 21763:tid 21763] [client 2605:6400:30:f174:cafe:::10907] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|genevaatlantic.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "genevaatlantic.com"] [uri "/c.sql"] [unique_id "aTT_hG8Hr7qGGONe0wC00gAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 22:34:56 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 17:34:50.652127 2025] [security2:error] [pid 4137:tid 4137] [client 2605:6400:30:f174:cafe:::42793] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|kimbrothersusa.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "kimbrothersusa.com"] [uri "/usa_com.sql"] [unique_id "aTSvivv6UwSaP6tjZTNQgwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-06 08:17:13 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 06 03:17:08.857717 2025] [security2:error] [pid 32730:tid 32730] [client 2605:6400:30:f174:cafe:::18575] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|lanegraves.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "lanegraves.com"] [uri "/es_com.sql"] [unique_id "aTPmhL4T8jcohO8juGqxfwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-04 19:49:37 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 14:49:33.373533 2025] [security2:error] [pid 27675:tid 27675] [client 2605:6400:30:f174:cafe:::10323] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|jazziiafoundation.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "jazziiafoundation.org"] [uri "/afoundation.sql"] [unique_id "aTHlzemwYeNlDCQ06Ysz6AAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-04 11:39:32 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonku ... show more (mod_security) mod_security (id:210730) triggered by 2605:6400:30:f174:cafe:: (polyphemus3.brandonkuschel.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 04 06:39:25.158376 2025] [security2:error] [pid 19656:tid 19656] [client 2605:6400:30:f174:cafe:::19545] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|serviciodepinturadecasas.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "serviciodepinturadecasas.com"] [uri "/rviciodepinturadecasas_com.sql"] [unique_id "aTFy7WrTe6XGBf68E7mpxwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.229

🇺🇸 195.184.76.203

🇺🇸 195.184.76.166

🇷🇴 193.46.255.86

🇰🇿 185.233.3.95

🇺🇸 172.253.198.144

🇺🇸 170.106.105.73

🇺🇸 162.216.150.247

🇱🇻 81.30.98.44

🇺🇸 64.62.156.94

🇨🇳 58.212.237.116

🇬🇧 35.203.211.110

🇺🇸 15.204.252.23

🇧🇷 205.210.31.205

🇺🇸 205.210.31.52

🇧🇷 201.76.120.30

🇷🇺 178.218.117.188

🇺🇸 172.236.228.208

🇭🇰 165.154.1.18

🇺🇸 109.105.210.27