JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2a04:52c0:123:5ccf:50ef:cafe:babe:1337

2a04:52c0:123:5ccf:50ef:cafe:babe:1337 was found in our database!

This IP was reported 54 times. Confidence of Abuse is 12%: ?

12%

Important Note: Public IPv6 addresses may implement the SLAAC privacy extension. With this, the interface identifier is randomly generated. The SLAAC privacy extension also implements a time out, which is configurable, so that the IPv6 interface addresses will be discarded and a new interface identifier is generated.

ISP	The Infrastructure Group B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS60404
Domain Name	theinfrastructure.group
Country	🇳🇱 Netherlands
City	Dronten, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2a04:52c0:123:5ccf:50ef:cafe:babe:1337

Whois 2a04:52c0:123:5ccf:50ef:cafe:babe:1337

IP Abuse Reports for 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:

This IP address has been reported a total of 54 times from 7 distinct sources. 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 was first reported on July 13th 2025, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-24 19:04:46 (6 hours ago)	(mod_security) mod_security (id:949110) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:949110) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 15:04:34.248989 2026] [security2:error] [pid 1260:tid 1260] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:18166] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ipv6.21oaksfarm.com"] [uri "/.git/config"] [unique_id "ajwqQvKNvCYRBGhSsXF17QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-08 09:01:45 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 05:01:37.353985 2026] [security2:error] [pid 22428:tid 22428] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:16230] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|customhumanrobots.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "customhumanrobots.com"] [uri "/manrobots_com.sql"] [unique_id "af2mccUg8URO02ZreAQ_7QAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-28 21:37:22 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210492) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 28 17:37:11.891440 2026] [security2:error] [pid 25380:tid 25380] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:48588] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "drendels.com"] [uri "/wp-config.php.us"] [unique_id "afEoh2_VMVTN2YixWx91aAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-26 21:03:58 (1 month ago)	2026-04-26 08:00:47,954 fail2ban.actions [7718]: NOTICE [tor] Ban 2a04:52c0:123:5ccf:50ef:ca ... show more 2026-04-26 08:00:47,954 fail2ban.actions [7718]: NOTICE [tor] Ban 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 2026-04-26 12:01:38,213 fail2ban.actions [7718]: NOTICE [tor] Ban 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 2026-04-26 18:01:35,831 fail2ban.actions [7718]: NOTICE [tor] Ban 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 2026-04-26 21:01:33,348 fail2ban.actions [7718]: NOTICE [tor] Ban 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 2026-04-27 00:03:56,848 fail2ban.actions [7718]: NOTICE [tor] Ban 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-09 16:37:48 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210492) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 09 12:37:38.561159 2026] [security2:error] [pid 4192526:tid 4192526] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:27878] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staben.com"] [uri "/wp-config.php.backup.txt"] [unique_id "adfV0i7QJIdg_sRVKFxsQgAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2026-03-26 20:48:27 (2 months ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇳🇱 ノースフライト	2026-02-04 16:20:00 (4 months ago)	tor	Open Proxy
🇺🇸 TPI-Abuse	2026-01-26 08:07:17 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210492) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 03:07:08.891337 2026] [security2:error] [pid 1002:tid 1002] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:11612] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.hamiltoncountyuca.org"] [uri "/.git/config"] [unique_id "aXcgrLO2XSFGoSfaQEhdUgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-21 22:09:44 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210492) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jan 21 17:08:32.354368 2026] [security2:error] [pid 13822:tid 13822] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:49992] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.russellhouse.net"] [uri "/.git/config"] [unique_id "aXFOYNxmQ-2f7sz3Uz64dAAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-18 00:46:59 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 19:46:53.006609 2026] [security2:error] [pid 3648798:tid 3648798] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:65008] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|dynamic-therapy-mn.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dynamic-therapy-mn.com"] [uri "/backup_wp.sql"] [unique_id "aWwtfSLMXhPytZYnhxsS8QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-12 11:18:57 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210492) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 12 06:18:51.276245 2026] [security2:error] [pid 9788:tid 9902] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:29992] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ipv6.atitravel-greece.com"] [uri "/.git/config"] [unique_id "aWTYm3V3kClyrkzt7WfsNQAAAQ8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-02 11:36:11 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 02 06:36:07.577912 2026] [security2:error] [pid 31382:tid 31382] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:39122] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|hsoftwaresystems.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hsoftwaresystems.net"] [uri "/backupwp.sql"] [unique_id "aVetpxovwDyY5zKCEk8uxAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-02 08:12:32 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 02 03:12:21.587916 2026] [security2:error] [pid 22081:tid 22081] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:25238] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|solventtrapco.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "solventtrapco.com"] [uri "/enttrapco_com.sql"] [unique_id "aVd95RNps4a-ynhntDbP3QAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 14:07:37 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 09:07:29.507955 2025] [security2:error] [pid 9221:tid 9221] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:53254] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bolivarbulletintimes.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bolivarbulletintimes.com"] [uri "/backup_wp.sql"] [unique_id "aVKLIdIZIwz56HcORw3v3AAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 11:25:21 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown ... show more (mod_security) mod_security (id:210730) triggered by 2a04:52c0:123:5ccf:50ef:cafe:babe:1337 (Unknown): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 06:25:13.378141 2025] [security2:error] [pid 12085:tid 12085] [client 2a04:52c0:123:5ccf:50ef:cafe:babe:1337:30734] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|eatcakecup.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "eatcakecup.com"] [uri "/bck.sql"] [unique_id "aVJlGZ82-WlLcQZ8gY51oQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 54 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 201.149.53.243

🇩🇪 193.124.20.228

🇮🇩 36.70.159.248

🇰🇷 222.108.100.117

🇭🇰 194.187.178.53

🇫🇷 109.9.44.141

🇮🇩 103.172.20.218

🇹🇷 85.105.2.51

🇺🇸 66.132.195.19

🇳🇱 45.198.224.5

🇩🇪 31.77.168.48

🇺🇸 20.168.98.34

🇸🇬 173.239.247.141

🇩🇪 157.230.18.133

🇷🇺 151.252.84.225

🇩🇪 149.50.55.116

🇵🇪 149.34.48.186

🇮🇳 128.185.212.50

🇮🇩 103.191.14.210

🇮🇩 182.13.96.107