JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.255.100.73

5.255.100.73 was found in our database!

This IP was reported 75 times. Confidence of Abuse is 100%: ?

100%

ISP	The Infrastructure Group B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS60404
Domain Name	theinfrastructure.group
Country	🇳🇱 Netherlands
City	Lelystad, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.255.100.73

Whois 5.255.100.73

IP Abuse Reports for 5.255.100.73:

This IP address has been reported a total of 75 times from 47 distinct sources. 5.255.100.73 was first reported on June 21st 2026, and the most recent report was 53 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 WebNiraj	2026-06-21 19:54:20 (53 minutes ago)	(mod_security) mod_security (id:949110) triggered by 5.255.100.73 (NL/The Netherlands/-): 5 in the l ... show more (mod_security) mod_security (id:949110) triggered by 5.255.100.73 (NL/The Netherlands/-): 5 in the last 3600 secs [SIGMA] show less	Brute-Force
🇹🇼 tye	2026-06-21 19:00:30 (1 hour ago)	Wazuh Alert Evidence: 5.255.100.73 (5.255.100.73) - - [22/Jun/2026:03:00:28 +0800] "GET /wp-content/ ... show more Wazuh Alert Evidence: 5.255.100.73 (5.255.100.73) - - [22/Jun/2026:03:00:28 +0800] "GET /wp-content/debug.log HTTP/1.1" 404 455 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0" show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 17:26:29 (3 hours ago)	(mod_security) mod_security (id:210730) triggered by 5.255.100.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 5.255.100.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 13:26:22.897286 2026] [security2:error] [pid 8455:tid 8455] [client 5.255.100.73:50212] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.ptfea.aquascapes.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.ptfea.aquascapes.net"] [uri "/wp-content/debug.log"] [unique_id "ajgevhI79sJG6ECeJlSwjwAAADw"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇴 iulianh	2026-06-21 17:15:26 (3 hours ago)	*	Brute-Force SSH
🇩🇪 FeG Deutschland	2026-06-21 17:06:13 (3 hours ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 127	Exploited Host Web App Attack
🇳🇱 Savvii	2026-06-21 17:03:05 (3 hours ago)	22 attempts against mh-misbehave-ban on bean	Brute-Force Bad Web Bot Web App Attack
🇦🇺 Anytech	2026-06-21 15:54:31 (4 hours ago)	Blocked by Conn-Monitor: Web scanning activity	Hacking Web App Attack
🇲🇾 Rizzy	2026-06-21 15:41:18 (5 hours ago)	Multiple WAF Violations	Brute-Force Web App Attack
Anonymous	2026-06-21 14:10:06 (6 hours ago)	"GET /wp-content/debug.log HTTP/1.1"	Hacking Web App Attack
🇨🇭 zynex	2026-06-21 13:49:38 (6 hours ago)	URL Probing: /public/.env	Web App Attack
🇫🇷 masterguru	2026-06-21 13:00:04 (7 hours ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 5.255.100.73 (NL/The Netherlands/-): ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 5.255.100.73 (NL/The Netherlands/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-21 12:47:06 (8 hours ago)	(mod_security) mod_security (id:210492) triggered by 5.255.100.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 5.255.100.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 08:46:58.182187 2026] [security2:error] [pid 22421:tid 22421] [client 5.255.100.73:8476] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.getmypov.com"] [uri "/.env"] [unique_id "ajfdQnYKTxocx09fHA-MzgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 12:08:58 (8 hours ago)	(mod_security) mod_security (id:949110) triggered by 5.255.100.73 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:949110) triggered by 5.255.100.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 08:08:53.191413 2026] [security2:error] [pid 24368:tid 24368] [client 5.255.100.73:40706] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "theshitmydadsays.com"] [uri "/wp-content/debug.log"] [unique_id "ajfUVZ7I4g_6MQyVIIvkLQAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇱🇻 garmtech.com	2026-06-21 12:06:46 (8 hours ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇩🇪 Hary74656	2026-06-21 11:56:32 (8 hours ago)	[Sun Jun 21 13:56:30.211770 2026] [security2:error] [pid 49598:tid 49715] [client 5.255.100.73:59790 ... show more [Sun Jun 21 13:56:30.211770 2026] [security2:error] [pid 49598:tid 49715] [client 5.255.100.73:59790] [client 5.255.100.73] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1056"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "bienchen.at"] [uri ... show less	Web App Attack

Showing 1 to 15 of 75 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 185.247.137.194

🇧🇷 177.44.191.61

🇳🇬 165.154.11.247

🇬🇭 156.38.121.48

🇫🇮 147.185.133.61

🇨🇳 115.190.155.149

🇷🇴 80.94.92.186

🇺🇸 191.96.150.31

🇺🇸 172.234.218.210

🇳🇱 152.42.149.132

🇨🇳 124.251.110.186

🇧🇿 45.227.254.156

🇨🇳 120.227.20.108

🇺🇸 67.61.15.92

🇨🇳 62.234.19.235

🇨🇳 60.191.221.172

🇦🇺 27.32.45.241

🇬🇧 195.206.182.207

🇰🇷 175.214.123.177

🇬🇧 165.154.174.206