JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.255.104.228

5.255.104.228 was found in our database!

This IP was reported 85 times. Confidence of Abuse is 100%: ?

100%

ISP	The Infrastructure Group B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS60404
Domain Name	theinfrastructure.group
Country	🇳🇱 Netherlands
City	Dronten, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.255.104.228

Whois 5.255.104.228

IP Abuse Reports for 5.255.104.228:

This IP address has been reported a total of 85 times from 56 distinct sources. 5.255.104.228 was first reported on March 15th 2023, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇭🇺 kranem	2026-06-22 12:00:46 (20 hours ago)	Triggered Cloudflare WAF from NL. Action taken: LINK_MAZE_INJECTED ASN: 60404 (The Infrastructure Gr ... show more Triggered Cloudflare WAF from NL. Action taken: LINK_MAZE_INJECTED ASN: 60404 (The Infrastructure Group B.V.) Protocol: HTTP/1.1 (GET method) Endpoint: / Timestamp: 2026-06-22T10:41:11Z User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0 show less	Bad Web Bot
🇪🇸 yvoictra	2026-06-22 11:54:29 (20 hours ago)	5.255.104.228 - - [22/Jun/2026:13:54:27 +0200] "GET /wp-content/debug.log HTTP/1.1" 404 134 "-" "Moz ... show more 5.255.104.228 - - [22/Jun/2026:13:54:27 +0200] "GET /wp-content/debug.log HTTP/1.1" 404 134 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0" 5.255.104.228 - - [22/Jun/2026:13:54:28 +0200] "GET /.env HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0" 5.255.104.228 - - [22/Jun/2026:13:54:28 +0200] "GET /gcp-key.json HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 5.255.104.228 - - [22/Jun/2026:13:54:28 +0200] "GET /.env.local HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 Edg/146.0.0.0" 5.255.104.228 - - [22/Jun/2026:13:54:28 +0200] "GET /gcloud-service-key.json HTTP/1.1" 404 197 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0 ... show less	Brute-Force Web App Attack
Anonymous	2026-06-22 11:35:09 (21 hours ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇬🇧 Axel	2026-06-22 11:22:47 (21 hours ago)	Blocked by ModSecurity. Rule ID: 210730 Message: COMODO WAF: URL file extension is restricted by pol ... show more Blocked by ModSecurity. Rule ID: 210730 Message: COMODO WAF: URL file extension is restricted by policy\|\|plesk.axel.lotto\|F\|2 Phase: 2 Severity: CRITICAL URI: /wp-content/debug.log Server: UK-01 show less	Web App Attack Hacking SQL Injection
🇩🇪 derLoosi	2026-06-22 09:58:37 (22 hours ago)	HV1.1 Blocked by UFW	Port Scan
🇸🇪 SkyDancer	2026-06-22 09:15:10 (23 hours ago)	Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by Sk ... show more Multiple unauthorized attempts to access using wrong credentials. Attack automatically blocked by SkyDancer Ai. EXT-SYS-Vx show less	Hacking Brute-Force SSH
🇦🇺 AWW-Admin	2026-06-22 09:11:52 (23 hours ago)	(mod_security) mod_security triggered on hostname [redacted] 5.255.104.228 (-)	SQL Injection
🇺🇸 TPI-Abuse	2026-06-22 09:11:35 (23 hours ago)	(mod_security) mod_security (id:210730) triggered by 5.255.104.228 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 5.255.104.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 05:11:29.379049 2026] [security2:error] [pid 13591:tid 13591] [client 5.255.104.228:60034] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.gizmolabs.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.gizmolabs.net"] [uri "/wp-content/debug.log"] [unique_id "ajj8QYI2wJ31OUGcxV4KYwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 akasolutions.de	2026-06-22 08:38:23 (1 day ago)	(mod_security) mod_security triggered on hostname [redacted] 5.255.104.228 (-)	SQL Injection
🇫🇷 masterguru	2026-06-22 08:04:00 (1 day ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 08:00:12 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 5.255.104.228 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 5.255.104.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 03:59:59.101560 2026] [security2:error] [pid 31519:tid 31519] [client 5.255.104.228:30424] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.thehappywillow.com"] [uri "/.env"] [unique_id "ajjrfzMuOeTH9UoG-_A5aQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-22 07:24:17 (1 day ago)	1.160 requests with url.path credentials.json 546 requests with url.path .git/* 315 requests wi ... show more 1.160 requests with url.path credentials.json 546 requests with url.path .git/* 315 requests with url.path config.json 144 requests with url.path secrets.json show less	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-22 06:55:50 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 5.255.104.228 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 5.255.104.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 02:55:43.491066 2026] [security2:error] [pid 17825:tid 17851] [client 5.255.104.228:37460] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.koliosfoods.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.koliosfoods.com"] [uri "/wp-content/debug.log"] [unique_id "ajjcb5q8cvxwYlASyRuclAAAANY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 06:26:36 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 5.255.104.228 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 5.255.104.228 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 02:26:28.638179 2026] [security2:error] [pid 25386:tid 25386] [client 5.255.104.228:18300] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.tradelosangeles.com"] [uri "/.env"] [unique_id "ajjVlEQZEJqCoRGcZ-lLCAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-22 06:19:31 (1 day ago)	5.255.104.228 - - [22/Jun/2026:08:19:24 +0200] "GET /.yarnrc HTTP/1.1" 404 125524 "-" "Mozilla/5.0 ( ... show more 5.255.104.228 - - [22/Jun/2026:08:19:24 +0200] "GET /.yarnrc HTTP/1.1" 404 125524 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1" 5.255.104.228 - - [22/Jun/2026:08:19:29 +0200] "GET /.yarnrc HTTP/1.1" 404 18569 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1" 5.255.104.228 - - [22/Jun/2026:08:19:24 +0200] "GET /gcp-service-account.json HTTP/1.1" 404 125701 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0" 5.255.104.228 - - [22/Jun/2026:08:19:29 +0200] "GET /gcp-service-account.json HTTP/1.1" 404 18601 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0" 5.255.104.228 - - [22/Jun/2026:08:19:24 +0200] "GET /appsettings.Production.json ... show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 85 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 147.185.133.180

🇰🇷 59.16.192.32

🇮🇳 4.224.40.94

🇰🇷 222.232.176.7

🇸🇬 172.188.89.41

🇺🇸 166.62.35.226

🇰🇷 125.138.166.217

🇻🇳 103.186.101.237

🇳🇱 91.92.40.237

🇺🇸 74.207.244.156

🇨🇴 186.115.61.96

🇮🇩 165.154.151.176

🇨🇳 118.145.242.91

🇸🇪 88.218.45.65

🇷🇺 87.250.224.249

🇷🇺 87.250.224.24

🇺🇸 66.132.195.52

🇺🇸 66.132.172.126

🇺🇸 54.193.77.250

🇳🇱 45.148.10.151