JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.255.107.118

5.255.107.118 was found in our database!

This IP was reported 126 times. Confidence of Abuse is 100%: ?

100%

ISP	The Infrastructure Group B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS60404
Domain Name	theinfrastructure.group
Country	🇳🇱 Netherlands
City	Dronten, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.255.107.118

Whois 5.255.107.118

IP Abuse Reports for 5.255.107.118:

This IP address has been reported a total of 126 times from 79 distinct sources. 5.255.107.118 was first reported on December 10th 2024, and the most recent report was 12 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇦 URAN Publishing Service	2026-06-22 10:38:55 (12 minutes ago)	5.255.107.118 - - [22/Jun/2026:13:38:53 +0300] "GET /wp-content/debug.log HTTP/1.1" 404 732 "-" "Moz ... show more 5.255.107.118 - - [22/Jun/2026:13:38:53 +0300] "GET /wp-content/debug.log HTTP/1.1" 404 732 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0" 5.255.107.118 - - [22/Jun/2026:13:38:54 +0300] "GET /public/.env HTTP/1.1" 404 4660 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0" ... show less	Web App Attack
🇩🇪 gadix	2026-06-22 09:50:52 (1 hour ago)	[22/Jun/2026:11:50:50.944037 +0200] ajkFeoawhxptc3Xmzn_ccAAAAAw 5.255.107.118 54698 127.0.0.1 7081 [ ... show more [22/Jun/2026:11:50:50.944037 +0200] ajkFeoawhxptc3Xmzn_ccAAAAAw 5.255.107.118 54698 127.0.0.1 7081 [22/Jun/2026:11:50:51.113797 +0200] ajkFe4awhxptc3Xmzn_ccQAAABE 5.255.107.118 54704 127.0.0.1 7081 [22/Jun/2026:11:50:51.551267 +0200] ajkFe1Yor4NDwUaJEG__tgAAAIc 5.255.107.118 54710 127.0.0.1 7081 ... show less	Web App Attack
🇩🇪 Hary74656	2026-06-22 09:44:09 (1 hour ago)	[Mon Jun 22 11:43:48.257422 2026] [security2:error] [pid 156757:tid 156859] [client 5.255.107.118:41 ... show more [Mon Jun 22 11:43:48.257422 2026] [security2:error] [pid 156757:tid 156859] [client 5.255.107.118:41678] [client 5.255.107.118] ModSecurity: Access denied with code 403 (phase 2). String match within ".asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .rdb/ .resources/ .resx/ .sql/ .swp/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/" at TX:extension. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1056"] [id "920440"] [msg "URL file extension is restricted by policy"] [data ".log"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "weavernet.de"] ... show less	Web App Attack
🇧🇷 Halux	2026-06-22 09:11:13 (1 hour ago)	5.255.107.118 Probing protected path or service	Web App Attack
🇩🇪 dbmwebdesign	2026-06-22 09:05:14 (1 hour ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇩🇪 Ba-Yu	2026-06-22 08:32:06 (2 hours ago)	General hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇩🇪 IloGus	2026-06-22 08:00:24 (2 hours ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇧🇪 cmbplf	2026-06-22 07:24:00 (3 hours ago)	1.326 requests with url.path credentials.json 658 requests with url.path .git/* 419 requests wi ... show more 1.326 requests with url.path credentials.json 658 requests with url.path .git/* 419 requests with url.path config.json 173 requests with url.path secrets.json 109 requests with url.path /debug.log 109 requests with url.path debug.log show less	Brute-Force Bad Web Bot
🇩🇪 Bedios GmbH	2026-06-22 06:12:33 (4 hours ago)	Wordpress hacking attempt	Web App Attack
🇱🇻 garmtech.com	2026-06-22 06:05:58 (4 hours ago)	Attempted access to sensitive endpoint (/.env) detected. Automated scan or unauthorized probing.	Web App Attack
🇨🇦 zXero	2026-06-22 06:04:33 (4 hours ago)	Fail2Ban automatic report - jail: no-wordpress	Brute-Force SSH DDoS Attack
🇬🇧 OptimusGO	2026-06-22 06:02:57 (4 hours ago)	Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Time ... show more Malicious activity detected: web_attack Server: commstackbc (185.127.18.66) Attack: web_attack Timestamp: 2026-06-22 07:02:57 UTC Log evidence: 5.255.107.118 - - [22/Jun/2026:07:02:53 +0100] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0" 06/22/2026-07:02:56.707141 [wDrop] [] [1:7000500:1] FINSERV CRITICAL: Aggressive Port Scan [] [Classification: Attempted Information Leak] [Priority: 2] {TCP} 5.255.107.118:4528 -> 185.127.18.66:443 06/22/2026-07:02:56.707141 [] [1:9000060:2] AUTONOMOUS Long-term Reconnaissance [] [Classification: (null)] [Priority: 2] {TCP} 5.255.107.118:4528 -> 185.127.18.66:443 show less	Port Scan Brute-Force
Anonymous	2026-06-22 05:59:38 (4 hours ago)	5.255.107.118 - - [22/Jun/2026:07:59:31 +0200] "GET /wp-content/debug.log HTTP/1.1" 403 494 "-" "Moz ... show more 5.255.107.118 - - [22/Jun/2026:07:59:31 +0200] "GET /wp-content/debug.log HTTP/1.1" 403 494 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:150.0) Gecko/20100101 Firefox/150.0" 5.255.107.118 - - [22/Jun/2026:07:59:32 +0200] "GET /.env HTTP/1.1" 403 494 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36" 5.255.107.118 - - [22/Jun/2026:07:59:32 +0200] "GET /laravel/.env HTTP/1.1" 403 494 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 5.255.107.118 - - [22/Jun/2026:07:59:32 +0200] "GET /.env.save HTTP/1.1" 403 494 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Safari/605.1.15" 5.255.107.118 - - [22/Jun/2026:07:59:32 +0200] "GET /.env.staging HTTP/1.1" 403 494 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/147.0.0.0" 5.255.10 ... show less	DDoS Attack
🇮🇩 David Koswari	2026-06-22 05:36:00 (5 hours ago)	REQ_BLOCKED_ACL	DDoS Attack FTP Brute-Force Ping of Death Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
Anonymous	2026-06-22 04:35:25 (6 hours ago)	5.255.107.118 - - [22/Jun/2026:12:35:24 +0800] "GET /web/.env HTTP/1.1" 301 245 "-" "Mozilla/5.0 (iP ... show more 5.255.107.118 - - [22/Jun/2026:12:35:24 +0800] "GET /web/.env HTTP/1.1" 301 245 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 18_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.4 Mobile/15E148 Safari/604.1" ... show less	Bad Web Bot Web App Attack

Showing 1 to 15 of 126 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.218.206.90

🇮🇩 103.147.159.91

🇸🇬 103.134.154.138

🇫🇷 91.231.89.200

🇺🇸 91.230.168.8

🇳🇱 89.190.156.12

🇮🇹 64.190.76.14

🇲🇽 187.170.61.138

🇳🇱 185.242.226.104

🇺🇸 135.237.126.73

🇸🇬 107.150.112.233

🇸🇬 97.74.87.194

🇳🇱 45.148.10.151

🇻🇳 14.167.79.51

🇸🇦 5.247.137.239

🇺🇸 2604:a880:400:d1:0:4:9e8f:8001

🇺🇸 193.37.33.185

🇳🇱 176.65.139.105

🇺🇸 104.234.53.247

🇸🇬 101.47.156.21