JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.255.111.52

5.255.111.52 was found in our database!

This IP was reported 86 times. Confidence of Abuse is 83%: ?

83%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	The Infrastructure Group B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS60404
Domain Name	theinfrastructure.group
Country	🇳🇱 Netherlands
City	Dronten, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.255.111.52

Whois 5.255.111.52

IP Abuse Reports for 5.255.111.52:

This IP address has been reported a total of 86 times from 42 distinct sources. 5.255.111.52 was first reported on December 30th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 ICS Labs	2026-06-05 19:36:05 (1 day ago)	ICS Labs identified 5.255.111.52 as a malicious indicator from threat intelligence.	DDoS Attack Hacking Brute-Force Exploited Host
🇺🇸 avgsmoe	2026-06-05 03:20:49 (1 day ago)	REPEAT offender. Observed 395 times.	Port Scan Brute-Force
🇩🇪 s@ch@	2026-06-04 20:15:16 (1 day ago)	Jail: plesk-panel \| Web application attack (Plesk Panel)	Web App Attack
🇩🇪 big-cloud.nl	2026-06-04 05:32:22 (2 days ago)	Try to access /xmlrpc.php	Web App Attack
🇦🇺 oncord	2026-06-03 21:47:24 (2 days ago)	Form spam	Web Spam
🇳🇱 Site.eu	2026-06-03 15:30:34 (3 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-02 15:06:19 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 11:06:13.118541 2026] [security2:error] [pid 18061:tid 18061] [client 5.255.111.52:52356] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "nuegrapes.com"] [uri "/.git/config"] [unique_id "ah7xZZOpcyTgCRQMGur3-QAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ✨	2026-06-02 00:07:11 (4 days ago)	Rule : PLESK BOT 2026-06-02 02:05:41 Unauthorized login attempt to Plesk Panel from IP 5.255.111.52 ... show more Rule : PLESK BOT 2026-06-02 02:05:41 Unauthorized login attempt to Plesk Panel from IP 5.255.111.52 with username admin show less	Hacking Brute-Force Web App Attack
🇩🇪 sverson	2026-06-01 23:12:43 (4 days ago)	Automated report	Hacking
🇩🇪 sverson	2026-06-01 17:28:10 (5 days ago)	Contact form spam	Web Spam
🇺🇸 TPI-Abuse	2026-05-31 09:10:27 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 05:10:20.986024 2026] [security2:error] [pid 13534:tid 13534] [client 5.255.111.52:33328] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|medcoarabia.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "medcoarabia.com"] [uri "/dump.sql"] [unique_id "ahv6_J_WiW4dSTPmCIMxwQAAAAE"], referer: medcoarabia.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 04:30:55 (6 days ago)	(mod_security) mod_security (id:210492) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 00:30:48.042762 2026] [security2:error] [pid 15519:tid 15519] [client 5.255.111.52:47088] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.joqlawn.com"] [uri "/.git/config"] [unique_id "ahu5eMyXC21WHhwiX6OIZAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 19:38:14 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 15:38:06.940445 2026] [security2:error] [pid 20187:tid 20187] [client 5.255.111.52:38270] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|gonzalez.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gonzalez.com"] [uri "/dump.sql"] [unique_id "ahiZnpEWp1vujCyTuGwtzwAAAAg"], referer: gonzalez.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 13:11:55 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 09:11:49.996365 2026] [security2:error] [pid 14716:tid 14716] [client 5.255.111.52:33018] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|silvermoonherbals.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "silvermoonherbals.com"] [uri "/dump.sql"] [unique_id "ahg_FXJw94tOog0xm76I9QAAAAo"], referer: silvermoonherbals.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 08:57:27 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 5.255.111.52 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 04:57:21.486521 2026] [security2:error] [pid 15594:tid 15594] [client 5.255.111.52:52754] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ebookromance.xyz\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ebookromance.xyz"] [uri "/dump.sql"] [unique_id "ahgDcT2hQLffKuyOwJKqOgAAABY"], referer: ebookromance.xyz/dump.sql show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 86 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 106.244.66.218

🇺🇸 200.10.44.63

🇳🇿 121.73.168.56

🇨🇭 104.244.74.201

🇸🇬 103.187.146.131

🇷🇴 92.118.39.236

🇨🇳 14.103.123.232

🇷🇴 2.57.122.177

🇧🇷 205.210.31.250

🇺🇸 155.2.215.103

🇺🇸 147.185.132.185

🇺🇸 147.185.132.22

🇺🇸 113.20.4.9

🇨🇳 106.13.165.101

🇸🇬 103.187.147.165

🇮🇩 103.166.10.244

🇮🇩 103.140.74.200

🇱🇹 81.30.98.144

🇧🇬 78.128.112.30

🇺🇸 66.132.172.185