JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.255.118.218

5.255.118.218 was found in our database!

This IP was reported 406 times. Confidence of Abuse is 91%: ?

91%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	The Infrastructure Group B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS60404
Domain Name	theinfrastructure.group
Country	🇳🇱 Netherlands
City	Dronten, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.255.118.218

Whois 5.255.118.218

IP Abuse Reports for 5.255.118.218:

This IP address has been reported a total of 406 times from 135 distinct sources. 5.255.118.218 was first reported on November 9th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇪 Jim Keir	2026-06-06 15:06:19 (1 day ago)	2026-06-06 15:06:18 5.255.118.218 File scanning, blocking 5.255.118.218 for 5 minutes	Web App Attack
🇩🇪 4server	2026-06-06 03:58:16 (1 day ago)	[SatJun0605:58:09.5604852026][security2:error][pid1725448:tid1725496][client5.255.118.218:0]ModSecur ... show more [SatJun0605:58:09.5604852026][security2:error][pid1725448:tid1725496][client5.255.118.218:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Patternmatch\"\(\?i\)\<[\^\\\\\\\\w\<\>]\\(\?:[\^\<\>\\\\\"\'\\\\\\\\s]\:\)\?[\^\\\\\\\\w\<\>]\\(\?:\\\\\\\\W\\?s\\\\\\\\W\\?c\\\\\\\\W\\?r\\\\\\\\W\\?i\\\\\\\\W\\?p\\\\\\\\W\\?t\\|\\\\\\\\W\\?f\\\\\\\\W\\?o\\\\\\\\W\\?r\\\\\\\\W\\?m\\|\\\\\\\\W\\?s\\\\\\\\W\\?t\\\\\\\\W\\?y\\\\\\\\W\\?l\\\\\\\\W\\?e\\|\\\\\\\\W\\?s\\\\\\\\W\\?v\\\\\\\\W\\?g\\|\\\\\\\\W\\?m\\\\\\\\W\\?a\\\\\\\\W\\?r\\\\\\\\W\\?q\\\\\\\\W\\?u\\\\\\\\W\\?e\\\\\\\\W\\?e\\|\(\?:\\\\\\\\W\\?l\\\\\\\\W\\?i\\\\\\\\W\\?n\\\\\\\\W\\?k\\|\\\\\\\\W\\?o\\\\\\\\W\\?b\\\\\\\\W\\?j\\\\\\\\W\\?e\\\\...\"atARGS:item_meta[24][].[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"1021\"][id\"342259\"][rev\"130\"][msg\"Atomicorp.comWAFRules:PossibleHTMLInjection\"][data\"MatchedData:\<spanstyle=foundwithinARGS:item_meta[24][]:\<spanstyle=\"][severity\"CRITICAL\"][hostname\"studio-po show less	Port Scan Brute-Force Web App Attack
🇺🇸 avgsmoe	2026-06-05 03:10:15 (2 days ago)	REPEAT offender. Observed 951 times.	Port Scan Brute-Force
🇮🇩 securejdprop	2026-06-03 19:05:49 (3 days ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor E ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Exit Node Traffic group 113). Ip 5.255.118.218 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-03 19:05:48.272463816 +0000 UTC show less	Hacking Web App Attack
🇩🇪 tentwentyfour	2026-06-02 09:49:12 (5 days ago)	Blocked for brute-forcing WordPress log-in	Brute-Force Web App Attack
🇳🇱 lid3rc	2026-06-02 01:41:05 (5 days ago)	According to the AbuseIPDB risk analysis, the IP address is too high risk.	Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 07:36:13 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 5.255.118.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 5.255.118.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 03:36:09.471378 2026] [security2:error] [pid 17144:tid 17144] [client 5.255.118.218:42358] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|wisdomworkforceoptimization.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wisdomworkforceoptimization.com"] [uri "/dump.sql"] [unique_id "ah02aWfpEhn5OR8eii03fwAAABE"], referer: wisdomworkforceoptimization.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 avgsmoe	2026-05-31 19:26:20 (6 days ago)	REPEAT offender. Observed 936 times.	Port Scan Brute-Force
🇺🇸 TPI-Abuse	2026-05-31 17:25:29 (6 days ago)	(mod_security) mod_security (id:210730) triggered by 5.255.118.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 5.255.118.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 13:25:22.076877 2026] [security2:error] [pid 24350:tid 24350] [client 5.255.118.218:48028] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|rodzillacharters.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rodzillacharters.com"] [uri "/dump.sql"] [unique_id "ahxvAnf4yqFuTWQmTGKM2gAAABA"], referer: rodzillacharters.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dklueh79	2026-05-30 18:20:46 (1 week ago)	Probe for vulnerabilities. Path attempted: /.git/config	Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 13:41:29 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 5.255.118.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 5.255.118.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 09:41:25.280039 2026] [security2:error] [pid 9415:tid 9415] [client 5.255.118.218:41446] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|aufflammen.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "aufflammen.com"] [uri "/dump.sql"] [unique_id "ahrpBXBcbCdKVT21pKGAegAAAAc"], referer: aufflammen.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-05-30 08:15:12 (1 week ago)	WAF repeated trigger detected by Fail2Ban in plesk-modsecurity jail	Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 19:39:42 (1 week ago)	(mod_security) mod_security (id:949110) triggered by 5.255.118.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:949110) triggered by 5.255.118.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 15:39:37.996742 2026] [security2:error] [pid 25987:tid 25987] [client 5.255.118.218:54684] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "armstrongenv.com"] [uri "/dump.sql"] [unique_id "ahiZ-XgTrhYBunGCvgbg5gAAAAM"], referer: armstrongenv.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 avgsmoe	2026-05-28 18:00:01 (1 week ago)	REPEAT offender. Observed 873 times.	Port Scan Brute-Force
🇺🇸 TPI-Abuse	2026-05-28 16:09:25 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 5.255.118.218 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 5.255.118.218 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 12:09:18.677236 2026] [security2:error] [pid 10056:tid 10056] [client 5.255.118.218:41300] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|easygifting.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "easygifting.com"] [uri "/dump.sql"] [unique_id "ahhorgcW_8rtd3-72w94VwAAABM"], referer: easygifting.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 406 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 207.180.204.120

🇺🇸 45.202.240.36

🇹🇳 197.5.145.102

🇺🇸 168.100.149.233

🇺🇸 168.100.149.80

🇸🇬 152.32.218.149

🇨🇳 124.160.45.26

🇭🇰 118.26.37.26

🇮🇳 103.190.7.203

🇺🇸 47.251.13.59

🇳🇱 45.198.224.134

🇱🇹 2a02:4780:9:1728:0:30eb:aeed:1

🇨🇳 221.198.80.23

🇳🇱 193.176.31.212

🇺🇸 172.93.103.2

🇩🇪 141.11.45.97

🇨🇳 119.96.223.148

🇸🇪 81.226.129.67

🇷🇺 79.120.30.97

🇺🇸 74.125.92.113