AbuseIPDB » 5.255.123.164

5.255.123.164 was found in our database!

This IP was reported 405 times. Confidence of Abuse is 49%: ?

49%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	The Infrastructure Group B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS60404
Domain Name	theinfrastructure.group
Country	Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 5.255.123.164

Whois 5.255.123.164

IP Abuse Reports for 5.255.123.164:

This IP address has been reported a total of 405 times from 181 distinct sources. 5.255.123.164 was first reported on February 25th 2024, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
TPI-Abuse	2025-02-07 10:44:42 (3 days ago)	(mod_security) mod_security (id:210492) triggered by 5.255.123.164 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 5.255.123.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 07 05:44:34.249611 2025] [security2:error] [pid 22876:tid 22893] [client 5.255.123.164:36998] [client 5.255.123.164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "piazzala.com"] [uri "/wp-config.php.maj"] [unique_id "Z6XkEi-NqfaYJ8Ms-DfLFgAAAI0"] show less	Brute-Force Bad Web Bot Web App Attack
bernd	2025-02-05 01:48:32 (5 days ago)	open Proxy	Open Proxy
MAGIC	2025-02-02 13:02:01 (1 week ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2025-01-31 01:59:02 (1 week ago)	Feb 26 11:24:57 cloud sshd[1844357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 eui ... show moreFeb 26 11:24:57 cloud sshd[1844357]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.255.123.164 Feb 26 11:24:59 cloud sshd[1844357]: Failed password for invalid user alden from 5.255.123.164 port 59726 ssh2 Feb 26 11:25:01 cloud sshd[1844357]: Failed password for invalid user alden from 5.255.123.164 port 59726 ssh2 Feb 26 11:25:05 cloud sshd[1844357]: Failed password for invalid user alden from 5.255.123.164 port 59726 ssh2 Feb 26 11:25:06 cloud sshd[1844357]: error: maximum authentication attempts exceeded for invalid user alden from 5.255.123.164 port 59726 ssh2 [preauth] show less	Brute-Force SSH
URAN Publishing Service	2025-01-23 10:29:31 (2 weeks ago)	5.255.123.164 - - [23/Jan/2025:12:28:35 +0200] "GET /wp-content/plugins/uploader/readme.txt HTTP/1.1 ... show more5.255.123.164 - - [23/Jan/2025:12:28:35 +0200] "GET /wp-content/plugins/uploader/readme.txt HTTP/1.1" 404 2815 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.2.21" 5.255.123.164 - - [23/Jan/2025:12:28:35 +0200] "GET /wp-content/plugins/uploader/readme.txt HTTP/1.1" 404 2814 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2.1 Safari/605.1.14" ... show less	Web App Attack
ThreatBook.io	2025-01-19 23:35:04 (3 weeks ago)	ThreatBook Intelligence: Spam more details on http://threatbook.io/ip/5.255.123.164	Brute-Force
etu brutus	2025-01-13 18:40:34 (4 weeks ago)	5.255.123.164 has been banned for [WebApp Attack] ...	Hacking Bad Web Bot Web App Attack
TPI-Abuse	2025-01-11 14:48:29 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 5.255.123.164 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 5.255.123.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 11 09:48:23.980894 2025] [security2:error] [pid 2982:tid 2982] [client 5.255.123.164:36952] [client 5.255.123.164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "teenybikinigirls.com"] [uri "/wp-config.php_old2017"] [unique_id "Z4KEt8J1TGHBhlfEntCIcAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Brent Wadleigh	2025-01-09 17:49:18 (1 month ago)	IP attempted SSH bruteforce on port 22. Detected and banned by CrowdSec.	Brute-Force SSH
TPI-Abuse	2025-01-07 10:43:55 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 5.255.123.164 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 5.255.123.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 07 05:43:48.384949 2025] [security2:error] [pid 18010:tid 18134] [client 5.255.123.164:54270] [client 5.255.123.164] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||seriousgames-system.info|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "seriousgames-system.info"] [uri "/ystem.sql"] [unique_id "Z30FZEngqPp09zTFgrKCRgAAAQk"] show less	Brute-Force Bad Web Bot Web App Attack
TPI-Abuse	2025-01-07 08:04:04 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 5.255.123.164 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210730) triggered by 5.255.123.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 07 03:04:00.837267 2025] [security2:error] [pid 14155:tid 14155] [client 5.255.123.164:46994] [client 5.255.123.164] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||caribef.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "caribef.com"] [uri "/daily.sql"] [unique_id "Z3zf8Jn00OWpA_53JJJ_HAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
David Ferneding	2025-01-03 16:36:23 (1 month ago)	Part of large-scale ddos-attack, 262624 requests from this ip	DDoS Attack
Anonymous	2025-01-02 02:03:51 (1 month ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
TPI-Abuse	2025-01-01 04:53:26 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 5.255.123.164 (-): 1 in the last 300 secs; Port ... show more(mod_security) mod_security (id:210492) triggered by 5.255.123.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 31 23:53:18.919862 2024] [security2:error] [pid 937395:tid 937395] [client 5.255.123.164:51538] [client 5.255.123.164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "asociacioncopan.org"] [uri "/wp-config.php_old9"] [unique_id "Z3TKPky2c4rBEFJ50hY-UwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
MAGIC	2024-12-31 17:10:59 (1 month ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩