JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.255.125.64

5.255.125.64 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 100%: ?

100%

ISP	The Infrastructure Group B.V.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS60404
Domain Name	theinfrastructure.group
Country	🇳🇱 Netherlands
City	Dronten, Flevoland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.255.125.64

Whois 5.255.125.64

IP Abuse Reports for 5.255.125.64:

This IP address has been reported a total of 49 times from 32 distinct sources. 5.255.125.64 was first reported on June 21st 2026, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 paulo.apoloni	2026-06-22 15:24:23 (23 hours ago)	5.255.125.64 - - [22/Jun/2026:12:24:22 -0300] "GET /wp-content/debug.log HTTP/1.1" 404 118 "-" "Mozi ... show more 5.255.125.64 - - [22/Jun/2026:12:24:22 -0300] "GET /wp-content/debug.log HTTP/1.1" 404 118 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0" 5.255.125.64 - - [22/Jun/2026:12:24:22 -0300] "GET /.env.save HTTP/1.1" 404 181 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 5.255.125.64 - - [22/Jun/2026:12:24:22 -0300] "GET /.env.development HTTP/1.1" 404 181 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" 5.255.125.64 - - [22/Jun/2026:12:24:22 -0300] "GET /.env.backup HTTP/1.1" 404 118 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" 5.255.125.64 - - [22/Jun/2026:12:24:22 -0300] "GET /.env.test HTTP/1.1" 404 181 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36" ... show less	Web App Attack
🇫🇷 masterguru	2026-06-22 12:42:49 (1 day ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-201) show less	Hacking
🇳🇱 debestelapp	2026-06-22 12:30:02 (1 day ago)		Web App Attack
🇨🇿 ptlab	2026-06-22 12:30:02 (1 day ago)	Detected env_leak attack from WP-host.	Hacking Web App Attack
🇨🇭 4server	2026-06-22 12:11:53 (1 day ago)	[MonJun2214:11:47.4238172026][security2:error][pid1108354:tid1108410][client5.255.125.64:0]ModSecuri ... show more [MonJun2214:11:47.4238172026][security2:error][pid1108354:tid1108410][client5.255.125.64:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"cpanel.gsdsagl.ch\"][uri\"/server/.env\"][unique_id\"ajkmgy6owT1SCvKxxOoMTAAAAFQ\"] show less	Hacking Web App Attack
🇩🇪 Blexyel	2026-06-22 12:07:04 (1 day ago)	5.255.125.64 - - [22/Jun/2026:14:07:03 +0200] "GET /.git/config HTTP/1.1" 200 264 "-" "Mozilla/5.0 ( ... show more 5.255.125.64 - - [22/Jun/2026:14:07:03 +0200] "GET /.git/config HTTP/1.1" 200 264 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:149.0) Gecko/20100101 Firefox/149.0" "136.243.2.38" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 10:56:39 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 5.255.125.64 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 5.255.125.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 06:56:33.422963 2026] [security2:error] [pid 25841:tid 25841] [client 5.255.125.64:7720] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.n3fjp.com"] [uri "/server/.env"] [unique_id "ajkU4R3ZO0uwzpHqjpijiwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Savvii	2026-06-22 09:49:36 (1 day ago)	20 attempts against mh-misbehave-ban on ozone	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 09:44:46 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 5.255.125.64 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 5.255.125.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 05:44:38.706243 2026] [security2:error] [pid 27947:tid 27947] [client 5.255.125.64:57152] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.esslinger.us\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.esslinger.us"] [uri "/wp-content/debug.log"] [unique_id "ajkEBiLQ36z7PrIFweEZAAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 08:56:01 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 5.255.125.64 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 5.255.125.64 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 04:55:56.004516 2026] [security2:error] [pid 4323:tid 4323] [client 5.255.125.64:28196] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.circleinthesquare.org"] [uri "/.env"] [unique_id "ajj4nAEh33hHBOdEBvTC7QAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-22 07:58:19 (1 day ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 127	Exploited Host Web App Attack
🇧🇪 cmbplf	2026-06-22 07:39:07 (1 day ago)	859 requests with url.path *credentials.json	Brute-Force Bad Web Bot
Anonymous	2026-06-22 06:10:44 (1 day ago)	Aggressive web scan	Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-22 06:06:02 (1 day ago)	Fail2Ban - [WAF]ModSecurity OWASP CRS rule violation on nginx-modsecurity ... [ice01,ice02]	Hacking SQL Injection Web App Attack
🇬🇧 Aetherweb Ark	2026-06-22 05:22:45 (1 day ago)	(mod_security) mod_security (id:949110) triggered by 5.255.125.64 (-): N in the last X secs	Web App Attack

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.26

🇳🇱 45.148.10.147

🇰🇷 220.74.57.165

🇩🇪 213.209.159.228

🇷🇴 193.46.255.86

🇺🇸 184.105.139.113

🇨🇴 177.93.43.53

🇧🇬 46.10.56.170

🇳🇱 45.148.10.141

🇩🇪 45.3.44.86

🇩🇪 45.3.44.27

🇬🇧 35.203.210.166

🇺🇸 23.29.118.224

🇳🇱 176.65.139.242

🇩🇪 64.226.107.125

🇮🇳 27.96.91.92

🇬🇧 193.163.125.193

🇨🇳 183.230.155.13

🇸🇦 176.45.46.183

🇺🇸 128.14.75.249