JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 13.140.146.138

13.140.146.138 was found in our database!

This IP was reported 51 times. Confidence of Abuse is 100%: ?

100%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3355199.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 13.140.146.138

Whois 13.140.146.138

IP Abuse Reports for 13.140.146.138:

This IP address has been reported a total of 51 times from 39 distinct sources. 13.140.146.138 was first reported on June 15th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 gu-alvareza	2026-06-16 07:05:07 (3 days ago)	Apache.HTTP.Server.cgi-bin.Path.Traversal	Web App Attack Hacking
Anonymous	2026-06-15 21:59:35 (3 days ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-15 16:10:52 (3 days ago)	(mod_security) mod_security (id:218420) triggered by 13.140.146.138 (vmi3355199.contaboserver.net): ... show more (mod_security) mod_security (id:218420) triggered by 13.140.146.138 (vmi3355199.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 12:10:47.465176 2026] [security2:error] [pid 6777:tid 6777] [client 13.140.146.138:54582] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.186:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.186"] [uri "/hello.world"] [unique_id "ajAkB81F30Xqz4VMXourFgAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Tamsy	2026-06-15 15:42:46 (3 days ago)	HTTPD - Buffer overflow attack	Web App Attack
🇬🇧 gbzret4d	2026-06-15 15:39:48 (3 days ago)	Honeypot [uk-production01]: SSH handshake/banner (24 bytes of payload); 2222 [1] TCP	SSH
🇩🇪 Admins@FBN	2026-06-15 15:18:51 (3 days ago)	FW-PortScan: Traffic Blocked srcport=61357 dstport=23	Port Scan
🇺🇸 MPL	2026-06-15 15:14:29 (3 days ago)	tcp/2375 (4 or more attempts)	Port Scan
🇯🇵 S.O.B.A. Dev.	2026-06-15 15:13:19 (3 days ago)	Persistent port scanning or vulnerability scanning	Port Scan
Anonymous	2026-06-15 15:04:41 (3 days ago)	IP & Port Scan.	SSH Port Scan Brute-Force
🇯🇵 shimizu	2026-06-15 15:01:01 (3 days ago)	4 times SMTP brute-force	Hacking Brute-Force
🇧🇷 dominioz	2026-06-15 14:57:56 (3 days ago)	13.140.146.138 - - [15/Jun/2026:11:57:53 -0300] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.% ... show more 13.140.146.138 - - [15/Jun/2026:11:57:53 -0300] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 173 "-" "-" "-" 13.140.146.138 - - [15/Jun/2026:11:57:55 -0300] "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" 400 173 "-" "-" "-" ... show less	Web App Attack
🇹🇼 kk_it_man	2026-06-15 14:43:02 (3 days ago)	ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 ET EXPLOIT Apache HTTP ... show more ET EXPLOIT Apache HTTP Server - Path Traversal Attempt (CVE-2021-42013) M2 ET EXPLOIT Apache HTTP Server 2.4.49 - Path Traversal Attempt (CVE-2021-41773) M2 ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt ET WEB_SERVER Generic PHP Remote File Include ET WEB_SERVER PHP tags in HTTP POST ET WEB_SERVER PHP.//Input in HTTP POST ET WEB_SERVER Possible SQL Injection (exec) in HTTP Request Body ET WEB_SERVER allow_url_include PHP config option in uri ET WEB_SERVER auto_prepend_file PHP config option in uri ET WEB_SPECIFIC_APPS PHP-CGI OS Command Injection (soft hyphen) (CVE-2024-4577) show less	Port Scan
🇺🇸 MPL	2026-06-15 14:11:48 (3 days ago)	tcp/23 (4 or more attempts)	Port Scan
🇺🇸 bigscoots.com	2026-06-15 14:03:14 (3 days ago)	(sshd) Failed SSH login from 13.140.146.138 (DE/Germany/vmi3355199.contaboserver.net): 5 in the last ... show more (sshd) Failed SSH login from 13.140.146.138 (DE/Germany/vmi3355199.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 15 09:01:46 15553 sshd[32508]: Invalid user admin from 13.140.146.138 port 37330 Jun 15 09:01:48 15553 sshd[32508]: Failed password for invalid user admin from 13.140.146.138 port 37330 ssh2 Jun 15 09:02:26 15553 sshd[426]: Invalid user orangepi from 13.140.146.138 port 46914 Jun 15 09:02:27 15553 sshd[426]: Failed password for invalid user orangepi from 13.140.146.138 port 46914 ssh2 Jun 15 09:03:03 15553 sshd[652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.140.146.138 user=root show less	Brute-Force SSH
🇹🇭 Sawasdee	2026-06-15 14:03:06 (3 days ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot

Showing 1 to 15 of 51 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇰 223.123.95.53

🇫🇷 217.76.55.220

🇺🇸 162.216.149.116

🇺🇸 157.245.119.156

🇺🇸 143.137.166.227

🇺🇸 143.137.166.87

🇺🇸 134.122.30.157

🇺🇸 66.132.172.232

🇩🇿 41.111.178.165

🇺🇸 3.142.170.60

🇳🇴 185.12.59.118

🇮🇩 180.243.1.196

🇺🇸 147.185.132.191

🇺🇸 143.137.166.131

🇺🇸 143.137.165.203

🇺🇸 143.137.164.246

🇨🇳 117.69.244.40

🇮🇳 103.127.170.156

🇻🇳 103.78.0.229

🇯🇵 58.98.197.137