JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 13.140.180.233

13.140.180.233 was found in our database!

This IP was reported 44 times. Confidence of Abuse is 100%: ?

100%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3370040.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 13.140.180.233

Whois 13.140.180.233

IP Abuse Reports for 13.140.180.233:

This IP address has been reported a total of 44 times from 33 distinct sources. 13.140.180.233 was first reported on June 16th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-20 10:41:00 (4 days ago)	A Network Trojan was detected. Signature ET WEB_SERVER allow_url_include PHP config option in uri. F ... show more A Network Trojan was detected. Signature ET WEB_SERVER allow_url_include PHP config option in uri. From: 13.140.180.233:44190, to: [redacted]:80, protocol: TCP show less	Brute-Force Hacking
🇫🇮 geot	2026-06-18 13:03:23 (6 days ago)	POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1 POST /hello.world?%A ... show more POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1 POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1 POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1 show less	Port Scan Hacking Web App Attack
🇦🇺 dyln	2026-06-17 19:32:29 (1 week ago)	Dyls honeypot brute-force: proto8 (46 total hits)	Brute-Force
🇪🇸 pipeline.es	2026-06-17 13:52:44 (1 week ago)	Web scanning / probing for vulnerable paths	Port Scan Web App Attack
Anonymous	2026-06-17 13:02:43 (1 week ago)	Automated report from Fail2Ban firewall ban	Brute-Force SSH IoT Targeted
🇰🇷 windykc	2026-06-17 13:00:04 (1 week ago)	Honeypot capture. Download/C2 URLs attempted: https://217.60.195.113/sh. HTTP: 2 attacks (sample URI ... show more Honeypot capture. Download/C2 URLs attempted: https://217.60.195.113/sh. HTTP: 2 attacks (sample URIs: ['/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php']). RCE/web-shell attempts: 2 (fake-shell endpoint). Geo/ISP: FR/Contabo GmbH. Last seen: 2026-06-17T21:32:28Z. show less	Hacking Exploited Host Web App Attack
🇺🇸 antlac1	2026-06-17 12:39:09 (1 week ago)	crowdsecurity/http-probing	Brute-Force Web App Attack
🇺🇸 demonsword	2026-06-17 12:22:42 (1 week ago)	SSH brute-force detected: 64 failed login attempts in the last 1 hour.	Brute-Force SSH
🇮🇪 AutosOnShow	2026-06-17 11:13:05 (1 week ago)	blocked for webapp attack \| path requested: / \| seen at 2026-06-17 11:12:43.983 \|	Web App Attack
🇺🇸 bigscoots.com	2026-06-17 10:49:53 (1 week ago)	(sshd) Failed SSH login from 13.140.180.233 (DE/Germany/vmi3370040.contaboserver.net): 5 in the last ... show more (sshd) Failed SSH login from 13.140.180.233 (DE/Germany/vmi3370040.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 17 05:48:33 14209 sshd[16306]: Invalid user admin from 13.140.180.233 port 38334 Jun 17 05:48:34 14209 sshd[16306]: Failed password for invalid user admin from 13.140.180.233 port 38334 ssh2 Jun 17 05:49:05 14209 sshd[16796]: Invalid user orangepi from 13.140.180.233 port 56388 Jun 17 05:49:08 14209 sshd[16796]: Failed password for invalid user orangepi from 13.140.180.233 port 56388 ssh2 Jun 17 05:49:39 14209 sshd[16979]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.140.180.233 user=root show less	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-17 10:42:25 (1 week ago)	(mod_security) mod_security (id:218420) triggered by 13.140.180.233 (vmi3370040.contaboserver.net): ... show more (mod_security) mod_security (id:218420) triggered by 13.140.180.233 (vmi3370040.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 06:42:19.686462 2026] [security2:error] [pid 16358:tid 16358] [client 13.140.180.233:42246] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.116:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.116"] [uri "/hello.world"] [unique_id "ajJ6CzevFVJ4gak-xOnIEAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 iNetWorker	2026-06-17 10:27:58 (1 week ago)	trying to access non-authorized port	Port Scan
🇺🇸 demonsword	2026-06-17 10:22:33 (1 week ago)	SSH brute-force detected: 104 failed login attempts in the last 1 hour.	Brute-Force SSH
🇺🇸 MPL	2026-06-17 10:14:33 (1 week ago)	tcp/22 (4 or more attempts)	Port Scan
🇺🇸 RAP	2026-06-17 09:37:31 (1 week ago)	2026-06-17 09:37:31 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan

Showing 1 to 15 of 44 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇴 201.184.50.251

🇳🇱 172.253.95.220

🇳🇱 141.101.76.8

🇨🇳 120.32.92.28

🇵🇭 119.93.143.50

🇺🇸 65.49.1.180

🇷🇴 2.57.121.112

🇵🇰 210.87.64.31

🇺🇸 184.105.247.199

🇮🇩 182.3.100.90

🇳🇱 162.159.113.28

🇺🇸 141.11.88.6

🇨🇳 124.117.194.78

🇨🇳 115.52.245.76

🇨🇳 114.225.253.26

🇺🇸 74.249.177.110

🇫🇷 37.65.60.181

🇯🇵 8.216.9.20

🇺🇸 205.210.31.94

🇫🇮 194.99.24.120