JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 147.93.135.163

147.93.135.163 was found in our database!

This IP was reported 86 times. Confidence of Abuse is 100%: ?

100%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS40021
Hostname(s)	vmi2967525.contaboserver.net
Domain Name	contabo.com
Country	🇺🇸 United States of America
City	St. Louis, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 147.93.135.163

Whois 147.93.135.163

IP Abuse Reports for 147.93.135.163:

This IP address has been reported a total of 86 times from 63 distinct sources. 147.93.135.163 was first reported on May 29th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 JCB	2026-06-08 08:29:00 (1 week ago)	147.93.135.163 - - [07/Jun/2026:15:39:22 +0300] "GET /public/vendor/phpunit/phpunit/src/Util/PHP/eva ... show more 147.93.135.163 - - [07/Jun/2026:15:39:22 +0300] "GET /public/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 236 147.93.135.163 - - [07/Jun/2026:15:39:22 +0300] "GET /apps/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 236 ... show less	Web App Attack Hacking
🇧🇷 SOC-BR	2026-06-08 07:26:31 (1 week ago)	Attack detected by Fortinet - apache: Apache.HTTP.Server.cgi-bin.Path.Traversal - 2026-06-07 10:59:0 ... show more Attack detected by Fortinet - apache: Apache.HTTP.Server.cgi-bin.Path.Traversal - 2026-06-07 10:59:07 - Source Port 59852 show less	Port Scan Hacking
🇬🇧 openstrike.co.uk	2026-06-08 05:13:08 (1 week ago)	1 attack on shell probes: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTT ... show more 1 attack on shell probes: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1 show less	Hacking
🇫🇷 service Informatique	2026-06-08 04:00:37 (1 week ago)	/cgi-bin	Web App Attack
🇫🇮 tjs	2026-06-07 21:55:00 (1 week ago)	web attack, shell attempt	Hacking Web App Attack
🇬🇧 thetomtaylor.co.uk	2026-06-07 21:06:02 (1 week ago)	Fail2Ban - [WEB]Custom exploit pattern detected on customexploits ... [ice01,wa01,wa02]	Hacking Brute-Force Bad Web Bot Web App Attack
🇺🇸 bigscoots.com	2026-06-07 19:14:37 (1 week ago)	(sshd) Failed SSH login from 147.93.135.163 (US/United States/vmi2967525.contaboserver.net): 5 in th ... show more (sshd) Failed SSH login from 147.93.135.163 (US/United States/vmi2967525.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 7 14:13:25 14778 sshd[31643]: Invalid user admin from 147.93.135.163 port 39940 Jun 7 14:13:28 14778 sshd[31643]: Failed password for invalid user admin from 147.93.135.163 port 39940 ssh2 Jun 7 14:13:58 14778 sshd[31798]: Invalid user orangepi from 147.93.135.163 port 55162 Jun 7 14:14:00 14778 sshd[31798]: Failed password for invalid user orangepi from 147.93.135.163 port 55162 ssh2 Jun 7 14:14:31 14778 sshd[32146]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.93.135.163 user=root show less	Brute-Force SSH
🇩🇪 tall1oN	2026-06-07 19:04:21 (1 week ago)	2026-06-07T21:03:46.474403+02:00 towelie sshd-session[2583066]: pam_unix(sshd:auth): authentication ... show more 2026-06-07T21:03:46.474403+02:00 towelie sshd-session[2583066]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.93.135.163 2026-06-07T21:03:48.668863+02:00 towelie sshd-session[2583066]: Failed password for invalid user admin from 147.93.135.163 port 33092 ssh2 2026-06-07T21:04:21.511637+02:00 towelie sshd-session[2583704]: Invalid user orangepi from 147.93.135.163 port 47086 ... show less	Brute-Force SSH
🇬🇧 seniorlinuxadmin	2026-06-07 18:56:03 (1 week ago)	147.93.135.163 - - [07/Jun/2026:19:56:02 +0100] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.% ... show more 147.93.135.163 - - [07/Jun/2026:19:56:02 +0100] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 403 158 "-" "libredtail-http" show less	Port Scan Web App Attack
🇺🇸 bigscoots.com	2026-06-07 18:43:17 (1 week ago)	(sshd) Failed SSH login from 147.93.135.163 (US/United States/vmi2967525.contaboserver.net): 5 in th ... show more (sshd) Failed SSH login from 147.93.135.163 (US/United States/vmi2967525.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Jun 7 13:41:58 15002 sshd[10002]: Invalid user admin from 147.93.135.163 port 35894 Jun 7 13:42:00 15002 sshd[10002]: Failed password for invalid user admin from 147.93.135.163 port 35894 ssh2 Jun 7 13:42:31 15002 sshd[10343]: Invalid user orangepi from 147.93.135.163 port 37860 Jun 7 13:42:33 15002 sshd[10343]: Failed password for invalid user orangepi from 147.93.135.163 port 37860 ssh2 Jun 7 13:43:03 15002 sshd[10738]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.93.135.163 user=root show less	Brute-Force SSH
🇩🇪 london2038.com	2026-06-07 18:41:31 (1 week ago)	Probing for exploits 147.93.135.163 - - [07/Jun/2026:20:41:27 +0200] "POST /hello.world?%ADd+allow_u ... show more Probing for exploits 147.93.135.163 - - [07/Jun/2026:20:41:27 +0200] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 422 0 "-" "libredtail-http" 147.93.135.163 - - [07/Jun/2026:20:41:28 +0200] "POST /?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 422 0 "-" "libredtail-http" show less	Hacking Web App Attack
🇩🇪 iRaphi05	2026-06-07 18:31:13 (1 week ago)	Honeypot detection: POST request on /cgi-bin/../../../../../../../../../../bin/sh \| User-Agent: libr ... show more Honeypot detection: POST request on /cgi-bin/../../../../../../../../../../bin/sh \| User-Agent: libredtail-http show less	Hacking Web App Attack
Anonymous	2026-06-07 18:28:16 (1 week ago)	2026-06-07T18:28:15.536551+00:00 caddy caddy[63377]: {"level":"info","ts":1780856895.5364435,"logger ... show more 2026-06-07T18:28:15.536551+00:00 caddy caddy[63377]: {"level":"info","ts":1780856895.5364435,"logger":"http.log.access","msg":"handled request","request":{"remote_ip":"147.93.135.163","remote_port":"34442","client_ip":"147.93.135.163","proto":"HTTP/1.1","method":"POST","host":"142.132.232.19:80","uri":"/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh","headers":{"Content-Type":["text/plain"],"Content-Length":["117"],"Upgrade-Insecure-Requests":["1"],"Accept":["/"],"User-Agent":["libredtail-http"],"Connection":["keep-alive"]}},"bytes_read":0,"user_id":"","duration":0.000073602,"size":0,"status":308,"resp_headers":{"Server":["Caddy"],"Connection":["close"],"Location":["https://142.132.232.19/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh"],"Content-Type":[]}} ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 18:23:05 (1 week ago)	(mod_security) mod_security (id:218420) triggered by 147.93.135.163 (vmi2967525.contaboserver.net): ... show more (mod_security) mod_security (id:218420) triggered by 147.93.135.163 (vmi2967525.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 14:22:59.019654 2026] [security2:error] [pid 1559:tid 1645] [client 147.93.135.163:41892] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.201:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.201"] [uri "/hello.world"] [unique_id "aiW3AyLrGZOdOyk4S4KJQQAAAdI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-06-07 18:06:30 (1 week ago)	tcp/80 (2 or more attempts)	Port Scan

Showing 1 to 15 of 86 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 144.22.238.238

🇨🇳 112.81.91.191

🇭🇰 103.155.100.73

🇹🇳 102.159.110.216

🇨🇿 91.224.90.50

🇩🇪 80.150.246.98

🇺🇸 64.62.156.89

🇸🇬 52.237.80.79

🇭🇰 14.136.63.181

🇧🇷 177.200.39.156

🇺🇸 172.58.57.51

🇺🇸 162.216.150.103

🇺🇸 159.89.93.179

🇺🇸 147.182.129.34

🇨🇳 124.16.242.208

🇷🇺 87.250.9.98

🇫🇮 65.109.21.141

🇻🇳 58.186.20.143

🇯🇵 49.212.201.210

🇪🇬 41.128.181.199