JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.220.84.108

158.220.84.108 was found in our database!

This IP was reported 53 times. Confidence of Abuse is 0%: ?

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3161219.contaboserver.net
Domain Name	contabo.com
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	Portsmouth, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.220.84.108

Whois 158.220.84.108

IP Abuse Reports for 158.220.84.108:

This IP address has been reported a total of 53 times from 35 distinct sources. 158.220.84.108 was first reported on March 18th 2026, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 SOC-BR	2026-03-19 07:20:01 (3 months ago)	Attack detected by Fortinet - apache: Apache.HTTP.Server.cgi-bin.Path.Traversal - 2026-03-18 06:01:0 ... show more Attack detected by Fortinet - apache: Apache.HTTP.Server.cgi-bin.Path.Traversal - 2026-03-18 06:01:03 - Source Port 46674 show less	Port Scan Hacking
🇦🇹 urnilxfgbez	2026-03-18 23:45:00 (3 months ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
Anonymous	2026-03-18 14:38:53 (3 months ago)	Portscan: TCP/23 (3x), TCP/80, TCP/2222 (2x)	Port Scan
🇫🇷 vtchost.com	2026-03-18 09:34:50 (3 months ago)	Probing unauthorized ports ...	Port Scan
🇺🇸 bigscoots.com	2026-03-18 09:33:49 (3 months ago)	(sshd) Failed SSH login from 158.220.84.108 (GB/United Kingdom/vmi3161219.contaboserver.net): 5 in t ... show more (sshd) Failed SSH login from 158.220.84.108 (GB/United Kingdom/vmi3161219.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Mar 18 04:32:35 14499 sshd[30250]: Invalid user admin from 158.220.84.108 port 44946 Mar 18 04:32:37 14499 sshd[30250]: Failed password for invalid user admin from 158.220.84.108 port 44946 ssh2 Mar 18 04:33:08 14499 sshd[30315]: Invalid user orangepi from 158.220.84.108 port 59736 Mar 18 04:33:10 14499 sshd[30315]: Failed password for invalid user orangepi from 158.220.84.108 port 59736 ssh2 Mar 18 04:33:40 14499 sshd[30327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.220.84.108 user=root show less	Brute-Force SSH
🇺🇸 xmission.com	2026-03-18 09:28:52 (3 months ago)	Blocked by UFW (TCP on 2222) Source port: 64796 TTL: 52 Packet length: 40 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2222) Source port: 64796 TTL: 52 Packet length: 40 TOS: 0x00 This report (for 158.220.84.108) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-03-18 09:27:40 (3 months ago)	(mod_security) mod_security (id:218420) triggered by 158.220.84.108 (vmi3161219.contaboserver.net): ... show more (mod_security) mod_security (id:218420) triggered by 158.220.84.108 (vmi3161219.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 18 05:27:34.824648 2026] [security2:error] [pid 30729:tid 30729] [client 158.220.84.108:39406] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.42:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.42"] [uri "/hello.world"] [unique_id "abpwBn8f9uGizrT5kDwo0QAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 MPL	2026-03-18 09:20:17 (3 months ago)	tcp/2222 (2 or more attempts)	Port Scan
🇦🇺 clapper	2026-03-18 09:06:21 (3 months ago)	(mod_security) mod_security (id:949110) triggered by 158.220.84.108 (GB/United Kingdom/vmi3161219.co ... show more (mod_security) mod_security (id:949110) triggered by 158.220.84.108 (GB/United Kingdom/vmi3161219.contaboserver.net): 3 in the last 3600 secs; ID: LUC show less	Brute-Force Bad Web Bot
🇺🇸 antlac1	2026-03-18 09:00:37 (3 months ago)	crowdsecurity/http-cve-2021-41773	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-03-18 08:59:07 (3 months ago)	(mod_security) mod_security (id:218420) triggered by 158.220.84.108 (vmi3161219.contaboserver.net): ... show more (mod_security) mod_security (id:218420) triggered by 158.220.84.108 (vmi3161219.contaboserver.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 18 04:59:03.327534 2026] [security2:error] [pid 422:tid 422] [client 158.220.84.108:35370] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "38"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.200:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.200"] [uri "/hello.world"] [unique_id "abppVz8I6CCmu76OVPMGTwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ITSNF	2026-03-18 08:58:27 (3 months ago)	FFM Mar 18 09:57:51 websrv01 sshd[2685655]: Invalid user admin from 158.220.84.108 port 41290 Mar 18 ... show more FFM Mar 18 09:57:51 websrv01 sshd[2685655]: Invalid user admin from 158.220.84.108 port 41290 Mar 18 09:57:51 websrv01 sshd[2685655]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.220.84.108 Mar 18 09:57:52 websrv01 sshd[2685655]: Failed password for invalid user admin from 158.220.84.108 port 41290 ssh2 Mar 18 09:58:26 websrv01 sshd[2685683]: Invalid user orangepi from 158.220.84.108 port 51812 show less	Brute-Force SSH
Anonymous	2026-03-18 08:54:04 (3 months ago)	Bot / scanning and/or hacking attempts: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/. ... show more Bot / scanning and/or hacking attempts: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e show less	Hacking Web App Attack
Anonymous	2026-03-18 08:49:19 (3 months ago)	Multiple web server 400 error codes from same source ip	Web App Attack
🇺🇸 bigscoots.com	2026-03-18 08:48:32 (3 months ago)	(sshd) Failed SSH login from 158.220.84.108 (GB/United Kingdom/vmi3161219.contaboserver.net): 5 in t ... show more (sshd) Failed SSH login from 158.220.84.108 (GB/United Kingdom/vmi3161219.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_SSHD; Logs: Mar 18 08:47:19 23452 sshd[19415]: Invalid user admin from 158.220.84.108 port 56712 Mar 18 08:47:21 23452 sshd[19415]: Failed password for invalid user admin from 158.220.84.108 port 56712 ssh2 Mar 18 08:47:51 23452 sshd[19428]: Invalid user orangepi from 158.220.84.108 port 51348 Mar 18 08:47:54 23452 sshd[19428]: Failed password for invalid user orangepi from 158.220.84.108 port 51348 ssh2 Mar 18 08:48:24 23452 sshd[19500]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=158.220.84.108 user=root show less	Brute-Force SSH

Showing 1 to 15 of 53 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 193.56.116.98

🇩🇪 139.19.117.129

🇬🇧 92.27.157.252

🇳🇱 91.92.40.12

🇨🇳 60.16.212.147

🇮🇳 198.38.85.149

🇨🇳 115.207.133.139

🇻🇳 113.22.178.69

🇺🇸 109.105.210.40

🇮🇳 103.86.180.10

🇪🇬 41.236.223.56

🇮🇷 5.22.103.255

🇮🇳 223.178.214.44

🇸🇪 213.102.87.237

🇰🇷 175.200.217.128

🇵🇱 104.29.148.68

🇧🇩 103.163.117.83

🇮🇩 103.99.214.16

🇹🇷 45.67.152.162

🇺🇸 35.226.6.189