JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.189.173.102

5.189.173.102 was found in our database!

This IP was reported 166 times. Confidence of Abuse is 100%: ?

100%

ISP	Contabo GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS51167
Hostname(s)	vmi3024951.contaboserver.net
Domain Name	contabo.com
Country	🇫🇷 France
City	Lauterbourg, Grand Est

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.189.173.102

Whois 5.189.173.102

IP Abuse Reports for 5.189.173.102:

This IP address has been reported a total of 166 times from 58 distinct sources. 5.189.173.102 was first reported on January 26th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 masterguru	2026-06-10 04:56:34 (2 days ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇬🇧 consul.to	2026-06-08 10:59:45 (3 days ago)	Web attack/malicious scanning detected	Web App Attack
🇪🇸 elcruzado.es	2026-06-08 07:17:49 (4 days ago)	(mod_security) mod_security triggered on hostname [redacted] 5.189.173.102 (FR/France/vmi3024951.con ... show more (mod_security) mod_security triggered on hostname [redacted] 5.189.173.102 (FR/France/vmi3024951.contaboserver.net) show less	SQL Injection
🇧🇷 dominioz	2026-06-08 05:58:17 (4 days ago)	2026-06-08 05:57:37 GET /.env - - 5.189.173.102 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+C ... show more 2026-06-08 05:57:37 GET /.env - - 5.189.173.102 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+Chrome/120.0.0.0+Safari/537.36 - 404 1440 2026-06-08 05:57:37 GET /api/.env - - 5.189.173.102 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+Chrome/120.0.0.0+Safari/537.36 - 404 1440 2026-06-08 05:57:37 GET /.env.old - - 5.189.173.102 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+Chrome/120.0.0.0+Safari/537.36 - 404 1440 2026-06-08 05:57:37 GET /.env.bak - - 5.189.173.102 HTTP/1.1 Mozilla/5.0+(Windows+NT+10.0;+Win64;+x64)+Chrome/120.0.0.0+Safari/537.36 - 404 1440 ... show less	Web App Attack
🇧🇷 Halux	2026-06-07 22:48:48 (4 days ago)	5.189.173.102 Probing protected path or service	Web App Attack
🇩🇪 Petros Stefanakis	2026-06-07 02:46:57 (5 days ago)	(mod_security) mod_security triggered on hostname [redacted] 5.189.173.102 (FR/France/vmi3024951.con ... show more (mod_security) mod_security triggered on hostname [redacted] 5.189.173.102 (FR/France/vmi3024951.contaboserver.net) show less	SQL Injection
🇺🇸 kosada.com	2026-06-07 01:18:52 (5 days ago)	Web vulnerability probing: /.env.old	Web App Attack
🇩🇪 LRob.fr	2026-06-06 21:30:06 (5 days ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
Anonymous	2026-06-06 21:27:47 (5 days ago)	(caddyscan) Scanner path probe from 5.189.173.102 (GB/United Kingdom/vmi3024951.contaboserver.net): ... show more (caddyscan) Scanner path probe from 5.189.173.102 (GB/United Kingdom/vmi3024951.contaboserver.net): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 5.189.173.102 - - [06/Jun/2026:21:27:23 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 5.189.173.102 - - [06/Jun/2026:21:27:23 +0000] "GET //api/.env HTTP/1.1" [REDACTED] 200 2627 5.189.173.102 - - [06/Jun/2026:21:27:24 +0000] "GET /.env.old HTTP/1.1" [REDACTED] 200 2627 5.189.173.102 - - [06/Jun/2026:21:27:24 +0000] "GET /.env.bak HTTP/1.1" [REDACTED] 200 0 5.189.173.102 - - [06/Jun/2026:21:27:45 +0000] "HEAD /.env.zip HTTP/1.1" show less	Port Scan
🇧🇷 vfAcceloReporter	2026-06-06 19:52:49 (5 days ago)	5.189.173.102 - - [06/Jun/2026:16:52:48 -0300] "GET /.env HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Window ... show more 5.189.173.102 - - [06/Jun/2026:16:52:48 -0300] "GET /.env HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/120.0.0.0 Safari/537.36" ... show less	Brute-Force Web App Attack Exploited Host
🇮🇩 Burayot	2026-06-06 08:45:52 (6 days ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 5.189.173.102 (FR/France/vmi3024951. ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 5.189.173.102 (FR/France/vmi3024951.contaboserver.net): 1 in the last 3600 secs show less	Web App Attack
🇬🇧 consul.to	2026-06-06 07:38:25 (6 days ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 masterguru	2026-06-06 02:49:17 (6 days ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-193)	Hacking Web App Attack
Anonymous	2026-06-05 05:35:12 (1 week ago)	Bot / seems abusive / Apache connections: 25	DDoS Attack Web Spam Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-04 18:58:58 (1 week ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack

Showing 1 to 15 of 166 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.150.120

🇮🇩 103.154.231.122

🇺🇸 206.212.244.18

🇬🇧 193.163.125.191

🇫🇷 185.185.82.26

🇨🇳 120.240.178.237

🇦🇷 186.138.152.46

🇷🇺 185.182.65.219

🇨🇦 158.69.227.40

🇸🇬 150.109.12.46

🇺🇸 66.132.172.254

🇳🇱 45.198.224.21

🇺🇸 40.160.16.154

🇧🇪 34.14.23.32

🇨🇳 222.174.184.86

🇺🇸 207.241.173.229

🇲🇽 187.191.48.24

🇺🇸 172.183.134.182

🇩🇪 167.94.145.23

🇺🇸 167.89.87.174