JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 51.89.109.140

51.89.109.140 was found in our database!

This IP was reported 266 times. Confidence of Abuse is 0%: ?

ISP	OVH SAS
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16276
Domain Name	ovh.net
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 51.89.109.140

Whois 51.89.109.140

IP Abuse Reports for 51.89.109.140:

This IP address has been reported a total of 266 times from 68 distinct sources. 51.89.109.140 was first reported on February 28th 2023, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 threatintelligence_bvc	2026-01-31 09:17:11 (4 months ago)		Brute-Force
🇮🇹 VHosting	2026-01-31 08:34:57 (4 months ago)	Detected mail brute force attack from 4 different servers	Brute-Force
🇬🇧 Andrew Forbes	2024-02-11 20:37:01 (2 years ago)	bad bombardment	SQL Injection
🇺🇸 octageeks.com	2024-02-11 05:07:42 (2 years ago)	Wordpress malicious attack:[octa404]	Web App Attack
🇺🇸 octageeks.com	2024-02-10 05:07:33 (2 years ago)	Wordpress malicious attack:[octa404]	Web App Attack
🇺🇸 octageeks.com	2024-02-09 05:07:16 (2 years ago)	Wordpress malicious attack:[octa404]	Web App Attack
🇺🇸 TPI-Abuse	2024-02-08 11:18:18 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the ... show more (mod_security) mod_security (id:210730) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 08 06:18:13.883267 2024] [security2:error] [pid 28092] [client 51.89.109.140:51821] [client 51.89.109.140] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|tributetochildren.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "tributetochildren.org"] [uri "/admin.sql"] [unique_id "ZcS4dW8-0s5j4iyUKstmoAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-02-08 08:15:25 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the ... show more (mod_security) mod_security (id:210730) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 08 03:15:20.637676 2024] [security2:error] [pid 14463] [client 51.89.109.140:62420] [client 51.89.109.140] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.jwwsb.jaspercity.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.jwwsb.jaspercity.com"] [uri "/admin.sql"] [unique_id "ZcSNmKeTecgf2vefD6IXIAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-02-07 17:23:40 (2 years ago)	(mod_security) mod_security (id:210492) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 07 12:23:33.363150 2024] [security2:error] [pid 23914] [client 51.89.109.140:63834] [client 51.89.109.140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.needtoorderprinting.com"] [uri "/.env"] [unique_id "ZcO8lfnBKFfjsiStbxHUewAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-02-07 10:58:40 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the ... show more (mod_security) mod_security (id:210730) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 07 05:58:34.048876 2024] [security2:error] [pid 6810] [client 51.89.109.140:63191] [client 51.89.109.140] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|terazon.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "terazon.net"] [uri "/admin.sql"] [unique_id "ZcNiWpMeKSebOeMabiKvOwAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-02-07 09:52:03 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the ... show more (mod_security) mod_security (id:210730) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 07 04:51:57.632106 2024] [security2:error] [pid 24063] [client 51.89.109.140:50299] [client 51.89.109.140] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.oualierealty.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.oualierealty.com"] [uri "/admin.sql"] [unique_id "ZcNSvX83X0GtLQCcvdE2PgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 octageeks.com	2024-02-07 05:07:23 (2 years ago)	Wordpress malicious attack:[octa404]	Web App Attack
🇩🇪 [email protected]	2024-02-06 13:02:36 (2 years ago)	Brute force 279 attempts	DDoS Attack SQL Injection Brute-Force SSH
🇺🇸 TPI-Abuse	2024-02-06 12:56:20 (2 years ago)	(mod_security) mod_security (id:210730) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the ... show more (mod_security) mod_security (id:210730) triggered by 51.89.109.140 (ip140.ip-51-89-109.eu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 06 07:56:12.296363 2024] [security2:error] [pid 3466355] [client 51.89.109.140:60335] [client 51.89.109.140] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|old.renju.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "old.renju.net"] [uri "/admin.sql"] [unique_id "ZcIsbOSg41a9R9Sm6Va-VQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ANDREAS LYTOS	2024-02-06 07:29:35 (2 years ago)	(mod_security) mod_security triggered on hostname [redacted] 51.89.109.140 (GB/United Kingdom/ip140. ... show more (mod_security) mod_security triggered on hostname [redacted] 51.89.109.140 (GB/United Kingdom/ip140.ip-51-89-109.eu): (CF_ENABLE) show less	SQL Injection

Showing 1 to 15 of 266 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 194.88.98.88

🇬🇧 185.247.137.237

🇳🇱 34.141.139.171

🇺🇸 20.169.107.142

🇰🇷 14.63.217.28

🇨🇳 14.18.118.226

🇵🇦 2620:171:c6:f003:9999::242

🇲🇦 196.75.87.161

🇺🇸 104.28.48.153

🇺🇸 162.158.155.188

🇳🇱 45.148.10.141

🇺🇸 3.134.216.108

🇬🇧 198.244.240.142

🇬🇧 193.32.209.226

🇧🇷 177.104.185.182

🇮🇳 103.227.62.72

🇫🇷 92.222.104.214

🇦🇹 84.115.228.185

🇺🇸 47.251.162.137

🇺🇸 34.68.118.219