IP address

Search at other sites:

.03313.140.140.94vmi3351957.contaboserver.net

Shodan(more info)

Passive DNS

IP blacklists

AbuseIPDB

13.140.140.94 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-06-18 04:00:00.635000
Was present on blacklist at: 2026-06-08 04:00, 2026-06-09 04:00, 2026-06-10 04:00, 2026-06-14 04:00, 2026-06-15 04:00, 2026-06-18 04:00

blocklist.de SSH

13.140.140.94 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-11 22:05:00.295000
Was present on blacklist at: 2026-06-10 04:05, 2026-06-10 10:05, 2026-06-10 16:05, 2026-06-10 22:05, 2026-06-11 04:05, 2026-06-11 10:05, 2026-06-11 16:05, 2026-06-11 22:05

Echelon TLS/SSL crawler

13.140.140.94 is listed on the Echelon TLS/SSL crawler blacklist.

Description: TLS/SSL connection fingerprinting detected via Suricata
Type of feed: primary (feed detail page)

Last checked at: 2026-06-16 09:40:00.413000
Was present on blacklist at: 2026-06-10 09:40, 2026-06-11 09:40, 2026-06-12 09:40, 2026-06-14 09:40, 2026-06-15 09:40, 2026-06-16 09:40

UCEPROTECT L1

13.140.140.94 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-17 15:45:00.607000
Was present on blacklist at: 2026-06-10 23:45, 2026-06-11 07:45, 2026-06-11 15:45, 2026-06-11 23:45, 2026-06-12 07:45, 2026-06-12 15:45, 2026-06-12 23:45, 2026-06-13 07:45, 2026-06-13 15:45, 2026-06-13 23:45, 2026-06-14 07:45, 2026-06-14 15:45, 2026-06-14 23:45, 2026-06-15 07:45, 2026-06-15 15:45, 2026-06-15 23:45, 2026-06-16 07:45, 2026-06-16 15:45, 2026-06-16 23:45, 2026-06-17 07:45, 2026-06-17 15:45

Echelon CMS enumeration

13.140.140.94 is listed on the Echelon CMS enumeration blacklist.

Description: Content management system discovery and enumeration
Type of feed: primary (feed detail page)

Last checked at: 2026-06-17 09:05:01.027000
Was present on blacklist at: 2026-06-11 09:05, 2026-06-12 09:05, 2026-06-13 09:05, 2026-06-14 09:05, 2026-06-15 09:05, 2026-06-16 09:05, 2026-06-17 09:05

Echelon admin panel hunt

13.140.140.94 is listed on the Echelon admin panel hunt blacklist.

Description: Scanning for administrative interfaces
Type of feed: primary (feed detail page)

Last checked at: 2026-06-17 09:05:01.160000
Was present on blacklist at: 2026-06-11 09:05, 2026-06-12 09:05, 2026-06-13 09:05, 2026-06-14 09:05, 2026-06-15 09:05, 2026-06-16 09:05, 2026-06-17 09:05

Echelon database admin hunt

13.140.140.94 is listed on the Echelon database admin hunt blacklist.

Description: Scanning for database admin interfaces (phpMyAdmin, etc.)
Type of feed: primary (feed detail page)

Last checked at: 2026-06-17 09:10:00.659000
Was present on blacklist at: 2026-06-11 09:10, 2026-06-12 09:10, 2026-06-13 09:10, 2026-06-14 09:10, 2026-06-15 09:10, 2026-06-16 09:10, 2026-06-17 09:10

Echelon directory traversal

13.140.140.94 is listed on the Echelon directory traversal blacklist.

Description: Path traversal attack attempting to access restricted files
Type of feed: primary (feed detail page)

Last checked at: 2026-06-17 09:15:00.266000
Was present on blacklist at: 2026-06-11 09:15, 2026-06-12 09:15, 2026-06-13 09:15, 2026-06-14 09:15, 2026-06-15 09:15, 2026-06-16 09:15, 2026-06-17 09:15

Echelon web crawler

13.140.140.94 is listed on the Echelon web crawler blacklist.

Description: HTTP web crawling activity detected on web honeypots
Type of feed: primary (feed detail page)

Last checked at: 2026-06-17 09:50:00.357000
Was present on blacklist at: 2026-06-11 09:50, 2026-06-12 09:50, 2026-06-15 09:50, 2026-06-16 09:50, 2026-06-17 09:50

CI Army

13.140.140.94 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-06-15 02:50:00.984000
Was present on blacklist at: 2026-06-12 02:50, 2026-06-13 02:50, 2026-06-14 02:50, 2026-06-15 02:50

blocklist.de bots

13.140.140.94 is listed on the blocklist.de bots blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing attacks on the RFI-Attacks,<br>REG-Bots, IRC-Bots or BadBots.
Type of feed: primary (feed detail page)

Last checked at: 2026-06-14 10:05:05.071000
Was present on blacklist at: 2026-06-12 16:05, 2026-06-12 22:05, 2026-06-13 04:05, 2026-06-13 10:05, 2026-06-13 16:05, 2026-06-13 22:05, 2026-06-14 04:05, 2026-06-14 10:05

Spamhaus XBL CBL

13.140.140.94 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-06-21 05:25:40.251000
Was present on blacklist at: 2026-06-14 05:25

Threat categories

TL	Role	Category	Details
75	src	login	protocol: ssh, telnet port: 23
62	src	scan	port: 22, 23, 80, 443, 2222, 2375
40	src	—
25	src	exploit	protocol: http

---

Warden events (61475)

2026-06-14

ReconScanning (node.ce2b59): 2

ReconScanning (node.9c1411): 1

2026-06-13

ReconScanning (node.9c1411): 25

ReconScanning (node.ce2b59): 26

2026-06-12

ReconScanning (node.9c1411): 47

ReconScanning (node.ce2b59): 42

2026-06-11

ReconScanning (node.ce2b59): 46

ReconScanning (node.9c1411): 45

IntrusionUserCompromise (node.cfb4f7): 4269

2026-06-10

ReconScanning (node.ce2b59): 49

ReconScanning (node.9c1411): 29

IntrusionUserCompromise (node.cfb4f7): 4589

2026-06-09

ReconScanning (node.ce2b59): 68

ReconScanning (node.9c1411): 43

IntrusionUserCompromise (node.cfb4f7): 33491

2026-06-08

ReconScanning (node.9c1411): 45

ReconScanning (node.ce2b59): 44

IntrusionUserCompromise (node.cfb4f7): 15102

2026-06-07

ReconScanning (node.ce2b59): 29

IntrusionUserCompromise (node.cfb4f7): 3470

ReconScanning (node.9c1411): 13

DShield reports (IP summary, reports)

2026-06-08

Number of reports: 22

Distinct targets: 7

2026-06-09

Number of reports: 216

Distinct targets: 10

2026-06-10

Number of reports: 216

Distinct targets: 10

2026-06-12

Number of reports: 68

Distinct targets: 9

2026-06-13

Number of reports: 68

Distinct targets: 9

2026-06-14

Number of reports: 54

Distinct targets: 6

Origin AS

AS51167 - CONTABO

BGP Prefix

13.140.128.0/18

geo

Germany

🕑 Europe/Berlin

hostname

vmi3351957.contaboserver.net

Address block ('inetnum' or 'NetRange' in whois database)

13.140.0.0 - 13.143.255.255

last_activity

2026-06-14 11:35:42

last_warden_event

2026-06-14 11:35:42

rep

0.03315217209293664

reserved_range

0

ts_added

2026-06-07 05:25:34.972000

ts_last_update

2026-06-24 05:25:40.186000

Warden event timeline

DShield event timeline

Presence on blacklists