IP address

Search at other sites:
.06213.140.156.1vmi3359112.contaboserver.net
Shodan(more info)
Passive DNS
Tags:
IP blacklists
CI Army
13.140.156.1 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-06-15 02:50:00.984000
Was present on blacklist at: 2026-06-12 02:50, 2026-06-13 02:50, 2026-06-14 02:50, 2026-06-15 02:50
Echelon admin panel hunt
13.140.156.1 is listed on the Echelon admin panel hunt blacklist.

Description: Scanning for administrative interfaces
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:05:00.880000
Was present on blacklist at: 2026-06-12 09:05, 2026-06-13 09:05, 2026-06-14 09:05, 2026-06-15 09:05, 2026-06-16 09:05, 2026-06-17 09:05, 2026-06-18 09:05, 2026-06-19 09:05, 2026-06-20 09:05
Echelon CMS enumeration
13.140.156.1 is listed on the Echelon CMS enumeration blacklist.

Description: Content management system discovery and enumeration
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:05:04.180000
Was present on blacklist at: 2026-06-12 09:05, 2026-06-13 09:05, 2026-06-14 09:05, 2026-06-15 09:05, 2026-06-16 09:05, 2026-06-17 09:05, 2026-06-18 09:05, 2026-06-19 09:05, 2026-06-20 09:05
Echelon database admin hunt
13.140.156.1 is listed on the Echelon database admin hunt blacklist.

Description: Scanning for database admin interfaces (phpMyAdmin, etc.)
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:10:00.333000
Was present on blacklist at: 2026-06-12 09:10, 2026-06-13 09:10, 2026-06-14 09:10, 2026-06-15 09:10, 2026-06-16 09:10, 2026-06-17 09:10, 2026-06-18 09:10, 2026-06-19 09:10, 2026-06-20 09:10
Echelon directory traversal
13.140.156.1 is listed on the Echelon directory traversal blacklist.

Description: Path traversal attack attempting to access restricted files
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:15:00.276000
Was present on blacklist at: 2026-06-12 09:15, 2026-06-13 09:15, 2026-06-14 09:15, 2026-06-15 09:15, 2026-06-16 09:15, 2026-06-17 09:15, 2026-06-18 09:15, 2026-06-19 09:15, 2026-06-20 09:15
Echelon web crawler
13.140.156.1 is listed on the Echelon web crawler blacklist.

Description: HTTP web crawling activity detected on web honeypots
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:50:00.408000
Was present on blacklist at: 2026-06-12 09:50, 2026-06-15 09:50, 2026-06-16 09:50, 2026-06-17 09:50, 2026-06-18 09:50, 2026-06-19 09:50, 2026-06-20 09:50
AbuseIPDB
13.140.156.1 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-06-15 04:00:00.581000
Was present on blacklist at: 2026-06-13 04:00, 2026-06-14 04:00, 2026-06-15 04:00
Echelon TLS/SSL crawler
13.140.156.1 is listed on the Echelon TLS/SSL crawler blacklist.

Description: TLS/SSL connection fingerprinting detected via Suricata
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:40:00.407000
Was present on blacklist at: 2026-06-14 09:40, 2026-06-15 09:40, 2026-06-16 09:40, 2026-06-17 09:40, 2026-06-18 09:40, 2026-06-19 09:40, 2026-06-20 09:40
Spamhaus XBL CBL
13.140.156.1 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-06-18 02:30:30.139000
Was present on blacklist at: 2026-06-18 02:30
Echelon path traversal
13.140.156.1 is listed on the Echelon path traversal blacklist.

Description: Path traversal via encoded sequences
Type of feed: primary (feed detail page)

Last checked at: 2026-06-20 09:25:00.241000
Was present on blacklist at: 2026-06-19 09:25, 2026-06-20 09:25

Threat categories

TLRoleCategoryDetails
55 src scan port: 22, 23, 80, 443, 2222, 2375
50 src login protocol: ssh, telnet
port: 22, 23
36 src
29 src exploit protocol: http
Warden events (90062)
2026-06-14
IntrusionUserCompromise (node.cfb4f7): 27338
ReconScanning (node.9c1411): 34
ReconScanning (node.ce2b59): 58
2026-06-13
ReconScanning (node.ce2b59): 69
ReconScanning (node.9c1411): 53
IntrusionUserCompromise (node.cfb4f7): 22166
AttemptLogin (node.ce2b59): 1
2026-06-12
ReconScanning (node.9c1411): 52
ReconScanning (node.ce2b59): 65
IntrusionUserCompromise (node.cfb4f7): 32403
2026-06-11
ReconScanning (node.ce2b59): 66
IntrusionUserCompromise (node.cfb4f7): 7722
ReconScanning (node.9c1411): 33
AttemptLogin (node.ce2b59): 2
DShield reports (IP summary, reports)
2026-06-12
Number of reports: 243
Distinct targets: 22
2026-06-13
Number of reports: 243
Distinct targets: 22
2026-06-14
Number of reports: 175
Distinct targets: 15
Origin AS
AS51167 - CONTABO
BGP Prefix
13.140.128.0/18
geo
Germany
🕑 Europe/Berlin
hostname
vmi3359112.contaboserver.net
Address block ('inetnum' or 'NetRange' in whois database)
13.140.0.0 - 13.143.255.255
last_activity
2026-06-14 19:16:16
last_warden_event
2026-06-14 19:16:16
rep
0.06192546047059011
reserved_range
0
ts_added
2026-06-11 02:30:27.610000
ts_last_update
2026-06-24 02:30:30.222000

Warden event timeline

DShield event timeline

Presence on blacklists