13.228.104.57 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Amazon Data Services Singapore

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	php WP PHPmyadamin ABUSE blocked for 12h	2019-12-27 16:55:29
attack	12/20/2019-07:28:22.192928 13.228.104.57 Protocol: 6 ET POLICY Cleartext WordPress Login	2019-12-20 16:54:40
attackbots	WordPress wp-login brute force :: 13.228.104.57 0.092 BYPASS [05/Dec/2019:21:48:44 0000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 2132 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"	2019-12-06 06:31:36
attack	WordPress login Brute force / Web App Attack on client site.	2019-10-31 13:56:17
attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2019-09-21 15:47:43
attackspam	WordPress wp-login brute force :: 13.228.104.57 0.064 BYPASS [08/Sep/2019:18:15:02 1000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 3947 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36"	2019-09-08 19:29:00

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 13.228.104.57
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1131
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;13.228.104.57.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019090800 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sun Sep 08 19:28:54 CST 2019
;; MSG SIZE  rcvd: 117

Host info

57.104.228.13.in-addr.arpa domain name pointer ec2-13-228-104-57.ap-southeast-1.compute.amazonaws.com.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
57.104.228.13.in-addr.arpa	name = ec2-13-228-104-57.ap-southeast-1.compute.amazonaws.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
49.234.99.246	attackspam	Invalid user xguest from 49.234.99.246 port 44914	2020-09-22 22:34:09
50.227.195.3	attack	Sep 22 15:42:08 pornomens sshd\[14151\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.227.195.3 user=root Sep 22 15:42:10 pornomens sshd\[14151\]: Failed password for root from 50.227.195.3 port 60160 ssh2 Sep 22 15:55:34 pornomens sshd\[14360\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=50.227.195.3 user=root ...	2020-09-22 22:26:41
212.83.183.57	attackspambots	Sep 22 06:21:50 lanister sshd[1970]: Invalid user samuel from 212.83.183.57 Sep 22 06:21:50 lanister sshd[1970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.83.183.57 Sep 22 06:21:50 lanister sshd[1970]: Invalid user samuel from 212.83.183.57 Sep 22 06:21:52 lanister sshd[1970]: Failed password for invalid user samuel from 212.83.183.57 port 35687 ssh2	2020-09-22 22:21:37
180.76.100.98	attackbotsspam	Invalid user test from 180.76.100.98 port 47040	2020-09-22 22:10:27
45.143.221.8	attack	MultiHost/MultiPort Probe, Scan, Hack -	2020-09-22 22:15:25
5.135.179.178	attack	Invalid user wangchen from 5.135.179.178 port 29377	2020-09-22 22:45:27
51.38.189.181	attack	Invalid user jj from 51.38.189.181 port 41890	2020-09-22 22:11:50
45.137.22.90	attackspam	Subject: 答复: 答复: Revised Invoice Date: 21 Sep 2020 11:25:‪27 -0700‬ Message ID: <20200921112527.158DBCFBB65E469C@transwellogistic.com> Virus/Unauthorized code: >>> Possible MalWare 'AVE/Heur.AdvML.B!200' found in '‪25511069‬_3X_AR_PA2__INVOICE.exe'.	2020-09-22 22:31:07
115.99.111.97	attackbots	115.99.111.97 - - [21/Sep/2020:14:14:41 +0500] "POST /HNAP1/ HTTP/1.0" 301 185 "-" "-"	2020-09-22 22:42:33
190.210.245.244	attack	Telnet/23 MH Probe, Scan, BF, Hack -	2020-09-22 22:33:23
34.64.218.102	attackspam	34.64.218.102 - - [22/Sep/2020:15:01:46 +0100] "POST /wp-login.php HTTP/1.1" 200 2371 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 34.64.218.102 - - [22/Sep/2020:15:01:49 +0100] "POST /wp-login.php HTTP/1.1" 200 2342 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 34.64.218.102 - - [22/Sep/2020:15:01:51 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-22 22:17:19
139.5.152.81	attackspambots	DATE:2020-09-22 14:32:07, IP:139.5.152.81, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-09-22 22:48:04
119.29.152.63	attackspam	Time: Tue Sep 22 10:01:44 2020 +0000 IP: 119.29.152.63 (-) Failures: 5 (sshd) Interval: 3600 seconds Blocked: Permanent Block [LF_SSHD] Log entries: Sep 22 09:40:26 18-1 sshd[28558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.152.63 user=root Sep 22 09:40:27 18-1 sshd[28558]: Failed password for root from 119.29.152.63 port 50304 ssh2 Sep 22 09:56:42 18-1 sshd[30595]: Invalid user vpn from 119.29.152.63 port 44030 Sep 22 09:56:44 18-1 sshd[30595]: Failed password for invalid user vpn from 119.29.152.63 port 44030 ssh2 Sep 22 10:01:39 18-1 sshd[31230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.29.152.63 user=root	2020-09-22 22:16:52
63.80.187.116	attack	E-Mail Spam (RBL) [REJECTED]	2020-09-22 22:30:40
213.92.200.123	attackspam	Listed on zen-spamhaus also abuseat.org / proto=6 . srcport=2730 . dstport=80 . (3223)	2020-09-22 22:19:01

Recently Reported IPs

143.201.229.119	138.99.15.194	138.68.208.242	157.19.150.138
17.205.18.18	68.43.23.44	50.17.18.39	198.27.90.106
115.28.101.19	91.192.5.106	171.234.25.61	202.185.153.245
138.68.208.186	46.4.162.116	166.254.3.158	147.234.62.4
48.191.218.3	48.113.136.0	103.170.123.176	123.18.31.165