JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 129.213.20.146

129.213.20.146 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 0%: ?

ISP	Oracle Public Cloud
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31898
Domain Name	oracleemaildelivery.com
Country	🇺🇸 United States of America
City	Ashburn, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 129.213.20.146

Whois 129.213.20.146

IP Abuse Reports for 129.213.20.146:

This IP address has been reported a total of 19 times from 15 distinct sources. 129.213.20.146 was first reported on February 12th 2021, and the most recent report was 5 years ago.

Old Reports: The most recent abuse report for this IP address is from 5 years ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 ANTI SCANNER	2021-02-16 11:28:20 (5 years ago)	Scanner : /.env	Web Spam
Anonymous	2021-02-16 10:05:25 (5 years ago)	$f2bV_matches	Web App Attack
🇮🇪 RoboSOC	2021-02-16 06:34:01 (5 years ago)	phpunit Remote Code Execution Vulnerability, PTR: PTR record not found	Hacking
🇩🇪 iNetWorker	2021-02-16 06:05:47 (5 years ago)		Web App Attack
Anonymous	2021-02-16 05:59:20 (5 years ago)	Invalid POST request	Hacking
🇺🇸 findlab	2021-02-15 08:20:02 (5 years ago)	Backdrop CMS module report: Request: /vendor/phpunit/phpunit/src/Util/PHP/eval-std...	Brute-Force Bad Web Bot Web App Attack
Anonymous	2021-02-15 06:32:50 (5 years ago)	[Mon Feb 15 06:26:48.376312 2021] [:error] [pid 24543] [client 129.213.20.146] ModSecurity: Access d ... show more [Mon Feb 15 06:26:48.376312 2021] [:error] [pid 24543] [client 129.213.20.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "[mungedIP2]"] [uri "/.env"] [unique_id "YCpaeH8AAAEAAF-fJpUAAAAC"] [Mon Feb 15 06:32:50.031178 2021] [:error] [pid 21096] [client 129.213.20.146] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "93"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-gene show less	Bad Web Bot Web App Attack
🇮🇪 santhosh	2021-02-14 16:50:42 (5 years ago)	Hacking	Hacking
🇮🇩 hermawan	2021-02-14 16:05:13 (5 years ago)	[Mon Feb 15 04:05:14.549954 2021] [:error] [pid 22410:tid 139682436265728] [client 129.213.20.146:61 ... show more [Mon Feb 15 04:05:14.549954 2021] [:error] [pid 22410:tid 139682436265728] [client 129.213.20.146:61134] [client 129.213.20.146] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/coreruleset-3.3.1-rc1/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "756"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/.env"] [unique_id "YCmQin85jLFr73B9PwMY8QAAAIQ"] ... show less	Hacking Web App Attack
Anonymous	2021-02-14 15:06:00 (5 years ago)	$f2bV_matches	Brute-Force
🇮🇩 hermawan	2021-02-14 10:48:52 (5 years ago)	[Sun Feb 14 22:48:52.843354 2021] [:error] [pid 18956:tid 139754125317888] [client 129.213.20.146:57 ... show more [Sun Feb 14 22:48:52.843354 2021] [:error] [pid 18956:tid 139754125317888] [client 129.213.20.146:57642] [client 129.213.20.146] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "python-requests" at REQUEST_HEADERS:User-Agent. [file "/etc/modsecurity/coreruleset-3.3.1-rc1/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "146"] [id "913101"] [msg "Found User-Agent associated with scripting/generic HTTP client"] [data "Matched Data: python-requests found within REQUEST_HEADERS:User-Agent: python-requests/2.24.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.1"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scripting"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "103.27.207.197"] [uri "/"] [unique_id "YClGZKmvgEi@s7L-VfssfgAAADk"] ... show less	Hacking Web App Attack
🇮🇪 netfactotum	2021-02-14 06:08:11 (5 years ago)		Hacking Brute-Force Exploited Host Web App Attack
🇦🇺 FEWA	2021-02-14 00:49:24 (5 years ago)	Fail2Ban Ban Triggered	Hacking Bad Web Bot Web App Attack
Anonymous	2021-02-13 23:25:25 (5 years ago)	AUTOMATED REPORT: Attempting to access Wordpress wlwmanifest.xml file.	Hacking
Anonymous	2021-02-13 12:22:45 (5 years ago)	$f2bV_matches	Brute-Force

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 165.154.172.146

🇮🇩 139.255.254.163

🇺🇸 130.131.162.82

🇮🇳 122.176.95.50

🇺🇸 64.62.197.167

🇨🇳 60.25.69.232

🇧🇷 45.205.1.240

🇨🇴 45.179.200.156

🇺🇬 41.220.3.101

🇬🇧 35.203.210.157

🇳🇱 5.61.209.224

🇺🇸 195.184.76.106

🇸🇪 185.246.128.170

🇺🇸 162.216.149.194

🇭🇰 154.221.25.72

🇷🇴 141.98.83.240

🇺🇸 107.23.229.126

🇬🇧 86.30.142.60

🇲🇾 49.124.151.71

🇪🇸 45.67.99.47