13.70.2.105 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Hong Kong

Internet Service Provider: Microsoft Corporation

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Lines containing failures of 13.70.2.105 Sep 23 18:22:58 shared12 sshd[3668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.105 user=r.r Sep 23 18:22:58 shared12 sshd[3670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.105 user=r.r Sep 23 18:23:00 shared12 sshd[3668]: Failed password for r.r from 13.70.2.105 port 41099 ssh2 Sep 23 18:23:00 shared12 sshd[3668]: Received disconnect from 13.70.2.105 port 41099:11: Client disconnecting normally [preauth] Sep 23 18:23:00 shared12 sshd[3668]: Disconnected from authenticating user r.r 13.70.2.105 port 41099 [preauth] Sep 23 18:23:00 shared12 sshd[3670]: Failed password for r.r from 13.70.2.105 port 41188 ssh2 Sep 23 18:23:01 shared12 sshd[3670]: Received disconnect from 13.70.2.105 port 41188:11: Client disconnecting normally [preauth] Sep 23 18:23:01 shared12 sshd[3670]: Disconnected from authenticating user r.r 13.70.2.105 p........ ------------------------------	2020-09-24 20:33:58
attackbots	Sep 23 20:20:45 prox sshd[22194]: Failed password for root from 13.70.2.105 port 10689 ssh2	2020-09-24 12:31:04
attack	" "	2020-09-24 04:01:02

Type

Details

Datetime

attack

Lines containing failures of 13.70.2.105
Sep 23 18:22:58 shared12 sshd[3668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.105  user=r.r
Sep 23 18:22:58 shared12 sshd[3670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.105  user=r.r
Sep 23 18:23:00 shared12 sshd[3668]: Failed password for r.r from 13.70.2.105 port 41099 ssh2
Sep 23 18:23:00 shared12 sshd[3668]: Received disconnect from 13.70.2.105 port 41099:11: Client disconnecting normally [preauth]
Sep 23 18:23:00 shared12 sshd[3668]: Disconnected from authenticating user r.r 13.70.2.105 port 41099 [preauth]
Sep 23 18:23:00 shared12 sshd[3670]: Failed password for r.r from 13.70.2.105 port 41188 ssh2
Sep 23 18:23:01 shared12 sshd[3670]: Received disconnect from 13.70.2.105 port 41188:11: Client disconnecting normally [preauth]
Sep 23 18:23:01 shared12 sshd[3670]: Disconnected from authenticating user r.r 13.70.2.105 p........
------------------------------

2020-09-24 20:33:58

attackbots

Sep 23 20:20:45 prox sshd[22194]: Failed password for root from 13.70.2.105 port 10689 ssh2

2020-09-24 12:31:04

attack

" "

2020-09-24 04:01:02

Comments on same subnet:

IP	Type	Details	Datetime
13.70.20.99	attack	$f2bV_matches	2020-09-25 09:45:14
13.70.20.99	attack	Unauthorized connection attempt detected from IP address 13.70.20.99 to port 1433 [T]	2020-07-22 04:06:49
13.70.20.99	attackspam	Jul 16 00:17:58 hidden sshd[22619]: Failed password for hidden from 13.70.20.99 port 32569 ssh2 Jul 16 08:20:49 hidden sshd[686]: Failed password for hidden from 13.70.20.99 port 65422 ssh2 Jul 16 18:35:00 hidden sshd[29914]: Failed password for hidden from 13.70.20.99 port 32030 ssh2	2020-07-17 00:52:50
13.70.2.48	attackspam	Jul 15 12:56:07 marvibiene sshd[37770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.48 Jul 15 12:56:07 marvibiene sshd[37770]: Invalid user der from 13.70.2.48 port 59187 Jul 15 12:56:09 marvibiene sshd[37770]: Failed password for invalid user der from 13.70.2.48 port 59187 ssh2 Jul 15 12:56:07 marvibiene sshd[37771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.48 Jul 15 12:56:07 marvibiene sshd[37771]: Invalid user herz from 13.70.2.48 port 59186 Jul 15 12:56:09 marvibiene sshd[37771]: Failed password for invalid user herz from 13.70.2.48 port 59186 ssh2 Jul 15 12:56:07 marvibiene sshd[37773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.48 Jul 15 12:56:07 marvibiene sshd[37773]: Invalid user herz-der-gamer.de from 13.70.2.48 port 59189 Jul 15 12:56:09 marvibiene sshd[37773]: Failed password for invalid user herz-der-gamer.de from 13.70.2.48 port 59189 ssh	2020-07-16 01:27:34
13.70.20.99	attack	Jul 15 14:44:07 buvik sshd[8517]: Invalid user kaptiva.no from 13.70.20.99 Jul 15 14:44:07 buvik sshd[8518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.20.99 Jul 15 14:44:09 buvik sshd[8518]: Failed password for invalid user kaptiva from 13.70.20.99 port 62070 ssh2 ...	2020-07-15 20:44:37
13.70.20.99	attackbots	" "	2020-06-30 03:00:46
13.70.2.48	attackbotsspam	302. On Jun 26 2020 experienced a Brute Force SSH login attempt -> 1 unique times by 13.70.2.48.	2020-06-27 06:20:58
13.70.2.48	attackbots	Lines containing failures of 13.70.2.48 Jun 24 17:22:28 shared10 sshd[14030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.48 user=r.r Jun 24 17:22:29 shared10 sshd[14034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.48 user=r.r Jun 24 17:22:31 shared10 sshd[14030]: Failed password for r.r from 13.70.2.48 port 20487 ssh2 Jun 24 17:22:31 shared10 sshd[14034]: Failed password for r.r from 13.70.2.48 port 20586 ssh2 Jun 24 17:22:31 shared10 sshd[14030]: Received disconnect from 13.70.2.48 port 20487:11: Client disconnecting normally [preauth] Jun 24 17:22:31 shared10 sshd[14030]: Disconnected from authenticating user r.r 13.70.2.48 port 20487 [preauth] Jun 24 17:22:31 shared10 sshd[14034]: Received disconnect from 13.70.2.48 port 20586:11: Client disconnecting normally [preauth] Jun 24 17:22:31 shared10 sshd[14034]: Disconnected from authenticating user r.r 13.70.2.48 po........ ------------------------------	2020-06-25 23:52:45
13.70.2.48	attackbots	$f2bV_matches \| Triggered by Fail2Ban at Vostok web server	2020-06-25 20:25:09
13.70.20.99	attack	Jun 25 08:11:25 vpn01 sshd[11301]: Failed password for root from 13.70.20.99 port 4031 ssh2 ...	2020-06-25 15:39:13
13.70.200.89	attackspambots	Mar 27 22:16:29 debian-2gb-nbg1-2 kernel: \[7602859.068628\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=13.70.200.89 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=61111 PROTO=TCP SPT=43758 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0	2020-03-28 07:29:39
13.70.25.246	attackspambots	Multiple failed RDP login attempts	2019-10-30 20:19:40
13.70.26.103	attackbotsspam	Automated report - ssh fail2ban: Sep 12 21:20:01 authentication failure Sep 12 21:20:03 wrong password, user=admin, port=57116, ssh2 Sep 12 21:27:38 authentication failure	2019-09-13 04:15:45
13.70.26.103	attackbotsspam	Invalid user mysqladmin from 13.70.26.103 port 33402	2019-09-01 01:20:00
13.70.26.103	attackbots	Aug 27 13:31:57 vps691689 sshd[1219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.26.103 Aug 27 13:31:59 vps691689 sshd[1219]: Failed password for invalid user tasatje from 13.70.26.103 port 45826 ssh2 ...	2019-08-27 19:44:24

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 13.70.2.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61798
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;13.70.2.105.			IN	A

;; AUTHORITY SECTION:
.			459	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020092301 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Sep 24 04:00:59 CST 2020
;; MSG SIZE  rcvd: 115

Host info

Host 105.2.70.13.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 105.2.70.13.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
147.135.163.101	attackbots	Sep 14 04:30:22 ns sshd[19013]: Invalid user honey from 147.135.163.101 Sep 14 04:30:25 ns sshd[19013]: Failed password for invalid user honey from 147.135.163.101 port 53786 ssh2 Sep 14 04:39:33 ns sshd[20362]: Invalid user admin from 147.135.163.101 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=147.135.163.101	2019-09-16 12:11:27
45.248.71.194	attackbots	Sep 16 03:59:06 www_kotimaassa_fi sshd[11365]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.248.71.194 Sep 16 03:59:08 www_kotimaassa_fi sshd[11365]: Failed password for invalid user vps from 45.248.71.194 port 58976 ssh2 ...	2019-09-16 12:13:00
62.210.172.23	attackspam	Sep 15 23:32:59 plusreed sshd[8247]: Invalid user mt from 62.210.172.23 ...	2019-09-16 11:51:43
34.67.30.226	attack	SSH Bruteforce attempt	2019-09-16 12:14:43
49.83.1.182	attackspambots	Sep 15 03:51:51 itv-usvr-01 sshd[5090]: Invalid user admin from 49.83.1.182 Sep 15 03:51:51 itv-usvr-01 sshd[5090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.83.1.182 Sep 15 03:51:51 itv-usvr-01 sshd[5090]: Invalid user admin from 49.83.1.182 Sep 15 03:51:53 itv-usvr-01 sshd[5090]: Failed password for invalid user admin from 49.83.1.182 port 25218 ssh2 Sep 15 03:51:51 itv-usvr-01 sshd[5090]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.83.1.182 Sep 15 03:51:51 itv-usvr-01 sshd[5090]: Invalid user admin from 49.83.1.182 Sep 15 03:51:53 itv-usvr-01 sshd[5090]: Failed password for invalid user admin from 49.83.1.182 port 25218 ssh2 Sep 15 03:51:57 itv-usvr-01 sshd[5090]: Failed password for invalid user admin from 49.83.1.182 port 25218 ssh2	2019-09-16 12:24:50
177.125.29.250	attackspam	Sep 15 19:14:28 ny01 sshd[29375]: Failed password for root from 177.125.29.250 port 3578 ssh2 Sep 15 19:14:30 ny01 sshd[29375]: Failed password for root from 177.125.29.250 port 3578 ssh2 Sep 15 19:14:32 ny01 sshd[29375]: Failed password for root from 177.125.29.250 port 3578 ssh2 Sep 15 19:14:34 ny01 sshd[29375]: Failed password for root from 177.125.29.250 port 3578 ssh2	2019-09-16 12:21:34
200.54.255.253	attackspam	Sep 16 05:28:44 lnxmysql61 sshd[498]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.54.255.253 Sep 16 05:28:45 lnxmysql61 sshd[498]: Failed password for invalid user weblogic from 200.54.255.253 port 52218 ssh2 Sep 16 05:33:18 lnxmysql61 sshd[1144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.54.255.253	2019-09-16 11:53:55
183.103.35.194	attackspam	Sep 16 03:45:31 vps647732 sshd[4541]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.103.35.194 Sep 16 03:45:33 vps647732 sshd[4541]: Failed password for invalid user study from 183.103.35.194 port 44700 ssh2 ...	2019-09-16 12:26:37
206.189.130.87	attackbots	Sep 15 23:38:40 TORMINT sshd\[29662\]: Invalid user nologin from 206.189.130.87 Sep 15 23:38:40 TORMINT sshd\[29662\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.130.87 Sep 15 23:38:42 TORMINT sshd\[29662\]: Failed password for invalid user nologin from 206.189.130.87 port 40530 ssh2 ...	2019-09-16 12:01:39
52.162.237.22	attack	Sep 15 18:10:32 hcbb sshd\[32045\]: Failed password for invalid user plsql from 52.162.237.22 port 54060 ssh2 Sep 15 18:15:27 hcbb sshd\[32483\]: Invalid user Administrator from 52.162.237.22 Sep 15 18:15:27 hcbb sshd\[32483\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.162.237.22 Sep 15 18:15:29 hcbb sshd\[32483\]: Failed password for invalid user Administrator from 52.162.237.22 port 43284 ssh2 Sep 15 18:20:31 hcbb sshd\[475\]: Invalid user april from 52.162.237.22	2019-09-16 12:24:31
139.59.94.225	attackspambots	Sep 16 07:16:03 server sshd\[10663\]: Invalid user prestashop from 139.59.94.225 port 38492 Sep 16 07:16:03 server sshd\[10663\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.94.225 Sep 16 07:16:04 server sshd\[10663\]: Failed password for invalid user prestashop from 139.59.94.225 port 38492 ssh2 Sep 16 07:20:42 server sshd\[12938\]: Invalid user oz from 139.59.94.225 port 53882 Sep 16 07:20:42 server sshd\[12938\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.94.225	2019-09-16 12:25:38
23.95.56.162	attack	09/15/2019-19:15:29.201502 23.95.56.162 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-09-16 12:15:12
153.126.134.240	attackspambots	Sep 14 12:57:33 itv-usvr-01 sshd[3838]: Invalid user jira from 153.126.134.240 Sep 14 12:57:33 itv-usvr-01 sshd[3838]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=153.126.134.240 Sep 14 12:57:33 itv-usvr-01 sshd[3838]: Invalid user jira from 153.126.134.240 Sep 14 12:57:35 itv-usvr-01 sshd[3838]: Failed password for invalid user jira from 153.126.134.240 port 33146 ssh2 Sep 14 13:02:45 itv-usvr-01 sshd[6880]: Invalid user cpanel from 153.126.134.240	2019-09-16 11:54:33
54.36.150.73	attack	Automatic report - Banned IP Access	2019-09-16 11:56:42
141.98.9.195	attack	Sep 16 05:22:16 relay postfix/smtpd\[8288\]: warning: unknown\[141.98.9.195\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 16 05:23:02 relay postfix/smtpd\[8215\]: warning: unknown\[141.98.9.195\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 16 05:23:14 relay postfix/smtpd\[9526\]: warning: unknown\[141.98.9.195\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 16 05:23:57 relay postfix/smtpd\[20998\]: warning: unknown\[141.98.9.195\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 16 05:24:08 relay postfix/smtpd\[26431\]: warning: unknown\[141.98.9.195\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-09-16 12:14:27

Recently Reported IPs

91.246.73.21	58.19.14.13	90.68.249.73	41.139.17.120
101.183.46.163	161.6.96.74	121.56.91.246	97.148.11.2
13.84.211.65	228.198.16.139	117.155.21.127	10.43.130.34
55.187.52.119	191.101.22.180	180.132.121.41	220.53.14.22
65.109.188.16	16.131.174.175	48.3.31.134	122.220.46.241