13.70.2.105 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Hong Kong

Internet Service Provider: Microsoft Corporation

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Lines containing failures of 13.70.2.105 Sep 23 18:22:58 shared12 sshd[3668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.105 user=r.r Sep 23 18:22:58 shared12 sshd[3670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.105 user=r.r Sep 23 18:23:00 shared12 sshd[3668]: Failed password for r.r from 13.70.2.105 port 41099 ssh2 Sep 23 18:23:00 shared12 sshd[3668]: Received disconnect from 13.70.2.105 port 41099:11: Client disconnecting normally [preauth] Sep 23 18:23:00 shared12 sshd[3668]: Disconnected from authenticating user r.r 13.70.2.105 port 41099 [preauth] Sep 23 18:23:00 shared12 sshd[3670]: Failed password for r.r from 13.70.2.105 port 41188 ssh2 Sep 23 18:23:01 shared12 sshd[3670]: Received disconnect from 13.70.2.105 port 41188:11: Client disconnecting normally [preauth] Sep 23 18:23:01 shared12 sshd[3670]: Disconnected from authenticating user r.r 13.70.2.105 p........ ------------------------------	2020-09-24 20:33:58
attackbots	Sep 23 20:20:45 prox sshd[22194]: Failed password for root from 13.70.2.105 port 10689 ssh2	2020-09-24 12:31:04
attack	" "	2020-09-24 04:01:02

Type

Details

Datetime

attack

Lines containing failures of 13.70.2.105
Sep 23 18:22:58 shared12 sshd[3668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.105  user=r.r
Sep 23 18:22:58 shared12 sshd[3670]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.105  user=r.r
Sep 23 18:23:00 shared12 sshd[3668]: Failed password for r.r from 13.70.2.105 port 41099 ssh2
Sep 23 18:23:00 shared12 sshd[3668]: Received disconnect from 13.70.2.105 port 41099:11: Client disconnecting normally [preauth]
Sep 23 18:23:00 shared12 sshd[3668]: Disconnected from authenticating user r.r 13.70.2.105 port 41099 [preauth]
Sep 23 18:23:00 shared12 sshd[3670]: Failed password for r.r from 13.70.2.105 port 41188 ssh2
Sep 23 18:23:01 shared12 sshd[3670]: Received disconnect from 13.70.2.105 port 41188:11: Client disconnecting normally [preauth]
Sep 23 18:23:01 shared12 sshd[3670]: Disconnected from authenticating user r.r 13.70.2.105 p........
------------------------------

2020-09-24 20:33:58

attackbots

Sep 23 20:20:45 prox sshd[22194]: Failed password for root from 13.70.2.105 port 10689 ssh2

2020-09-24 12:31:04

attack

" "

2020-09-24 04:01:02

Comments on same subnet:

IP	Type	Details	Datetime
13.70.20.99	attack	$f2bV_matches	2020-09-25 09:45:14
13.70.20.99	attack	Unauthorized connection attempt detected from IP address 13.70.20.99 to port 1433 [T]	2020-07-22 04:06:49
13.70.20.99	attackspam	Jul 16 00:17:58 hidden sshd[22619]: Failed password for hidden from 13.70.20.99 port 32569 ssh2 Jul 16 08:20:49 hidden sshd[686]: Failed password for hidden from 13.70.20.99 port 65422 ssh2 Jul 16 18:35:00 hidden sshd[29914]: Failed password for hidden from 13.70.20.99 port 32030 ssh2	2020-07-17 00:52:50
13.70.2.48	attackspam	Jul 15 12:56:07 marvibiene sshd[37770]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.48 Jul 15 12:56:07 marvibiene sshd[37770]: Invalid user der from 13.70.2.48 port 59187 Jul 15 12:56:09 marvibiene sshd[37770]: Failed password for invalid user der from 13.70.2.48 port 59187 ssh2 Jul 15 12:56:07 marvibiene sshd[37771]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.48 Jul 15 12:56:07 marvibiene sshd[37771]: Invalid user herz from 13.70.2.48 port 59186 Jul 15 12:56:09 marvibiene sshd[37771]: Failed password for invalid user herz from 13.70.2.48 port 59186 ssh2 Jul 15 12:56:07 marvibiene sshd[37773]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.48 Jul 15 12:56:07 marvibiene sshd[37773]: Invalid user herz-der-gamer.de from 13.70.2.48 port 59189 Jul 15 12:56:09 marvibiene sshd[37773]: Failed password for invalid user herz-der-gamer.de from 13.70.2.48 port 59189 ssh	2020-07-16 01:27:34
13.70.20.99	attack	Jul 15 14:44:07 buvik sshd[8517]: Invalid user kaptiva.no from 13.70.20.99 Jul 15 14:44:07 buvik sshd[8518]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.20.99 Jul 15 14:44:09 buvik sshd[8518]: Failed password for invalid user kaptiva from 13.70.20.99 port 62070 ssh2 ...	2020-07-15 20:44:37
13.70.20.99	attackbots	" "	2020-06-30 03:00:46
13.70.2.48	attackbotsspam	302. On Jun 26 2020 experienced a Brute Force SSH login attempt -> 1 unique times by 13.70.2.48.	2020-06-27 06:20:58
13.70.2.48	attackbots	Lines containing failures of 13.70.2.48 Jun 24 17:22:28 shared10 sshd[14030]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.48 user=r.r Jun 24 17:22:29 shared10 sshd[14034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.2.48 user=r.r Jun 24 17:22:31 shared10 sshd[14030]: Failed password for r.r from 13.70.2.48 port 20487 ssh2 Jun 24 17:22:31 shared10 sshd[14034]: Failed password for r.r from 13.70.2.48 port 20586 ssh2 Jun 24 17:22:31 shared10 sshd[14030]: Received disconnect from 13.70.2.48 port 20487:11: Client disconnecting normally [preauth] Jun 24 17:22:31 shared10 sshd[14030]: Disconnected from authenticating user r.r 13.70.2.48 port 20487 [preauth] Jun 24 17:22:31 shared10 sshd[14034]: Received disconnect from 13.70.2.48 port 20586:11: Client disconnecting normally [preauth] Jun 24 17:22:31 shared10 sshd[14034]: Disconnected from authenticating user r.r 13.70.2.48 po........ ------------------------------	2020-06-25 23:52:45
13.70.2.48	attackbots	$f2bV_matches \| Triggered by Fail2Ban at Vostok web server	2020-06-25 20:25:09
13.70.20.99	attack	Jun 25 08:11:25 vpn01 sshd[11301]: Failed password for root from 13.70.20.99 port 4031 ssh2 ...	2020-06-25 15:39:13
13.70.200.89	attackspambots	Mar 27 22:16:29 debian-2gb-nbg1-2 kernel: \[7602859.068628\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=13.70.200.89 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=61111 PROTO=TCP SPT=43758 DPT=3389 WINDOW=1024 RES=0x00 SYN URGP=0	2020-03-28 07:29:39
13.70.25.246	attackspambots	Multiple failed RDP login attempts	2019-10-30 20:19:40
13.70.26.103	attackbotsspam	Automated report - ssh fail2ban: Sep 12 21:20:01 authentication failure Sep 12 21:20:03 wrong password, user=admin, port=57116, ssh2 Sep 12 21:27:38 authentication failure	2019-09-13 04:15:45
13.70.26.103	attackbotsspam	Invalid user mysqladmin from 13.70.26.103 port 33402	2019-09-01 01:20:00
13.70.26.103	attackbots	Aug 27 13:31:57 vps691689 sshd[1219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.70.26.103 Aug 27 13:31:59 vps691689 sshd[1219]: Failed password for invalid user tasatje from 13.70.26.103 port 45826 ssh2 ...	2019-08-27 19:44:24

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 13.70.2.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61798
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;13.70.2.105.			IN	A

;; AUTHORITY SECTION:
.			459	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020092301 1800 900 604800 86400

;; Query time: 65 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Sep 24 04:00:59 CST 2020
;; MSG SIZE  rcvd: 115

Host info

Host 105.2.70.13.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 105.2.70.13.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
89.109.129.130	attackbotsspam	Telnet/23 MH Probe, BF, Hack -	2019-12-05 23:06:55
89.185.206.236	attack	TCP Port Scanning	2019-12-05 22:47:15
88.203.200.170	attackbots	SSH Brute Force, server-1 sshd[7599]: Failed password for invalid user igor from 88.203.200.170 port 51464 ssh2	2019-12-05 23:01:04
61.142.20.6	attackbotsspam	Automatic report - FTP Brute Force	2019-12-05 22:49:14
85.237.226.90	attackbots	2019-12-05T14:21:26.487237abusebot-8.cloudsearch.cf sshd\[5219\]: Invalid user andycapp from 85.237.226.90 port 4598	2019-12-05 22:50:05
168.227.223.27	attackspambots	Scanning random ports - tries to find possible vulnerable services	2019-12-05 22:21:50
114.67.236.120	attackspambots	$f2bV_matches	2019-12-05 22:26:40
128.199.235.18	attackspambots	Dec 5 13:25:52 hell sshd[25770]: Failed password for root from 128.199.235.18 port 44722 ssh2 Dec 5 13:35:20 hell sshd[27907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.235.18 ...	2019-12-05 22:33:35
119.50.137.38	attackspambots	Fail2Ban - FTP Abuse Attempt	2019-12-05 22:48:38
113.100.89.121	attackspambots	Dec 5 01:08:27 esmtp postfix/smtpd[21434]: lost connection after AUTH from unknown[113.100.89.121] Dec 5 01:08:33 esmtp postfix/smtpd[21434]: lost connection after AUTH from unknown[113.100.89.121] Dec 5 01:08:37 esmtp postfix/smtpd[21434]: lost connection after AUTH from unknown[113.100.89.121] Dec 5 01:08:40 esmtp postfix/smtpd[21434]: lost connection after AUTH from unknown[113.100.89.121] Dec 5 01:08:43 esmtp postfix/smtpd[21434]: lost connection after AUTH from unknown[113.100.89.121] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=113.100.89.121	2019-12-05 22:39:28
222.186.175.216	attackbots	Dec 5 16:05:52 vmanager6029 sshd\[21665\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.216 user=root Dec 5 16:05:54 vmanager6029 sshd\[21665\]: Failed password for root from 222.186.175.216 port 3810 ssh2 Dec 5 16:05:58 vmanager6029 sshd\[21665\]: Failed password for root from 222.186.175.216 port 3810 ssh2	2019-12-05 23:06:18
201.184.169.106	attack	Dec 5 09:18:59 TORMINT sshd\[1243\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.169.106 user=root Dec 5 09:19:01 TORMINT sshd\[1243\]: Failed password for root from 201.184.169.106 port 46442 ssh2 Dec 5 09:26:04 TORMINT sshd\[1882\]: Invalid user guest from 201.184.169.106 Dec 5 09:26:04 TORMINT sshd\[1882\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.184.169.106 ...	2019-12-05 22:27:24
37.49.230.74	attackbotsspam	\[2019-12-05 09:23:32\] NOTICE\[2754\] chan_sip.c: Registration from '"81" \' failed for '37.49.230.74:6473' - Wrong password \[2019-12-05 09:23:32\] SECURITY\[2765\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-12-05T09:23:32.834-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="81",SessionID="0x7f26c4ba2328",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/37.49.230.74/6473",Challenge="5c116f81",ReceivedChallenge="5c116f81",ReceivedHash="78bbfe895137828c25ebfd5321198442" \[2019-12-05 09:23:32\] NOTICE\[2754\] chan_sip.c: Registration from '"81" \' failed for '37.49.230.74:6473' - Wrong password \[2019-12-05 09:23:32\] SECURITY\[2765\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-12-05T09:23:32.951-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="81",SessionID="0x7f26c4022278",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/37.49.230.74/	2019-12-05 22:27:10
106.12.120.155	attackbots	invalid user	2019-12-05 22:57:10
102.65.111.227	attackbots	Dec 2 15:59:08 sanyalnet-cloud-vps3 sshd[753]: Connection from 102.65.111.227 port 45614 on 45.62.248.66 port 22 Dec 2 15:59:11 sanyalnet-cloud-vps3 sshd[753]: User games from 102-65-111-227.ftth.web.africa not allowed because not listed in AllowUsers Dec 2 15:59:11 sanyalnet-cloud-vps3 sshd[753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=102-65-111-227.ftth.web.africa user=games Dec 2 15:59:12 sanyalnet-cloud-vps3 sshd[753]: Failed password for invalid user games from 102.65.111.227 port 45614 ssh2 Dec 2 15:59:13 sanyalnet-cloud-vps3 sshd[753]: Received disconnect from 102.65.111.227: 11: Bye Bye [preauth] Dec 2 16:12:35 sanyalnet-cloud-vps3 sshd[1076]: Connection from 102.65.111.227 port 45556 on 45.62.248.66 port 22 Dec 2 16:12:37 sanyalnet-cloud-vps3 sshd[1076]: User r.r from 102-65-111-227.ftth.web.africa not allowed because not listed in AllowUsers Dec 2 16:12:37 sanyalnet-cloud-vps3 sshd[1076]: pam_unix(sshd:........ -------------------------------	2019-12-05 22:31:52

Recently Reported IPs

91.246.73.21	58.19.14.13	90.68.249.73	41.139.17.120
101.183.46.163	161.6.96.74	121.56.91.246	97.148.11.2
13.84.211.65	228.198.16.139	117.155.21.127	10.43.130.34
55.187.52.119	191.101.22.180	180.132.121.41	220.53.14.22
65.109.188.16	16.131.174.175	48.3.31.134	122.220.46.241