208.80.194.27 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Forcepoint LLC

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	The IP has triggered Cloudflare WAF. CF-Ray: 5430db0b6cb398cf \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: US \| CF_IPClass: noRecord \| Protocol: HTTP/1.0 \| Method: GET \| Host: www.skk.moe \| User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 06:40:59
attack	Automated report (2019-10-07T03:48:39+00:00). Faked user agent detected.	2019-10-07 16:00:42

Type

Details

Datetime

attackbots

The IP has triggered Cloudflare WAF. CF-Ray: 5430db0b6cb398cf | WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 | WAF_Kind: firewall | CF_Action: drop | Country: US | CF_IPClass: noRecord | Protocol: HTTP/1.0 | Method: GET | Host: www.skk.moe | User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-12 06:40:59

attack

Automated report (2019-10-07T03:48:39+00:00). Faked user agent detected.

2019-10-07 16:00:42

Comments on same subnet:

IP	Type	Details	Datetime
208.80.194.29	attackspam	Automated report (2020-03-04T17:03:01+00:00). Faked user agent detected.	2020-03-05 04:03:53
208.80.194.42	attackspambots	[TueNov1223:31:52.4207152019][:error][pid15737:tid47800966227712][client208.80.194.42:39050][client208.80.194.42]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\\|WormlyBot\\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"395"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSIE6.0detected\(DisableifyouwanttoallowMSIE6\)"][severity"WARNING"][hostname"www.ggarchitetti.ch"][uri"/"][unique_id"Xcsy2NPp--5pLs0ENI@FIQAAAQo"][TueNov1223:36:09.8718882019][:error][pid15737:tid47801054553856][client208.80.194.42:57482][client208.80.194.42]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\\|WormlyBot\\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"395"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSIE6.0detected\(Disableifyouwanttoa	2019-11-13 07:08:33
208.80.194.41	attackspambots	[FriJul0500:47:14.8532642019][:error][pid29784:tid47152615974656][client208.80.194.41:6146][client208.80.194.41]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\\|WormlyBot\\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"390"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSIE6.0detected\(DisableifyouwanttoallowMSIE6\)"][severity"WARNING"][hostname"enjoyourdream.com"][uri"/"][unique_id"XR6B8kGJjlpaPK4oyeTg1AAAAJY"][FriJul0500:47:16.9204662019][:error][pid4583:tid47152580253440][client208.80.194.41:46594][client208.80.194.41]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\\|WormlyBot\\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"390"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSIE6.0detected\(Disableif	2019-07-05 13:08:20

Type

Details

Datetime

208.80.194.29

attackspam

Automated report (2020-03-04T17:03:01+00:00). Faked user agent detected.

2020-03-05 04:03:53

208.80.194.42

attackspambots

[TueNov1223:31:52.4207152019][:error][pid15737:tid47800966227712][client208.80.194.42:39050][client208.80.194.42]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\|WormlyBot\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"395"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSIE6.0detected\(DisableifyouwanttoallowMSIE6\)"][severity"WARNING"][hostname"www.ggarchitetti.ch"][uri"/"][unique_id"Xcsy2NPp--5pLs0ENI@FIQAAAQo"][TueNov1223:36:09.8718882019][:error][pid15737:tid47801054553856][client208.80.194.42:57482][client208.80.194.42]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\|WormlyBot\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf"][line"395"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSIE6.0detected\(Disableifyouwanttoa

2019-11-13 07:08:33

208.80.194.41

attackspambots

[FriJul0500:47:14.8532642019][:error][pid29784:tid47152615974656][client208.80.194.41:6146][client208.80.194.41]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\|WormlyBot\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"390"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSIE6.0detected\(DisableifyouwanttoallowMSIE6\)"][severity"WARNING"][hostname"enjoyourdream.com"][uri"/"][unique_id"XR6B8kGJjlpaPK4oyeTg1AAAAJY"][FriJul0500:47:16.9204662019][:error][pid4583:tid47152580253440][client208.80.194.41:46594][client208.80.194.41]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof"rx\(MSWebServicesClientProtocol\|WormlyBot\|webauth@cmcm\\\\\\\\.com\)"against"REQUEST_HEADERS:User-Agent"required.[file"/usr/local/apache.ea3/conf/modsec_rules/20_asl_useragents.conf"][line"390"][id"397989"][rev"1"][msg"Atomicorp.comWAFRules:MSIE6.0detected\(Disableif

2019-07-05 13:08:20

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 208.80.194.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57530
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;208.80.194.27.			IN	A

;; AUTHORITY SECTION:
.			553	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019100700 1800 900 604800 86400

;; Query time: 104 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Oct 07 16:00:38 CST 2019
;; MSG SIZE  rcvd: 117

Host info

27.194.80.208.in-addr.arpa domain name pointer static-208-80-194-27.as13448.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
27.194.80.208.in-addr.arpa	name = static-208-80-194-27.as13448.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
112.120.104.42	attack	SmallBizIT.US 1 packets to tcp(2323)	2020-05-21 01:55:59
114.32.128.142	attackbots	SmallBizIT.US 1 packets to tcp(23)	2020-05-21 02:21:32
185.51.201.115	attack	May 20 15:57:02 XXXXXX sshd[60936]: Invalid user sht from 185.51.201.115 port 39886	2020-05-21 02:03:03
81.8.2.240	attack	Unauthorized connection attempt from IP address 81.8.2.240 on Port 445(SMB)	2020-05-21 01:50:52
106.12.93.141	attackbotsspam	May 20 13:22:19 mail sshd\[15733\]: Invalid user ayt from 106.12.93.141 May 20 13:22:19 mail sshd\[15733\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.93.141 ...	2020-05-21 01:49:54
138.99.216.92	attackbots	May 19 10:30:07 138.99.216.92 PROTO=TCP SPT=55929 DPT=55389 May 19 11:04:23 138.99.216.92 PROTO=TCP SPT=55929 DPT=6009 May 19 12:29:21 138.99.216.92 PROTO=TCP SPT=55929 DPT=3372 May 19 12:41:33 138.99.216.92 PROTO=TCP SPT=55929 DPT=4050 May 19 12:42:47 138.99.216.92 PROTO=TCP SPT=55929 DPT=11027 May 19 13:06:05 138.99.216.92 PROTO=TCP SPT=55929 DPT=3320	2020-05-21 02:13:47
162.243.137.85	attack	SmallBizIT.US 1 packets to tcp(22)	2020-05-21 02:10:19
103.28.66.13	attackspam	SmallBizIT.US 1 packets to tcp(23)	2020-05-21 01:57:43
164.68.112.178	attackbotsspam	May 20 19:33:03 debian-2gb-nbg1-2 kernel: \[12254809.014423\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=164.68.112.178 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=57878 PROTO=TCP SPT=49612 DPT=8080 WINDOW=1024 RES=0x00 SYN URGP=0	2020-05-21 02:08:20
222.82.214.218	attack	frenzy	2020-05-21 02:01:05
85.41.253.190	attackbots	Honeypot attack, port: 445, PTR: host190-253-static.41-85-b.business.telecomitalia.it.	2020-05-21 01:50:32
14.242.134.53	attack	SmallBizIT.US 1 packets to tcp(23)	2020-05-21 02:22:54
139.162.120.98	attackbotsspam	SmallBizIT.US 1 packets to tcp(22)	2020-05-21 02:12:36
114.43.177.26	attackbotsspam	SmallBizIT.US 1 packets to tcp(23)	2020-05-21 02:19:58
122.118.98.157	attackspam	SmallBizIT.US 1 packets to tcp(23)	2020-05-21 02:16:01

Recently Reported IPs

190.123.157.25	201.95.39.232	94.68.229.72	197.51.144.150
195.62.241.200	39.109.127.36	178.120.126.160	36.250.94.162
104.42.38.252	186.128.167.88	171.120.101.235	176.223.122.141
82.79.75.192	51.38.37.243	31.5.121.53	119.49.17.155
196.62.211.125	156.223.150.203	49.235.177.19	138.197.179.102