34.199.70.85 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: Amazon Technologies Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	10/24/2019-13:59:31.772890 34.199.70.85 Protocol: 6 SURICATA TLS invalid record/traffic	2019-10-24 20:48:16

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 34.199.70.85
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1790
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;34.199.70.85.			IN	A

;; AUTHORITY SECTION:
.			550	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102400 1800 900 604800 86400

;; Query time: 46 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Oct 24 20:48:13 CST 2019
;; MSG SIZE  rcvd: 116

Host info

85.70.199.34.in-addr.arpa domain name pointer ec2-34-199-70-85.compute-1.amazonaws.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
85.70.199.34.in-addr.arpa	name = ec2-34-199-70-85.compute-1.amazonaws.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
81.180.209.85	attackbotsspam	2019-11-20 15:22:01 H=([81.180.209.85]) [81.180.209.85]:28654 I=[10.100.18.23]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=81.180.209.85) 2019-11-20 15:22:03 unexpected disconnection while reading SMTP command from ([81.180.209.85]) [81.180.209.85]:28654 I=[10.100.18.23]:25 (error: Connection reset by peer) 2019-11-20 15:29:18 H=([81.180.209.85]) [81.180.209.85]:29997 I=[10.100.18.23]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=81.180.209.85) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=81.180.209.85	2019-11-20 22:51:45
201.219.79.30	attackbots	Unauthorized connection attempt from IP address 201.219.79.30 on Port 445(SMB)	2019-11-20 23:10:08
188.70.18.4	attackspambots	2019-11-20 14:30:02 H=([188.70.18.4]) [188.70.18.4]:10407 I=[10.100.18.25]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=188.70.18.4) 2019-11-20 14:30:03 unexpected disconnection while reading SMTP command from ([188.70.18.4]) [188.70.18.4]:10407 I=[10.100.18.25]:25 (error: Connection reset by peer) 2019-11-20 15:29:13 H=([188.70.18.4]) [188.70.18.4]:10662 I=[10.100.18.25]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=188.70.18.4) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=188.70.18.4	2019-11-20 22:48:52
77.53.230.246	attack	Lines containing failures of 77.53.230.246 Nov 20 15:29:59 omfg postfix/smtpd[30024]: connect from h77-53-230-246.cust.a3fiber.se[77.53.230.246] Nov x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=77.53.230.246	2019-11-20 23:23:04
222.186.169.194	attackspambots	pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.169.194 user=root Failed password for root from 222.186.169.194 port 61120 ssh2 Failed password for root from 222.186.169.194 port 61120 ssh2 Failed password for root from 222.186.169.194 port 61120 ssh2 Failed password for root from 222.186.169.194 port 61120 ssh2	2019-11-20 23:26:21
185.176.27.18	attackspam	11/20/2019-15:46:56.031837 185.176.27.18 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-11-20 22:54:58
185.176.27.42	attackbotsspam	11/20/2019-10:01:15.343868 185.176.27.42 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-20 23:10:32
124.13.76.226	attack	B: /wp-login.php attack	2019-11-20 23:30:45
49.88.112.112	attackbots	Nov 20 15:46:42 MK-Soft-Root2 sshd[6880]: Failed password for root from 49.88.112.112 port 34116 ssh2 Nov 20 15:46:46 MK-Soft-Root2 sshd[6880]: Failed password for root from 49.88.112.112 port 34116 ssh2 ...	2019-11-20 23:07:40
80.82.77.86	attackbots	UTC: 2019-11-19 pkts: 3 ports(udp): 161, 623, 626	2019-11-20 23:33:25
187.210.226.214	attack	Nov 20 15:59:37 sd-53420 sshd\[7165\]: Invalid user shannan from 187.210.226.214 Nov 20 15:59:37 sd-53420 sshd\[7165\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.226.214 Nov 20 15:59:39 sd-53420 sshd\[7165\]: Failed password for invalid user shannan from 187.210.226.214 port 57364 ssh2 Nov 20 16:04:04 sd-53420 sshd\[8494\]: Invalid user clown from 187.210.226.214 Nov 20 16:04:04 sd-53420 sshd\[8494\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.210.226.214 ...	2019-11-20 23:20:57
171.228.239.159	attack	Unauthorized connection attempt from IP address 171.228.239.159 on Port 445(SMB)	2019-11-20 23:21:14
42.112.255.235	attack	DATE:2019-11-20 15:46:42, IP:42.112.255.235, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2019-11-20 23:11:45
157.52.183.226	attackspam	port scan and connect, tcp 1433 (ms-sql-s)	2019-11-20 22:53:34
187.19.240.127	attack	Automatic report - Port Scan Attack	2019-11-20 23:28:02

Recently Reported IPs

217.241.214.147	156.198.175.250	187.119.31.6	49.50.200.56
239.125.64.144	45.10.140.191	186.198.240.12	200.107.71.242
94.60.230.150	94.60.43.142	132.25.189.148	56.111.230.107
71.62.195.102	44.45.231.158	26.184.178.119	94.60.228.233
108.98.230.66	94.50.239.218	94.6.67.55	61.144.217.187