70.169.1.80 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: Cox Communications LLC

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Icarus honeypot on github	2020-08-03 03:57:08

Comments on same subnet:

IP	Type	Details	Datetime
70.169.135.187	attackbotsspam	Invalid user admin from 70.169.135.187 port 51641	2020-08-01 04:25:43
70.169.134.185	attack	US_Cox_<177>1586693216 [1:2403416:56634] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 [Classification: Misc Attack] [Priority: 2]: {TCP} 70.169.134.185:56589	2020-04-13 00:04:52

Type

Details

Datetime

70.169.135.187

attackbotsspam

Invalid user admin from 70.169.135.187 port 51641

2020-08-01 04:25:43

70.169.134.185

attack

US_Cox_<177>1586693216 [1:2403416:56634] ET CINS Active Threat Intelligence Poor Reputation IP TCP group 59 [Classification: Misc Attack] [Priority: 2]:  {TCP} 70.169.134.185:56589

2020-04-13 00:04:52

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 70.169.1.80
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 60315
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;70.169.1.80.			IN	A

;; AUTHORITY SECTION:
.			326	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020080201 1800 900 604800 86400

;; Query time: 75 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Aug 03 03:57:05 CST 2020
;; MSG SIZE  rcvd: 115

Host info

80.1.169.70.in-addr.arpa domain name pointer wsip-70-169-1-80.hr.hr.cox.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
80.1.169.70.in-addr.arpa	name = wsip-70-169-1-80.hr.hr.cox.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
216.237.198.15	attackbotsspam	Automatic report - Port Scan Attack	2020-08-09 05:58:42
118.126.88.254	attackbots	Aug 8 20:27:12 IngegnereFirenze sshd[15651]: User root from 118.126.88.254 not allowed because not listed in AllowUsers ...	2020-08-09 05:57:51
119.28.51.99	attackbotsspam	Aug 3 09:33:40 server6 sshd[10369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.51.99 user=r.r Aug 3 09:33:43 server6 sshd[10369]: Failed password for r.r from 119.28.51.99 port 27958 ssh2 Aug 3 09:33:43 server6 sshd[10369]: Received disconnect from 119.28.51.99: 11: Bye Bye [preauth] Aug 3 09:48:20 server6 sshd[19734]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.51.99 user=r.r Aug 3 09:48:22 server6 sshd[19734]: Failed password for r.r from 119.28.51.99 port 49674 ssh2 Aug 3 09:48:22 server6 sshd[19734]: Received disconnect from 119.28.51.99: 11: Bye Bye [preauth] Aug 3 09:52:51 server6 sshd[22795]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.28.51.99 user=r.r Aug 3 09:52:53 server6 sshd[22795]: Failed password for r.r from 119.28.51.99 port 11808 ssh2 Aug 3 09:52:53 server6 sshd[22795]: Received disconnect fr........ -------------------------------	2020-08-09 05:56:14
5.45.207.111	attackbots	[Sun Aug 09 03:27:36.430876 2020] [:error] [pid 19156:tid 139707879249664] [client 5.45.207.111:42928] [client 5.45.207.111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "Xy8KuAUUvH8N7JZaYTxdagAAAOM"] ...	2020-08-09 05:40:19
81.68.120.181	attack	Aug 3 00:48:46 online-web-1 sshd[436252]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.68.120.181 user=r.r Aug 3 00:48:48 online-web-1 sshd[436252]: Failed password for r.r from 81.68.120.181 port 55584 ssh2 Aug 3 00:48:49 online-web-1 sshd[436252]: Received disconnect from 81.68.120.181 port 55584:11: Bye Bye [preauth] Aug 3 00:48:49 online-web-1 sshd[436252]: Disconnected from 81.68.120.181 port 55584 [preauth] Aug 3 00:55:32 online-web-1 sshd[436696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.68.120.181 user=r.r Aug 3 00:55:34 online-web-1 sshd[436696]: Failed password for r.r from 81.68.120.181 port 54896 ssh2 Aug 3 00:55:35 online-web-1 sshd[436696]: Received disconnect from 81.68.120.181 port 54896:11: Bye Bye [preauth] Aug 3 00:55:35 online-web-1 sshd[436696]: Disconnected from 81.68.120.181 port 54896 [preauth] Aug 3 00:58:26 online-web-1 sshd[436908]: pam_u........ -------------------------------	2020-08-09 05:43:13
78.128.113.116	attack	Aug 8 23:26:48 galaxy event: galaxy/lswi: smtp: sandy.eggert@wi.uni-potsdam.de [78.128.113.116] authentication failure using internet password Aug 8 23:26:49 galaxy event: galaxy/lswi: smtp: sandy.eggert [78.128.113.116] authentication failure using internet password Aug 8 23:27:00 galaxy event: galaxy/lswi: smtp: cmueller@wi.uni-potsdam.de [78.128.113.116] authentication failure using internet password Aug 8 23:27:01 galaxy event: galaxy/lswi: smtp: cmueller [78.128.113.116] authentication failure using internet password Aug 8 23:30:20 galaxy event: galaxy/lswi: smtp: malte.teichmann@wi.uni-potsdam.de [78.128.113.116] authentication failure using internet password ...	2020-08-09 05:48:27
101.255.65.138	attack	$f2bV_matches	2020-08-09 05:32:06
177.126.85.31	attack	Lines containing failures of 177.126.85.31 Aug 3 05:45:59 shared11 sshd[29581]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.126.85.31 user=r.r Aug 3 05:46:01 shared11 sshd[29581]: Failed password for r.r from 177.126.85.31 port 45187 ssh2 Aug 3 05:46:01 shared11 sshd[29581]: Received disconnect from 177.126.85.31 port 45187:11: Bye Bye [preauth] Aug 3 05:46:01 shared11 sshd[29581]: Disconnected from authenticating user r.r 177.126.85.31 port 45187 [preauth] Aug 3 05:53:19 shared11 sshd[31761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.126.85.31 user=r.r Aug 3 05:53:20 shared11 sshd[31761]: Failed password for r.r from 177.126.85.31 port 23434 ssh2 Aug 3 05:53:20 shared11 sshd[31761]: Received disconnect from 177.126.85.31 port 23434:11: Bye Bye [preauth] Aug 3 05:53:20 shared11 sshd[31761]: Disconnected from authenticating user r.r 177.126.85.31 port 23434 [preauth........ ------------------------------	2020-08-09 05:50:48
159.65.174.29	attackbotsspam	4816/tcp 26591/tcp 8355/tcp... [2020-06-22/08-08]137pkt,55pt.(tcp)	2020-08-09 05:54:45
220.177.92.227	attack	2020-08-08T22:27:22.272088ks3355764 sshd[18513]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.177.92.227 user=root 2020-08-08T22:27:24.355963ks3355764 sshd[18513]: Failed password for root from 220.177.92.227 port 13254 ssh2 ...	2020-08-09 05:47:54
149.56.12.88	attackbotsspam	Fail2Ban	2020-08-09 06:03:06
190.77.201.75	attackbots	20/8/8@16:27:16: FAIL: Alarm-Network address from=190.77.201.75 20/8/8@16:27:16: FAIL: Alarm-Network address from=190.77.201.75 ...	2020-08-09 05:55:33
222.186.190.17	attack	Aug 8 22:07:03 vps-51d81928 sshd[527376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.190.17 user=root Aug 8 22:07:06 vps-51d81928 sshd[527376]: Failed password for root from 222.186.190.17 port 60005 ssh2 Aug 8 22:07:03 vps-51d81928 sshd[527376]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.190.17 user=root Aug 8 22:07:06 vps-51d81928 sshd[527376]: Failed password for root from 222.186.190.17 port 60005 ssh2 Aug 8 22:07:10 vps-51d81928 sshd[527376]: Failed password for root from 222.186.190.17 port 60005 ssh2 ...	2020-08-09 06:07:39
180.167.225.118	attackspambots	detected by Fail2Ban	2020-08-09 06:07:02
61.177.172.61	attackbots	Aug 8 23:40:00 jane sshd[9491]: Failed password for root from 61.177.172.61 port 50794 ssh2 Aug 8 23:40:05 jane sshd[9491]: Failed password for root from 61.177.172.61 port 50794 ssh2 ...	2020-08-09 05:40:52

Recently Reported IPs

219.142.144.81	103.30.145.5	188.78.199.1	107.4.252.110
34.75.17.174	170.227.48.84	219.194.233.80	67.93.170.178
177.25.229.229	106.38.99.158	37.172.163.65	135.169.139.64
180.126.237.162	116.90.230.243	103.10.46.159	45.136.7.83
123.207.215.110	179.89.135.133	23.90.42.168	78.227.42.35