AbuseIPDB » 166.70.207.2

166.70.207.2 was found in our database!

This IP was reported 5,983 times. Confidence of Abuse is 73%: ?

73%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	XMission L.C.
Usage Type	Fixed Line ISP
Hostname(s)	this.is.a.tor.node.xmission.com
Domain Name	xmission.com
Country	United States of America
City	Salt Lake City, Utah

IP info including ISP, Usage Type, and Location provided by IP2Location. Updated monthly.

Report 166.70.207.2

Whois 166.70.207.2

IP Abuse Reports for 166.70.207.2:

This IP address has been reported a total of 5,983 times from 736 distinct sources. 166.70.207.2 was first reported on November 23rd 2020, and the most recent report was 12 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp	Comment	Categories
niceshops.com	2023-12-09 23:13:44 (12 hours ago)	Web Attack multi (Dec 23 00:13:43 Matching rules: Detect possible SQL injection - Too many SQL keyw ... show moreWeb Attack multi (Dec 23 00:13:43 Matching rules: Detect possible SQL injection - Too many SQL keywords (more than 3 times),Detect possible SQL injection - E.g. Select * from ) show less	SQL Injection Brute-Force Bad Web Bot Web App Attack
Jim Keir	2023-12-09 21:35:16 (13 hours ago)	2023-12-09 21:35:15 166.70.207.2 File scanning, blocking 166.70.207.2 for 5 minutes	Web App Attack
Swiptly	2023-12-09 13:26:18 (21 hours ago)	WordPress xmlrpc spam or enumeration ...	Web Spam Bad Web Bot Web App Attack
TPI-Abuse	2023-12-09 00:18:52 (1 day ago)	(mod_security) mod_security (id:210730) triggered by 166.70.207.2 (this.is.a.tor.node.xmission.com): ... show more(mod_security) mod_security (id:210730) triggered by 166.70.207.2 (this.is.a.tor.node.xmission.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 08 19:18:48.078271 2023] [security2:error] [pid 17531] [client 166.70.207.2:54056] [client 166.70.207.2] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||statbotics.com|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "statbotics.com"] [uri "/2023-tbotics.sql"] [unique_id "ZXOyaHI0utklnMkj9oDzVgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
niceshops.com	2023-12-08 09:19:51 (2 days ago)	Web Attack multi (Dec 23 10:19:50 Matching rules: Detect possible SQL injection - Too many SQL keyw ... show moreWeb Attack multi (Dec 23 10:19:50 Matching rules: Detect possible SQL injection - Too many SQL keywords (more than 3 times),Detect possible SQL injection - E.g. Select * from ) show less	SQL Injection Brute-Force Bad Web Bot Web App Attack
niceshops.com	2023-12-07 21:14:52 (2 days ago)	Web Attack multi (Dec 23 22:14:52 Matching rules: Detect possible SQL injection - E.g. CHR(72) )	SQL Injection Brute-Force Bad Web Bot Web App Attack
Rizzy	2023-12-06 04:29:01 (4 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
niceshops.com	2023-12-05 17:00:39 (4 days ago)	Web Attack multi (Dec 23 18:00:38 Matching rules: Detect possible SQL injection - E.g. Waitfor .. D ... show moreWeb Attack multi (Dec 23 18:00:38 Matching rules: Detect possible SQL injection - E.g. Waitfor .. Delay ) show less	SQL Injection Brute-Force Bad Web Bot Web App Attack
niceshops.com	2023-12-04 17:48:13 (5 days ago)	Web Attack multi (Dec 23 18:48:13 Matching rules: Detect possible SQL injection - E.g. CHR(72),Dete ... show moreWeb Attack multi (Dec 23 18:48:13 Matching rules: Detect possible SQL injection - E.g. CHR(72),Detect possible SQL injection - E.g. Select * from ) show less	SQL Injection Brute-Force Bad Web Bot Web App Attack
Anonymous	2023-12-04 11:33:59 (5 days ago)	www.ktl-events.de 166.70.207.2 [04/Dec/2023:12:33:55 +0100] "POST /xmlrpc.php HTTP/1.1" 200 5518 "-" ... show morewww.ktl-events.de 166.70.207.2 [04/Dec/2023:12:33:55 +0100] "POST /xmlrpc.php HTTP/1.1" 200 5518 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" www.ktl-events.de 166.70.207.2 [04/Dec/2023:12:33:58 +0100] "POST /xmlrpc.php HTTP/1.1" 200 5518 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" show less	Web App Attack
oncord	2023-12-02 14:18:32 (1 week ago)	Form spam	Web Spam
Fusl	2023-12-01 06:23:31 (1 week ago)	received unsolicited smtp data stream: Message-ID: <08175ef501c5efe053f9b01bffdbf1fddbd2a3@add ... show morereceived unsolicited smtp data stream: Message-ID: <[email protected]> From: SandBox Airdrop <[email protected]> To: [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected], [email protected] Subject: [Coinmarketcap] Airdrop CryptoLand ETH Date: Thu, 30 Nov 2023 22:21:53 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="8a6a23887cb8929d2e84cd6682a68c80d3f4fa" --8a6a23887cb8929d2e84cd6682a68c80d3f4fa Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Claim your CryptoLand tokens! Whitelist finished and the new Coinmarketca= p listing will come in few days! =F0=9F=9A=80 Airdrop: CryptoLand ETH =F0=9F=92=B0 Claim Value: 47764 Tokens =F show less	Email Spam
niceshops.com	2023-11-29 19:41:44 (1 week ago)	Web Attack multi (Nov 23 20:41:43 Matching rules: Detect possible SQL injection - E.g. Sleep(5) )	SQL Injection Brute-Force Bad Web Bot Web App Attack
niceshops.com	2023-11-29 19:41:44 (1 week ago)	Web Attack multi (Nov 23 20:41:43 Matching rules: Detect possible SQL injection - E.g. Sleep(5) )	SQL Injection Brute-Force Bad Web Bot Web App Attack
niceshops.com	2023-11-28 08:39:13 (1 week ago)	Web Attack multi (Nov 23 09:39:12 Matching rules: Detect possible SQL injection - E.g. Select * fro ... show moreWeb Attack multi (Nov 23 09:39:12 Matching rules: Detect possible SQL injection - E.g. Select * from ) show less	SQL Injection Brute-Force Bad Web Bot Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩