JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 81.70.104.19

81.70.104.19 was found in our database!

This IP was reported 151 times. Confidence of Abuse is 100%: ?

100%

ISP	Tencent Cloud Computing (Beijing) Co., Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS45090
Domain Name	tencentcloud.com
Country	🇨🇳 China
City	Beijing, Beijing

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 81.70.104.19

Whois 81.70.104.19

IP Abuse Reports for 81.70.104.19:

This IP address has been reported a total of 151 times from 90 distinct sources. 81.70.104.19 was first reported on May 18th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 bpolson	2026-05-18 20:50:00 (2 weeks ago)	Brute Force SSH. (BP)	Brute-Force SSH
Anonymous	2026-05-18 18:11:08 (2 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-cve-2021-41773	Web App Attack Hacking
🇺🇸 MPL	2026-05-18 16:47:11 (2 weeks ago)	tcp/2375 (2 or more attempts)	Port Scan
🇩🇪 Marcin Stepien	2026-05-18 15:01:17 (2 weeks ago)	Hit honeypot endpoint /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh. Automated s ... show more Hit honeypot endpoint /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh. Automated scanner/bot detected. show less	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-18 14:46:16 (2 weeks ago)	(mod_security) mod_security (id:218420) triggered by 81.70.104.19 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:218420) triggered by 81.70.104.19 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 18 10:46:12.520106 2026] [security2:error] [pid 10930:tid 10930] [client 81.70.104.19:43456] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.222:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.222"] [uri "/hello.world"] [unique_id "agsmNPm7ZNcHxH7fKWCO2AAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 JavaStart	2026-05-18 14:11:20 (2 weeks ago)	May 18 16:10:27 vmi174663 sshd[2661952]: Invalid user orangepi from 81.70.104.19 port 37592 May 18 1 ... show more May 18 16:10:27 vmi174663 sshd[2661952]: Invalid user orangepi from 81.70.104.19 port 37592 May 18 16:10:27 vmi174663 sshd[2661952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.104.19 May 18 16:10:29 vmi174663 sshd[2661952]: Failed password for invalid user orangepi from 81.70.104.19 port 37592 ssh2 May 18 16:11:13 vmi174663 sshd[2662158]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.70.104.19 user=root May 18 16:11:15 vmi174663 sshd[2662158]: Failed password for root from 81.70.104.19 port 34746 ssh2 ... show less	Brute-Force SSH
🇺🇸 MPL	2026-05-18 13:22:08 (2 weeks ago)	tcp/22 (4 or more attempts)	Port Scan
🇬🇧 PeravixGroup	2026-05-18 12:34:03 (2 weeks ago)	Honeypot detection: SSH brute-force authentication attempt on port 22. Severity: MEDIUM. Aaran.cloud	SSH Brute-Force
🇳🇱 Savvii	2026-05-18 12:18:15 (2 weeks ago)	15 attempts against mh-modsecurity-ban on cmdb	Brute-Force Web App Attack
🇰🇷 i553041	2026-05-18 09:26:54 (2 weeks ago)	2026-05-18T17:21:32.219595+08:00 instance-20211121-2016 sshd-session[314962]: Invalid user admin fro ... show more 2026-05-18T17:21:32.219595+08:00 instance-20211121-2016 sshd-session[314962]: Invalid user admin from 81.70.104.19 port 45122 2026-05-18T17:22:07.919245+08:00 instance-20211121-2016 sshd-session[314968]: Invalid user orangepi from 81.70.104.19 port 39146 2026-05-18T17:26:48.711653+08:00 instance-20211121-2016 sshd-session[315013]: Invalid user test from 81.70.104.19 port 37110 ... show less	Brute-Force SSH
🇺🇸 SiteHUB Agency	2026-05-18 08:58:13 (2 weeks ago)	Brute force activities detected and blocked	Brute-Force
🇬🇧 PeravixGroup	2026-05-18 08:05:51 (2 weeks ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
🇬🇧 djboddington	2026-05-18 07:39:53 (2 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/ssh-bf	SSH Brute-Force
🇩🇪 Admins@FBN	2026-05-18 07:25:11 (2 weeks ago)	FW-PortScan: Traffic Blocked srcport=49665 dstport=2375	Port Scan
🇺🇸 MPL	2026-05-18 07:19:41 (2 weeks ago)	tcp/2222 (2 or more attempts)	Port Scan

Showing 136 to 150 of 151 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 182.76.103.166

🇨🇳 162.14.66.219

🇻🇳 160.187.240.90

🇩🇪 138.246.253.131

🇮🇳 122.187.235.148

🇵🇰 103.117.163.122

🇺🇸 34.58.124.191

🇯🇵 8.216.9.30

🇳🇱 5.61.209.126

🇲🇽 186.96.145.241

🇳🇱 176.65.148.216

🇺🇸 173.239.213.23

🇩🇪 167.94.146.65

🇱🇾 165.16.76.245

🇺🇸 138.94.219.13

🇵🇰 137.59.230.79

🇭🇰 103.77.210.80

🇹🇼 60.199.224.55

🇳🇱 45.148.10.141

🇦🇺 20.5.130.110