I've noticed a surge in botnet activity targeting a secure area of my server recently. While most of the attempts come from known malicious sources, I'm seeing an unusual number of hits from IPs linked to Cox Communications under ASN #AS22773. Normally, I'd think these could be malware-infected machines, but when I check the abuse info for certain IPs, I find a contact based in Seychelles, which seems strange for a US ISP. I'm questioning whether this ASN is legitimate or if it's a cover-up for the real owner. Has anyone else seen this or have insights into the situation?
2 Answers
I get your concern! Just to clarify, sharing those IPs could risk exposing infected users, but I understand wanting to investigate. You mentioned 45.207.31.1XX—what tool are you using for tracing? I personally use ipinfo.io; it's pretty user-friendly and has unlimited lookups!
AS22773 is indeed registered to Cox. They might be leasing some of their IP addresses to a company like Cloud Innovation. If you're seeing suspicious activity, it would help to share the specific IPs involved. Which service do you use for IP lookups?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures