Saturday, 27 May 2017

[Fail2Ban] SSH: banned 61.177.172.52 from vps297345.ovh.net

Hi,

The IP 61.177.172.52 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 61.177.172.52 :

[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '61.177.0.0 - 61.177.255.255'

inetnum: 61.177.0.0 - 61.177.255.255
netname: CHINANET-JS
descr: CHINANET jiangsu province network
descr: China Telecom
descr: A12,Xin-Jie-Kou-Wai Street
descr: Beijing 100088
country: CN
admin-c: CH93-AP
tech-c: CJ186-AP
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-JS
mnt-routes: maint-chinanet-js
changed: [email protected] 20020209
changed: [email protected] 20030306
status: ALLOCATED non-PORTABLE
source: APNIC

role: CHINANET JIANGSU
address: 260 Zhongyang Road,Nanjing 210037
country: CN
phone: +86-25-86588231
phone: +86-25-86588745
fax-no: +86-25-86588104
e-mail: [email protected]
remarks: send anti-spam reports to [email protected]
remarks: send abuse reports to [email protected]
remarks: times in GMT+8
admin-c: CH360-AP
tech-c: CS306-AP
tech-c: CN142-AP
nic-hdl: CJ186-AP
remarks: www.jsinfo.net
notify: [email protected]
mnt-by: MAINT-CHINANET-JS
changed: [email protected] 20090831
changed: [email protected] 20090831
changed: [email protected] 20090901
source: APNIC
changed: [email protected] 20111114

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: [email protected]
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: [email protected] 20070416
changed: [email protected] 20140227
mnt-by: MAINT-CHINANET
source: APNIC

% Information related to '61.177.0.0/16AS23650'

route: 61.177.0.0/16
descr: CHINANET jiangsu province network
country: CN
origin: AS23650
mnt-by: MAINT-CHINANET-JS
changed: [email protected] 20030414
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 178.236.143.120 from vps297345.ovh.net

Hi,

The IP 178.236.143.120 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 178.236.143.120 :

[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '178.236.140.0 - 178.236.143.255'

% Abuse contact for '178.236.140.0 - 178.236.143.255' is '[email protected]'

inetnum: 178.236.140.0 - 178.236.143.255
netname: TINCO-NET1
descr: Teleskan-Intercom Ltd. network
country: RU
geoloc: 59.7228 30.4142
admin-c: AG10973-RIPE
tech-c: AG10973-RIPE
status: ASSIGNED PA
mnt-by: LANTVER-MNT
mnt-lower: LANTVER-MNT
mnt-routes: LANTVER-MNT
created: 2011-03-10T10:34:17Z
last-modified: 2013-10-01T20:36:29Z
source: RIPE

person: Alexey I Golets
address: Russia, Saint-Petersburg, Pushkin, V. Shishkova, 32/15
phone: +7 812 3092626
nic-hdl: AG10973-RIPE
mnt-by: AG30930-MNT
created: 2011-03-06T20:20:40Z
last-modified: 2014-06-23T21:39:04Z
source: RIPE # Filtered

% Information related to '178.236.140.0/22AS56724'

route: 178.236.140.0/22
descr: Teleskan-Intercom Ltd. network
origin: AS56724
mnt-by: LANTVER-MNT
created: 2011-05-11T11:21:52Z
last-modified: 2011-05-11T11:21:52Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.89.2 (WAGYU)

Regards,

Fail2Ban

[Fail2Ban] ProFTPD: banned 128.199.159.43 from vps297345.ovh.net

Hi,

The IP 128.199.159.43 has just been banned by Fail2Ban after
6 attempts against ProFTPD.


Here is more information about 128.199.159.43 :

[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '128.199.0.0 - 128.199.255.255'

% Abuse contact for '128.199.0.0 - 128.199.255.255' is '[email protected]'

inetnum: 128.199.0.0 - 128.199.255.255
netname: DOPI1
descr: DigitalOcean Cloud
country: SG
admin-c: BU332-RIPE
tech-c: BU332-RIPE
status: LEGACY
remarks: For information on "status:" attribute read https://www.ripe.net/data-tools/db/faq/faq-status-values-legacy-resources
mnt-by
: digitalocean
mnt-domains: digitalocean
mnt-routes: digitalocean
created: 2004-07-20T10:29:14Z
last-modified: 2015-05-05T01:52:51Z
source: RIPE
org: ORG-DOI2-RIPE

organisation: ORG-DOI2-RIPE
org-name: Digital Ocean, Inc.
org-type: LIR
address: 101 Ave of the Americas 10th Floor
address: New York
address: 10013
address: UNITED STATES
phone: +1 888 890 6714
mnt-ref: digitalocean
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: digitalocean
abuse-mailbox: [email protected]
abuse-c: AD10778-RIPE
created: 2012-11-29T14:59:01Z
last-modified: 2017-04-06T20:59:27Z
source: RIPE # Filtered

person: Ben Uretsky
address: 101 Ave of the Americas, 10th Floor
address: New York, NY 10013
phone: +16463978051
nic-hdl: BU332-RIPE
mnt-by: digitalocean
created: 2012-12-21T18:34:57Z
last-modified: 2014-09-03T16:32:57Z
source: RIPE # Filtered

% This query was served by the RIPE Database Query Service version 1.89.2 (ANGUS)

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 190.52.100.158 from vps297345.ovh.net

Hi,

The IP 190.52.100.158 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 190.52.100.158 :

[Querying whois.lacnic.net]
[whois.lacnic.net]

% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries

% LACNIC resource: whois.lacnic.net


% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2017-05-27 13:35:37 (BRT -03:00)

inetnum: 190.52.96/20
status: allocated
aut-num: AS28007
abuse-c: PJM
owner: Gold Data C.A.
ownerid: VE-GODA-LACNIC
responsible: Pedro Carrillo
address: Av. La Guairita con Calle El Hatillo, Edf. Provincial, Of4B2, La Trinidad
address: 1080 - Caracas - DC
country: VE
phone: +58 212 7400007 [007]
owner-c: PJM
tech-c: PJM
abuse-c: PJM
inetrev: 190.52.96/20
nserver: NS1.GOLD-DATA.NET
nsstat: 20170522 AA
nslastaa: 20170522
nserver: NS2.GOLD-DATA.NET
nsstat: 20170522 AA
nslastaa: 20170522
created: 20140520
changed: 20140520

nic-hdl: PJM
person: Pedro J. Carrillo M.
e-mail: [email protected]
address: Av. Paseo Colón, Edf. Caracas Teleport, piso 2, 2, Plaza Vzla.
address: 1050 - Caracas - DF
country: VE
phone: +058 212 7400007 [105]
created: 20060726
changed: 20110202

% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.


Regards,

Fail2Ban

[Fail2Ban] ProFTPD: banned 45.62.234.42 from vps297345.ovh.net

Hi,

The IP 45.62.234.42 has just been banned by Fail2Ban after
6 attempts against ProFTPD.


Here is more information about 45.62.234.42 :

[Querying whois.arin.net]
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# Query terms are ambiguous. The query is assumed to be:
# "n 45.62.234.42"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=45.62.234.42?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

NetRange: 45.62.192.0 - 45.62.255.255
CIDR: 45.62.192.0/18
NetName: CLOUD-IP-164
NetHandle: NET-45-62-192-0-1
Parent: NET45 (NET-45-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS19531
Organization: KW Datacenter (KD)
RegDate: 2015-03-05
Updated: 2015-03-05
Ref: https://whois.arin.net/rest/net/NET-45-62-192-0-1


OrgName: KW Datacenter
OrgId: KD
Address: 235 Ardelt Avenue
City: Kitchener
StateProv: ON
PostalCode: N2E 3K2
Country: CA
RegDate: 2010-09-30
Updated: 2016-08-09
Ref: https://whois.arin.net/rest/org/KD


OrgNOCHandle: KNOC1-ARIN
OrgNOCName: KWDC Network Operations Center
OrgNOCPhone: +1-877-748-8729
OrgNOCEmail: [email protected]
OrgNOCRef: https://whois.arin.net/rest/poc/KNOC1-ARIN

OrgAbuseHandle: KNOC1-ARIN
OrgAbuseName: KWDC Network Operations Center
OrgAbusePhone: +1-877-748-8729
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://whois.arin.net/rest/poc/KNOC1-ARIN

OrgTechHandle: KNOC1-ARIN
OrgTechName: KWDC Network Operations Center
OrgTechPhone: +1-877-748-8729
OrgTechEmail: [email protected]
OrgTechRef: https://whois.arin.net/rest/poc/KNOC1-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 54.251.55.194 from vps297345.ovh.net

Hi,

The IP 54.251.55.194 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 54.251.55.194 :

[Querying whois.arin.net]
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# Query terms are ambiguous. The query is assumed to be:
# "n 54.251.55.194"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=54.251.55.194?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

Amazon.com, Inc. AMAZO-ZSIN1 (NET-54-251-0-0-1) 54.251.0.0 - 54.251.255.255
Amazon Technologies Inc. AMAZON-2011L (NET-54-240-0-0-1) 54.240.0.0 - 54.255.255.255



#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 101.100.165.15 from vps297345.ovh.net

Hi,

The IP 101.100.165.15 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 101.100.165.15 :

[Querying whois.arin.net]
[Redirected to whois.apnic.net]
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '101.100.160.0 - 101.100.191.255'

inetnum: 101.100.160.0 - 101.100.191.255
netname: REPUBLICTELECOM
descr: Republic Telecom
descr: 231 Kew Crescent
descr: Kew Green
country: SG
admin-c: RTNA1-AP
tech-c: RTNA1-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-REPUBLICTELECOM-SG
mnt-routes: MAINT-REPUBLICTELECOM-SG
mnt-irt: IRT-REPUBLICTELECOM-SG
status: ALLOCATED PORTABLE
changed: [email protected] 20140807
source: APNIC

irt: IRT-REPUBLICTELECOM-SG
address: Republic Telecom, 231 Kew Crescent, Kew Green, Singapore
e-mail: [email protected]
abuse-mailbox: [email protected]
admin-c: RTNA1-AP
tech-c: RTNA1-AP
auth: # Filtered
mnt-by: MAINT-REPUBLICTELECOM-SG
changed: [email protected] 20120131
source: APNIC

role: REPUBLIC TELECOM - network administrator
address: Republic Telecom, 231 Kew Crescent, Kew Green, Singapore
country: SG
phone: +65-64300248
e-mail: [email protected]
admin-c: RTNA1-AP
tech-c: RTNA1-AP
nic-hdl: RTNA1-AP
mnt-by: MAINT-REPUBLICTELECOM-SG
changed: [email protected] 20120131
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

Regards,

Fail2Ban

[Fail2Ban] ProFTPD: banned 49.71.38.147 from vps297345.ovh.net

Hi,

The IP 49.71.38.147 has just been banned by Fail2Ban after
6 attempts against ProFTPD.


Here is more information about 49.71.38.147 :

[Querying whois.arin.net]
[Redirected to whois.apnic.net]
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '49.64.0.0 - 49.95.255.255'

inetnum: 49.64.0.0 - 49.95.255.255
netname: CHINANET-JS
descr: CHINANET jiangsu province network
descr: China Telecom
descr: 260 Zhongyang Road,Nanjing 210037
country: CN
admin-c: CH360-AP
tech-c: CS306-AP
tech-c: CN142-AP
status: ALLOCATED PORTABLE
notify: [email protected]
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CHINANET-JS
mnt-routes: MAINT-CHINANET-JS
mnt-irt: IRT-CHINANET-CN
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
changed: [email protected] 20101115
source: APNIC

irt: IRT-CHINANET-CN
address: No.31 ,jingrong street,beijing
address: 100032
e-mail: [email protected]
abuse-mailbox: [email protected]
admin-c: CH93-AP
tech-c: CH93-AP
auth: # Filtered
mnt-by: MAINT-CHINANET
changed: [email protected] 20101115
source: APNIC

person: CHINANET-JS Hostmaster
nic-hdl: CH360-AP
e-mail: [email protected]
address: Room 1001#, 260 Zhongyang Road, Nanjing,Jiangsu Province
phone: +86-25-86588231
phone: +86-25-86588745
fax-no: +86-25-86588104
country: CN
changed: [email protected] 20090831
mnt-by: MAINT-CHINANET-JS
changed: [email protected] 20090901
changed: [email protected] 20111206
source: APNIC

person: CHINANET-JS Network Operations
nic-hdl: CN142-AP
e-mail: [email protected]
address: Room 1001#, 260 Zhongyang Road, Nanjing,Jiangsu Province
phone: +86-25-86588721
phone: +86-25-86788130
phone: +86-25-86788122
phone: +86-25-86588787
fax-no: +86-25-86588104
country: CN
changed: [email protected] 20090831
mnt-by: MAINT-CHINANET-JS
changed: [email protected] 20090901
changed: [email protected] 20111206
source: APNIC

person: CHINANET-JS Security Administrater
nic-hdl: CS306-AP
e-mail: [email protected]
address: Room 1001#, 260 Zhongyang Road, Nanjing,Jiangsu Province
phone: +86-25-86588745
phone: +86-25-86588231
fax-no: +86-25-86588104
country: CN
changed: [email protected] 20090831
mnt-by: MAINT-CHINANET-JS
changed: [email protected] 20090901
changed: [email protected] 20111206
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

Regards,

Fail2Ban