Monday, 19 June 2017

[Fail2Ban] SSH: banned 216.98.212.11 from vps297345.ovh.net

Hi,

The IP 216.98.212.11 has just been banned by Fail2Ban after
7 attempts against SSH.


Here is more information about 216.98.212.11 :

[Querying whois.arin.net]
[Redirected to whois.lacnic.net]
[Querying whois.lacnic.net]
[Redirected to whois.registro.br]
[Querying whois.registro.br]
[whois.registro.br]

% Copyright (c) Nic.br
% The use of the data below is only permitted as described in
% full by the terms of use at https://registro.br/termo/en.html ,
% being prohibited its distribution, commercialization or
% reproduction, in particular, to use it for advertising or
% any similar purpose.
% 2017-06-20 00:49:30 (BRT -03:00)

inetnum: 216.98.212.0/22
aut-num
: AS266192
abuse-c: SJPCC1
owner: LP PROVEDORA DE INTERNET E INSTALAÇÕES DE REDES TE
ownerid: 24.500.652/0001-53
responsible: Sandro Javier Pacheco Ccamaque
owner-c: SJPCC1
tech-c: SJPCC1
inetrev: 216.98.212.0/22
nserver: ns1.lpinternet.com.br
nsstat: 20170618 AA
nslastaa: 20170618
nserver: ns2.lpinternet.com.br
nsstat: 20170618 AA
nslastaa: 20170618
created: 20170420
changed: 20170420

nic-hdl-br: SJPCC1
person: Sandro javier pacheco ccamaque
created: 20170102
changed: 20170102

% Security and mail abuse issues should also be addressed to
% cert.br, http://www.cert.br/ , respectivelly to [email protected]
% and [email protected]
%
% whois.registro.br accepts only direct match queries. Types
% of queries are: domain (.br), registrant (tax ID), ticket,
% provider, contact handle (ID), CIDR block, IP and ASN.

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 31.133.11.102 from vps297345.ovh.net

Hi,

The IP 31.133.11.102 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 31.133.11.102 :

[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '31.133.8.0 - 31.133.15.255'

% Abuse contact for '31.133.8.0 - 31.133.15.255' is '[email protected]'

inetnum: 31.133.8.0 - 31.133.15.255
netname: RTYNE-NET
country: CZ
org: ORG-KADA1-RIPE
admin-c: KADA1-RIPE
tech-c: KADA1-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: KADANIK-MNT
mnt-routes: KADANIK-MNT
mnt-domains: KADANIK-MNT
created: 2011-04-11T11:43:58Z
last-modified: 2016-04-14T10:38:11Z
source: RIPE # Filtered
sponsoring-org: ORG-Vs35-RIPE

organisation: ORG-KADA1-RIPE
org-name: Petr Kadanik
org-type: OTHER
address: Hronovska 779, Rtyne v Podkrkonosi, okres Trutnov, Czech Republic
abuse-c: AR30459-RIPE
mnt-ref: KADANIK-MNT
mnt-by: KADANIK-MNT
created: 2011-04-08T11:33:37Z
last-modified: 2014-11-17T22:48:11Z
source: RIPE # Filtered

person: Petr Kadanik
address: Hronovska 779, Rtyne v Podkrkonoshi, okres Trutnov, Czech Republic
phone: +420776161944
nic-hdl: KADA1-RIPE
mnt-by: KADANIK-MNT
created: 2011-04-08T11:32:21Z
last-modified: 2011-04-08T11:32:21Z
source: RIPE

% Information related to '31.133.8.0/21AS56624'

route: 31.133.8.0/21
descr: PetrKadanikRoute
origin: AS56624
mnt-by: KADANIK-MNT
created: 2011-04-12T16:12:34Z
last-modified: 2011-04-12T16:12:34Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.89.2 (WAGYU)

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 218.65.30.53 from vps297345.ovh.net

Hi,

The IP 218.65.30.53 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 218.65.30.53 :

[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '218.64.0.0 - 218.65.127.255'

inetnum: 218.64.0.0 - 218.65.127.255
netname: CHINANET-JX
country: CN
descr: CHINANET jiangxi province network
descr: China Telecom
descr: No.31,jingrong street
descr: Beijing 100032
admin-c: CH93-AP
tech-c: JN113-AP
changed: [email protected] 20020829
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-IP-WWF
status: ALLOCATED NON-PORTABLE
source: APNIC

role: JXDCB NET
address: Jiangxi telecom network operation support department
address: No.2009, Beijing East Road , nanchang,jiangxi province
country: CN
phone: +86 79186600000
e-mail: [email protected]
remarks: send spam reports to [email protected]
remarks: and abuse reports to [email protected]
remarks: http://www.online.jx.cn
admin-c: XY1-AP
tech-c: WZ1-CN
tech-c: WW49-AP
nic-hdl: JN113-AP
notify: [email protected]
mnt-by: MAINT-IP-WWF
changed: [email protected] 20020812
changed: [email protected] 20130221
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: [email protected]
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
changed: [email protected] 20070416
changed: [email protected] 20140227
mnt-by: MAINT-CHINANET
source: APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 51.7.223.144 from vps297345.ovh.net

Hi,

The IP 51.7.223.144 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 51.7.223.144 :

[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '51.6.0.0 - 51.7.255.255'

% Abuse contact for '51.6.0.0 - 51.7.255.255' is '[email protected]'

inetnum: 51.6.0.0 - 51.7.255.255
netname: UK-FORCE9
country: GB
descr: PlusNet plc.
org: ORG-BPIS1-RIPE
country: GB
admin-c: PLUS1-RIPE
tech-c: PNET2-RIPE
status: LEGACY
mnt-by: MAINT-AS6871
mnt-by: BTNET-INFRA-MNT
created: 2015-06-17T07:29:25Z
last-modified: 2016-11-17T11:33:24Z
source: RIPE
remarks: Please send abuse notification to [email protected]

organisation: ORG-BPIS1-RIPE
org-name: British Telecommunications PLC
org-type: LIR
address: Room 211, Telephone Exchange(CWT-LA), Cawthorne Street
address: LA1 1TG
address: Lancaster, Lancashire
address: UNITED KINGDOM
phone: +442077777766
fax-no: +441524381064
abuse-c: AR13878-RIPE
mnt-ref: BTNET-MNT
mnt-ref: BTNET-INFRA-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: BTNET-INFRA-MNT
admin-c: SW4727-RIPE
admin-c: SAM62-RIPE
admin-c: FLS15-RIPE
admin-c: DY298-RIPE
admin-c: AC23929-RIPE
admin-c: MG12414-RIPE
admin-c: GF1231-RIPE
created: 2004-04-17T12:11:50Z
last-modified: 2016-09-19T07:30:13Z
source: RIPE # Filtered

role: Plusnet Hostmaster
address: PlusNet Plc
address: The Balance
address: 2 Pinfold Street
address: Sheffield
address: S1 2GU
address: UK
phone: +44 114 2200084
abuse-mailbox: [email protected]
remarks: ------------------------------------------------
remarks: Please do NOT e-mail abuse to the contacts given
remarks: here, e-mail them to [email protected] instead.
remarks: All email sent to other listed addresses will
remarks: be deleted!
remarks: ------------------------------------------------
remarks: Network Status and Information Page:
remarks: http://status.plus.net
remarks: http://support.plus.net
remarks: ------------------------------------------------
remarks: Support 24*7 Phone: (UK) 0845 140 0200
remarks: ------------------------------------------------
admin-c: SB195-RIPE
tech-c: DS3916-RIPE
tech-c: RM6084-RIPE
nic-hdl: PNET2-RIPE
mnt-by: MAINT-AS6871
created: 2002-05-16T12:18:00Z
last-modified: 2012-05-02T13:14:28Z
source: RIPE # Filtered

person: PlusNet Ripe Admin
address: Plusnet plc.
address: The Balance
address: 2 Pinfold Street
address: Sheffield
address: S1 2GU
address: GB
phone: +44 114 22 00084
nic-hdl: PLUS1-RIPE
mnt-by: MAINT-AS6871
created: 1970-01-01T00:00:00Z
last-modified: 2012-05-02T13:03:37Z
source: RIPE # Filtered

% Information related to '51.6.0.0/15AS6871'

route: 51.6.0.0/15
origin: AS6871
descr: PlusNet plc.
mnt-by: MAINT-AS6871
created: 2016-04-11T12:23:56Z
last-modified: 2016-04-11T12:23:56Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.89.2 (WAGYU)

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 119.74.207.77 from vps297345.ovh.net

Hi,

The IP 119.74.207.77 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 119.74.207.77 :

[Querying whois.arin.net]
[Redirected to whois.apnic.net]
[Querying whois.apnic.net]
[whois.apnic.net]
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html

% Information related to '119.74.0.0 - 119.74.255.255'

inetnum: 119.74.0.0 - 119.74.255.255
netname: SINGNET-SG
descr: SingNet Pte Ltd
descr: 2 Stirling Road
descr: #03-00 Queenstown Exchange
descr: Singapore 148943
country: SG
admin-c: SH9-AP
tech-c: SH9-AP
status: ALLOCATED PORTABLE
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
changed: [email protected] 20080122
mnt-by: APNIC-HM
mnt-lower: MAINT-SG-SINGNET
mnt-routes: MAINT-SG-SINGNET
mnt-irt: IRT-SINGNET-SG
changed: [email protected] 20111222
source: APNIC

irt: IRT-SINGNET-SG
address: SingNet Engineering & Operations
address: 2 Stirling Road
address: #03-00 Queenstown Exchange
address: Singapore 148943
e-mail: [email protected]
abuse-mailbox: [email protected]
admin-c: SH9-AP
tech-c: SH9-AP
auth: # Filtered
mnt-by: MAINT-SG-SINGNET
changed: [email protected] 20101221
source: APNIC

person: SingNet Hostmaster
address: SingNet Engineering & Operations
address: 2 Stirling Road
address: #03-00 Queenstown Exchange
address: Singapore 148943
country: SG
phone: +65 7845922
fax-no: +65 4753273
e-mail: [email protected]
nic-hdl: SH9-AP
notify: [email protected]
mnt-by: MAINT-SG-SINGNET
changed: [email protected] 20000921
source: APNIC
changed: [email protected] 20111122

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 128.0.19.233 from vps297345.ovh.net

Hi,

The IP 128.0.19.233 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 128.0.19.233 :

[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '128.0.19.0 - 128.0.19.255'

% Abuse contact for '128.0.19.0 - 128.0.19.255' is '[email protected]'

inetnum: 128.0.19.0 - 128.0.19.255
netname: RBB_CUSTOMERS
descr: Rbb customer network
country: NO
geoloc: 59.83333 11.56667
language: NO
admin-c: AHB21-RIPE
tech-c: AHB21-RIPE
status: ASSIGNED PA
mnt-by: MNT-RBBAHB
mnt-lower: MNT-RBB1
created: 2014-10-15T09:25:10Z
last-modified: 2014-11-13T18:52:48Z
source: RIPE

person: Asbjorn H. Basnes
address: Bjørkeveien 2
org: ORG-RBA3-RIPE
phone: +4763853720
abuse-mailbox: [email protected]
nic-hdl: AHB21-RIPE
created: 2007-06-01T10:46:25Z
last-modified: 2014-11-23T19:12:02Z
source: RIPE
mnt-by: MNT-RBB1

% Information related to '128.0.16.0/21AS43568'

route: 128.0.16.0/21
descr: RomerikeBB_div
origin: AS43568
mnt-by: MNT-RBBAHB
created: 2012-12-19T08:34:20Z
last-modified: 2012-12-19T08:34:20Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.89.2 (ANGUS)

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 95.67.87.227 from vps297345.ovh.net

Hi,

The IP 95.67.87.227 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 95.67.87.227 :

[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '95.67.80.0 - 95.67.127.255'

% Abuse contact for '95.67.80.0 - 95.67.127.255' is '[email protected]'

inetnum: 95.67.80.0 - 95.67.127.255
netname: COSMONOVA
descr: Broadband Customers
country: UA
admin-c: CMNV
tech-c: CMNV
status: ASSIGNED PA
mnt-by: Cosmonova-MNT
mnt-lower: Cosmonova-MNT
created: 2009-12-01T13:42:08Z
last-modified: 2009-12-01T13:42:08Z
source: RIPE

role: Cosmonova ISP
address: Cosmonova
address: Mykoly Grinchenka st. 2/1, block "G"
address: Kyiv-03680
phone: +380443590000
fax-no: +380443590019
remarks: *** ABUSE-related reports and trouble mailto: [email protected] ***
remarks: *** Routing-related reports and trouble mailto: [email protected] ***
admin-c: TAR70-RIPE
tech-c: TAR70-RIPE
nic-hdl: CMNV
mnt-by: Cosmonova-MNT
created: 2007-02-23T10:42:24Z
last-modified: 2013-08-16T08:46:06Z
source: RIPE # Filtered
abuse-mailbox: [email protected]

% Information related to '95.67.64.0/18AS34867'

route: 95.67.64.0/18
descr: Cosmonova
origin: AS34867
mnt-by: Cosmonova-MNT
created: 2017-06-15T09:37:26Z
last-modified: 2017-06-15T09:37:26Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.89.2 (HEREFORD)

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 199.249.223.62 from vps297345.ovh.net

Hi,

The IP 199.249.223.62 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 199.249.223.62 :

[Querying whois.arin.net]
[whois.arin.net]

#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#


#
# Query terms are ambiguous. The query is assumed to be:
# "n 199.249.223.62"
#
# Use "?" to get help.
#

#
# The following results may also be obtained via:
# https://whois.arin.net/rest/nets;q=199.249.223.62?showDetails=true&showARIN=false&showNonArinTopLevelNet=false&ext=netref2
#

NetRange: 199.249.223.0 - 199.249.223.255
CIDR: 199.249.223.0/24
NetName: QUINTEX223
NetHandle: NET-199-249-223-0-1
Parent: NET199 (NET-199-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS7018, AS6939, AS3549, AS13693, AS62744
Organization: Quintex Alliance Consulting (QAC-4)
RegDate: 1994-06-02
Updated: 2017-03-13
Ref: https://whois.arin.net/rest/net/NET-199-249-223-0-1


OrgName: Quintex Alliance Consulting
OrgId: QAC-4
Address: 308 Bluegrass Drive
City: San Angelo
StateProv: TX
PostalCode: 76903
Country: US
RegDate: 1994-06-03
Updated: 2016-08-22
Ref: https://whois.arin.net/rest/org/QAC-4


OrgNOCHandle: JR125-ARIN
OrgNOCName: Ricketts, John L
OrgNOCPhone: +1-325-653-7031
OrgNOCEmail: [email protected]
OrgNOCRef: https://whois.arin.net/rest/poc/JR125-ARIN

OrgAbuseHandle: JR125-ARIN
OrgAbuseName: Ricketts, John L
OrgAbusePhone: +1-325-653-7031
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://whois.arin.net/rest/poc/JR125-ARIN

OrgTechHandle: JR125-ARIN
OrgTechName: Ricketts, John L
OrgTechPhone: +1-325-653-7031
OrgTechEmail: [email protected]
OrgTechRef: https://whois.arin.net/rest/poc/JR125-ARIN

RNOCHandle: JR125-ARIN
RNOCName: Ricketts, John L
RNOCPhone: +1-325-653-7031
RNOCEmail: [email protected]
RNOCRef: https://whois.arin.net/rest/poc/JR125-ARIN

RAbuseHandle: JR125-ARIN
RAbuseName: Ricketts, John L
RAbusePhone: +1-325-653-7031
RAbuseEmail: [email protected]
RAbuseRef: https://whois.arin.net/rest/poc/JR125-ARIN

RTechHandle: JR125-ARIN
RTechName: Ricketts, John L
RTechPhone: +1-325-653-7031
RTechEmail: [email protected]
RTechRef: https://whois.arin.net/rest/poc/JR125-ARIN


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/public/whoisinaccuracy/index.xhtml
#

Regards,

Fail2Ban

[Fail2Ban] SSH: banned 109.86.226.106 from vps297345.ovh.net

Hi,

The IP 109.86.226.106 has just been banned by Fail2Ban after
6 attempts against SSH.


Here is more information about 109.86.226.106 :

[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf

% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.

% Information related to '109.86.226.0 - 109.86.226.255'

% Abuse contact for '109.86.226.0 - 109.86.226.255' is '[email protected]'

inetnum: 109.86.226.0 - 109.86.226.255
netname: TRIOLAN
country: UA
admin-c: OVY5-RIPE
tech-c: OVY5-RIPE
status: ASSIGNED PA
mnt-by: TRIOLANMNT
mnt-domains: SALTOVKAMNT
mnt-routes: SALTOVKAMNT
created: 2016-10-19T12:14:37Z
last-modified: 2016-10-19T12:14:37Z
source: RIPE

person: Oleksii V Yaroshenko
address: Prirechnaya 25a
address: Kiev
address: Ukraine
phone: +380 97 437 27 17
nic-hdl: OVY5-RIPE
abuse-mailbox: [email protected]
mnt-by: TRIOLANMNT
created: 2016-08-30T12:25:29Z
last-modified: 2016-12-23T08:43:03Z
source: RIPE # Filtered

% Information related to '109.86.226.0/24AS13188'

route: 109.86.226.0/24
descr: Triolan, Kharkiv
origin: AS13188
mnt-by: SALTOVKAMNT
created: 2016-10-19T13:00:56Z
last-modified: 2016-10-19T13:00:56Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.89.2 (ANGUS)

Regards,

Fail2Ban