138.99.7.120 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Argentina

Internet Service Provider: AMX Argentina S.A.

Hostname: unknown

Organization: Techtel LMDS Comunicaciones Interactivas S.A.

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Aug 2 22:46:07 yabzik sshd[16068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.120 Aug 2 22:46:09 yabzik sshd[16068]: Failed password for invalid user ossama from 138.99.7.120 port 43532 ssh2 Aug 2 22:53:19 yabzik sshd[18227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.120	2019-08-03 04:13:03

Type

Details

Datetime

attackbots

Aug  2 22:46:07 yabzik sshd[16068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.120
Aug  2 22:46:09 yabzik sshd[16068]: Failed password for invalid user ossama from 138.99.7.120 port 43532 ssh2
Aug  2 22:53:19 yabzik sshd[18227]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.120

2019-08-03 04:13:03

Comments on same subnet:

IP	Type	Details	Datetime
138.99.79.192	attackspam	DATE:2020-09-30 22:38:59, IP:138.99.79.192, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-10-02 04:31:18
138.99.79.192	attackspambots	DATE:2020-09-30 22:38:59, IP:138.99.79.192, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-10-01 20:47:39
138.99.79.192	attackspambots	DATE:2020-09-30 22:38:59, IP:138.99.79.192, PORT:telnet Telnet brute force auth on honeypot server (epe-honey1-hq)	2020-10-01 12:59:50
138.99.7.29	attack	Sep 21 14:28:02 localhost sshd\[4429\]: Invalid user testmail1 from 138.99.7.29 Sep 21 14:28:02 localhost sshd\[4429\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.29 Sep 21 14:28:04 localhost sshd\[4429\]: Failed password for invalid user testmail1 from 138.99.7.29 port 56880 ssh2 Sep 21 14:37:33 localhost sshd\[5102\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.29 user=root Sep 21 14:37:36 localhost sshd\[5102\]: Failed password for root from 138.99.7.29 port 39850 ssh2 ...	2020-09-22 01:46:54
138.99.7.29	attack	2020-09-21 03:31:28,046 fail2ban.actions [937]: NOTICE [sshd] Ban 138.99.7.29 2020-09-21 04:13:22,125 fail2ban.actions [937]: NOTICE [sshd] Ban 138.99.7.29 2020-09-21 05:01:54,220 fail2ban.actions [937]: NOTICE [sshd] Ban 138.99.7.29 2020-09-21 05:42:45,401 fail2ban.actions [937]: NOTICE [sshd] Ban 138.99.7.29 2020-09-21 10:30:53,148 fail2ban.actions [937]: NOTICE [sshd] Ban 138.99.7.29 ...	2020-09-21 17:30:54
138.99.7.29	attack	Automatic report - Banned IP Access	2020-08-24 04:40:45
138.99.7.29	attack	2020-08-11T15:59:35.098926ks3355764 sshd[23602]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.29 user=root 2020-08-11T15:59:37.675376ks3355764 sshd[23602]: Failed password for root from 138.99.7.29 port 58834 ssh2 ...	2020-08-11 23:21:48
138.99.7.29	attackbots	Port Scan detected from 138.99.7.29 (AR/Argentina/Buenos Aires F.D./Buenos Aires/host29.138-99-7.telmex.net.ar). 4 hits in the last 255 seconds	2020-08-07 06:27:04
138.99.7.29	attack	Jul 23 06:01:23 h2427292 sshd\[14200\]: Invalid user administrador from 138.99.7.29 Jul 23 06:01:23 h2427292 sshd\[14200\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.29 Jul 23 06:01:25 h2427292 sshd\[14200\]: Failed password for invalid user administrador from 138.99.7.29 port 36738 ssh2 ...	2020-07-23 12:05:03
138.99.76.14	attackspambots	Automatic report - Port Scan Attack	2020-05-08 20:55:22
138.99.7.54	attackspambots	Apr 9 15:38:06 santamaria sshd\[12892\]: Invalid user data from 138.99.7.54 Apr 9 15:38:06 santamaria sshd\[12892\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.54 Apr 9 15:38:08 santamaria sshd\[12892\]: Failed password for invalid user data from 138.99.7.54 port 55902 ssh2 ...	2020-04-10 03:15:04
138.99.7.54	attackspam	Apr 7 19:32:31 cloud sshd[1753]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.54 Apr 7 19:32:32 cloud sshd[1753]: Failed password for invalid user ubuntu from 138.99.7.54 port 54398 ssh2	2020-04-08 04:43:54
138.99.7.54	attackbots	Apr 2 07:05:32 server1 sshd\[27542\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.54 user=root Apr 2 07:05:34 server1 sshd\[27542\]: Failed password for root from 138.99.7.54 port 46016 ssh2 Apr 2 07:07:41 server1 sshd\[28230\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.54 user=root Apr 2 07:07:43 server1 sshd\[28230\]: Failed password for root from 138.99.7.54 port 45624 ssh2 Apr 2 07:09:53 server1 sshd\[28906\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.99.7.54 user=root ...	2020-04-02 23:29:47
138.99.7.137	attack	Feb 23 11:39:56 *** sshd[19994]: Invalid user debian-spamd from 138.99.7.137	2020-02-23 20:55:06
138.99.79.231	attackspam	Automatic report - Port Scan Attack	2020-02-18 03:17:45

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.99.7.120
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 27331
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;138.99.7.120.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080201 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Aug 03 04:12:57 CST 2019
;; MSG SIZE  rcvd: 116

Host info

120.7.99.138.in-addr.arpa domain name pointer host120.138-99-7.telmex.net.ar.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
120.7.99.138.in-addr.arpa	name = host120.138-99-7.telmex.net.ar.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
200.151.208.130	attackbotsspam	Feb 13 10:21:03 web1 sshd\[16393\]: Invalid user cguay from 200.151.208.130 Feb 13 10:21:03 web1 sshd\[16393\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.151.208.130 Feb 13 10:21:06 web1 sshd\[16393\]: Failed password for invalid user cguay from 200.151.208.130 port 58005 ssh2 Feb 13 10:25:42 web1 sshd\[16888\]: Invalid user xi from 200.151.208.130 Feb 13 10:25:42 web1 sshd\[16888\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.151.208.130	2020-02-14 07:32:01
170.83.79.66	attack	02/13/2020-17:40:49.349707 170.83.79.66 Protocol: 6 ET SCAN Suspicious inbound to MSSQL port 1433	2020-02-14 07:41:09
186.251.7.203	attackspam	Lines containing failures of 186.251.7.203 Feb 11 12:53:06 shared10 sshd[8023]: Invalid user zyb from 186.251.7.203 port 51167 Feb 11 12:53:06 shared10 sshd[8023]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.251.7.203 Feb 11 12:53:09 shared10 sshd[8023]: Failed password for invalid user zyb from 186.251.7.203 port 51167 ssh2 Feb 11 12:53:09 shared10 sshd[8023]: Received disconnect from 186.251.7.203 port 51167:11: Bye Bye [preauth] Feb 11 12:53:09 shared10 sshd[8023]: Disconnected from invalid user zyb 186.251.7.203 port 51167 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=186.251.7.203	2020-02-14 07:36:54
190.186.179.84	attackspam	Email rejected due to spam filtering	2020-02-14 07:37:15
165.227.210.71	attackspam	Invalid user dch from 165.227.210.71 port 47730	2020-02-14 07:50:43
40.86.94.189	attackspam	Feb 14 00:12:43 legacy sshd[23854]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.86.94.189 Feb 14 00:12:45 legacy sshd[23854]: Failed password for invalid user ychao from 40.86.94.189 port 42834 ssh2 Feb 14 00:16:22 legacy sshd[24014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=40.86.94.189 ...	2020-02-14 07:29:23
14.186.22.89	attack	Email rejected due to spam filtering	2020-02-14 07:40:15
220.132.232.195	attackbots	port scan and connect, tcp 23 (telnet)	2020-02-14 07:33:48
98.126.16.126	attack	trying to access non-authorized port	2020-02-14 07:37:51
77.13.126.248	attackspambots	Feb 13 22:10:01 server sshd\[9518\]: Invalid user pi from 77.13.126.248 Feb 13 22:10:01 server sshd\[9518\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=x4d0d7ef8.dyn.telefonica.de Feb 13 22:10:01 server sshd\[9520\]: Invalid user pi from 77.13.126.248 Feb 13 22:10:01 server sshd\[9520\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=x4d0d7ef8.dyn.telefonica.de Feb 13 22:10:02 server sshd\[9518\]: Failed password for invalid user pi from 77.13.126.248 port 49108 ssh2 ...	2020-02-14 07:53:28
218.92.0.191	attack	Feb 14 00:51:03 dcd-gentoo sshd[644]: User root from 218.92.0.191 not allowed because none of user's groups are listed in AllowGroups Feb 14 00:51:06 dcd-gentoo sshd[644]: error: PAM: Authentication failure for illegal user root from 218.92.0.191 Feb 14 00:51:03 dcd-gentoo sshd[644]: User root from 218.92.0.191 not allowed because none of user's groups are listed in AllowGroups Feb 14 00:51:06 dcd-gentoo sshd[644]: error: PAM: Authentication failure for illegal user root from 218.92.0.191 Feb 14 00:51:03 dcd-gentoo sshd[644]: User root from 218.92.0.191 not allowed because none of user's groups are listed in AllowGroups Feb 14 00:51:06 dcd-gentoo sshd[644]: error: PAM: Authentication failure for illegal user root from 218.92.0.191 Feb 14 00:51:06 dcd-gentoo sshd[644]: Failed keyboard-interactive/pam for invalid user root from 218.92.0.191 port 31114 ssh2 ...	2020-02-14 07:54:21
187.64.1.64	attackbots	Invalid user elasticsearch from 187.64.1.64 port 39619	2020-02-14 07:32:27
113.65.206.126	attackspam	Feb 13 20:09:45 localhost kernel: [1404939.995336] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=113.65.206.126 DST=91.205.173.180 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=15895 DF PROTO=TCP SPT=17241 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0 Feb 13 20:09:48 localhost kernel: [1404942.995379] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=113.65.206.126 DST=91.205.173.180 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=16288 DF PROTO=TCP SPT=17241 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0 Feb 13 20:09:54 localhost kernel: [1404949.001326] [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:3d:86:ee:00:08:e3:ff:fd:90:08:00 SRC=113.65.206.126 DST=91.205.173.180 LEN=48 TOS=0x00 PREC=0x00 TTL=116 ID=16684 DF PROTO=TCP SPT=17241 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0	2020-02-14 07:59:53
2.194.66.8	attackspambots	MultiHost/MultiPort Probe, Scan, Hack -	2020-02-14 07:57:48
189.41.38.108	attackspam	1581621014 - 02/13/2020 20:10:14 Host: 189.41.38.108/189.41.38.108 Port: 445 TCP Blocked	2020-02-14 07:34:37

Recently Reported IPs

151.64.11.50	133.58.19.158	27.188.67.145	189.117.78.117
220.142.9.81	111.75.94.133	152.10.251.65	37.108.127.92
208.7.229.28	141.135.8.60	36.37.19.60	59.119.222.140
123.246.117.140	35.191.50.241	129.178.142.81	3.66.136.166
36.79.251.103	96.10.22.19	128.186.89.133	172.243.188.161