191.217.139.12

Basic Info

City: unknown

Region: unknown

Country: Brazil

Internet Service Provider: Brasil Telecom S.A.

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	2020-05-21T06:06:10.5633381240 sshd\[12332\]: Invalid user ubnt from 191.217.139.12 port 2925 2020-05-21T06:06:10.8596681240 sshd\[12332\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.217.139.12 2020-05-21T06:06:12.8433321240 sshd\[12332\]: Failed password for invalid user ubnt from 191.217.139.12 port 2925 ssh2 ...	2020-05-21 13:41:10

Type

Details

Datetime

attack

2020-05-21T06:06:10.5633381240 sshd\[12332\]: Invalid user ubnt from 191.217.139.12 port 2925
2020-05-21T06:06:10.8596681240 sshd\[12332\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.217.139.12
2020-05-21T06:06:12.8433321240 sshd\[12332\]: Failed password for invalid user ubnt from 191.217.139.12 port 2925 ssh2
...

2020-05-21 13:41:10

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 191.217.139.12
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28909
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;191.217.139.12.			IN	A

;; AUTHORITY SECTION:
.			525	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020052101 1800 900 604800 86400

;; Query time: 62 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu May 21 13:41:02 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 12.139.217.191.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 12.139.217.191.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
66.18.65.210	attackspam	Honeypot attack, port: 445, PTR: gauntlet.sentech.co.za.	2020-04-16 01:03:06
213.180.203.184	attackspam	[Wed Apr 15 19:08:40.958261 2020] [:error] [pid 25691:tid 139897189979904] [client 213.180.203.184:38642] [client 213.180.203.184] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "Xpb5SIxk7T6pcaz7KNP57AAAAe8"] ...	2020-04-16 01:03:47
223.71.128.75	attackbots	Port scan detected on ports: 23[TCP], 23[TCP], 23[TCP]	2020-04-16 01:04:47
185.244.39.46	attackbots	Unauthorized connection attempt detected from IP address 185.244.39.46 to port 22	2020-04-16 01:07:24
190.151.32.228	attackspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-04-16 00:54:49
190.5.141.77	attackbots	$f2bV_matches	2020-04-16 00:43:31
45.176.46.22	attackspambots	Honeypot attack, port: 445, PTR: PTR record not found	2020-04-16 00:44:26
185.81.157.155	attackbotsspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-04-16 00:31:10
2.42.195.108	attack	15.04.2020 16:58:23 - RDP Login Fail Detected by https://www.elinox.de/RDP-Wächter	2020-04-16 00:37:27
23.227.38.65	spamattack	ORDURES aux Sites totalement ILLÉGAUX, aux mentions légales erronées, en WHOIS caché comme d'habitude chez les ESCROCS qui balancent des POURRIELS à répétition pour du PHISHING puis du SCAM ! A FUIR immédiatement de telles raclures de bidet... GARBAGES in the TOTALLY ILLEGAL Sites, without any legal notice, in WHOIS hidden as usual at the SWINDLERS which rocks repeated SPAMS for the PHISHING then the SCAM ! To RUN AWAY FROM immediately such scrapings of bidet ... SCHMUTZ in den völlig UNGESETZLICHEN Websiten, ohne eine gesetzliche Erwähnung, im versteckten WHOIS wie gewöhnlich bei den BETRÜGERN, die POURRIELS in Wiederholung für den PHISHING dann SCAM schaukelt ! Sofort solche Späne von Bidet zu VERMEIDEN... МУСОР в полностью НЕЗАКОННЫХ участках, без любого юридического уведомления, в WHOIS, скрытом как обычно в ЖУЛИКАХ, который трясет повторный SPAMS для PHISHING затем ЖУЛЬНИЧЕСТВО ! ИЗБЕГАТЬ немедленно таких очисток биде.... 垃圾中的完全非法的站点，而不受任何法律通告，在 WHOIS 中隐藏的象往常, 的岩石重复 SPAMS 的网络钓鱼然后骗局！为避免（逃亡）立即这样的 scrapings 的坐浴盆... medical-priority.com, ESCROCS NOTOIRES ILLEGAUX ! Site créé le 31 Mars 2020, comme d'habitude chez les ESCROCS NameCheap, Inc. et "protégé", comprendre caché au Panama par WhoisGuard, Inc. ! https://www.whois.com/whois/medical-priority.com Très "professionnel", avec une adresse courriel chez ? medicalpriorityfr@gmail.com, soit GOOGLE, donc des NULS de chez SUPRA NULS... Et IP au ...Canada ! 23.227.38.65 => shopify.com https://whatismyip.click/?q=medical-priority.com Ce sera d'ailleurs la SEULE mention qui valent quelques chose, car PAS de Nom, de personne comme de Société, AUCUN Registre du Commerce, AUCUNE adresse géographique NI téléphone, RIEN... https://www.mywot.com/scorecard/medical-priority.com https://www.mywot.com/scorecard/namecheap.com https://www.mywot.com/scorecard/whoisguard.com https://www.mywot.com/scorecard/shopify.com	2020-04-16 00:44:43
116.102.223.107	attackspambots	Automatic report - Port Scan Attack	2020-04-16 00:40:42
46.254.14.61	attackspam	2020-04-15T14:48:00.492715shield sshd\[1727\]: Invalid user upload from 46.254.14.61 port 40512 2020-04-15T14:48:00.496289shield sshd\[1727\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.254.14.61 2020-04-15T14:48:02.484906shield sshd\[1727\]: Failed password for invalid user upload from 46.254.14.61 port 40512 ssh2 2020-04-15T14:51:58.307556shield sshd\[2380\]: Invalid user user from 46.254.14.61 port 49022 2020-04-15T14:51:58.312138shield sshd\[2380\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.254.14.61	2020-04-16 00:38:32
93.115.148.13	attackbots	Honeypot attack, port: 445, PTR: PTR record not found	2020-04-16 01:01:48
221.120.32.25	attackbotsspam	Apr 15 17:34:25 santamaria sshd\[24926\]: Invalid user user from 221.120.32.25 Apr 15 17:34:29 santamaria sshd\[24926\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.120.32.25 Apr 15 17:34:31 santamaria sshd\[24926\]: Failed password for invalid user user from 221.120.32.25 port 38472 ssh2 ...	2020-04-16 00:56:00
188.166.251.156	attackspam	Apr 15 10:29:04 server1 sshd\[31524\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.251.156 Apr 15 10:29:05 server1 sshd\[31524\]: Failed password for invalid user alumni from 188.166.251.156 port 50758 ssh2 Apr 15 10:33:14 server1 sshd\[32654\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.166.251.156 user=root Apr 15 10:33:16 server1 sshd\[32654\]: Failed password for root from 188.166.251.156 port 57860 ssh2 Apr 15 10:37:21 server1 sshd\[1441\]: Invalid user deploy from 188.166.251.156 ...	2020-04-16 00:50:57

Recently Reported IPs

36.74.120.20	211.24.2.134	85.21.78.213	119.145.73.35
45.235.31.5	217.146.180.254	110.44.123.116	92.96.166.65
191.127.56.134	121.231.8.70	77.68.92.242	162.243.143.225
35.197.250.45	118.173.219.234	173.88.208.182	122.51.133.201
117.212.94.229	187.58.160.206	174.219.29.152	81.89.58.153