94.99.212.91 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Saudi Arabia

Internet Service Provider: Saudi Telecom Company JSC

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	(sshd) Failed SSH login from 94.99.212.91 (SA/Saudi Arabia/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Aug 18 18:10:29 testbed sshd[24338]: Invalid user anne from 94.99.212.91 port 20453 Aug 18 18:10:32 testbed sshd[24338]: Failed password for invalid user anne from 94.99.212.91 port 20453 ssh2 Aug 18 18:21:51 testbed sshd[25469]: Invalid user harmonie from 94.99.212.91 port 40721 Aug 18 18:21:53 testbed sshd[25469]: Failed password for invalid user harmonie from 94.99.212.91 port 40721 ssh2 Aug 18 18:55:34 testbed sshd[28721]: Invalid user remote from 94.99.212.91 port 37135	2019-08-19 07:39:09

Type

Details

Datetime

attackspam

(sshd) Failed SSH login from 94.99.212.91 (SA/Saudi Arabia/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Aug 18 18:10:29 testbed sshd[24338]: Invalid user anne from 94.99.212.91 port 20453
Aug 18 18:10:32 testbed sshd[24338]: Failed password for invalid user anne from 94.99.212.91 port 20453 ssh2
Aug 18 18:21:51 testbed sshd[25469]: Invalid user harmonie from 94.99.212.91 port 40721
Aug 18 18:21:53 testbed sshd[25469]: Failed password for invalid user harmonie from 94.99.212.91 port 40721 ssh2
Aug 18 18:55:34 testbed sshd[28721]: Invalid user remote from 94.99.212.91 port 37135

2019-08-19 07:39:09

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 94.99.212.91
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13851
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;94.99.212.91.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019081801 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Mon Aug 19 07:39:04 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 91.212.99.94.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 91.212.99.94.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
195.56.7.98	attack	Dec 17 18:57:00 ms-srv sshd[23298]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.56.7.98 user=root Dec 17 18:57:02 ms-srv sshd[23298]: Failed password for invalid user root from 195.56.7.98 port 56172 ssh2	2020-02-02 23:35:51
110.39.65.202	attack	Port 1433 Scan	2020-02-02 23:07:43
203.95.222.218	attackbotsspam	DATE:2020-02-02 16:09:28, IP:203.95.222.218, PORT:1433 MSSQL brute force auth on honeypot server (honey-neo-dc)	2020-02-02 23:52:26
195.70.44.3	attackspambots	Dec 19 12:38:51 ms-srv sshd[24320]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.70.44.3 Dec 19 12:38:53 ms-srv sshd[24320]: Failed password for invalid user nginx from 195.70.44.3 port 43032 ssh2	2020-02-02 23:25:40
195.239.204.94	attackbotsspam	Jan 3 13:09:20 ms-srv sshd[37313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.239.204.94 user=root Jan 3 13:09:22 ms-srv sshd[37313]: Failed password for invalid user root from 195.239.204.94 port 57618 ssh2	2020-02-02 23:50:17
36.113.99.6	attackbotsspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-02-02 23:33:37
222.186.15.10	attackspam	2020-02-02T10:40:49.312706vostok sshd\[7288\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.15.10 user=root \| Triggered by Fail2Ban at Vostok web server	2020-02-02 23:42:52
82.102.166.167	attackbotsspam	$f2bV_matches	2020-02-02 23:15:40
195.43.189.10	attackspam	Aug 11 06:00:39 ms-srv sshd[42100]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.43.189.10 Aug 11 06:00:41 ms-srv sshd[42100]: Failed password for invalid user inx from 195.43.189.10 port 35702 ssh2	2020-02-02 23:38:10
195.78.212.5	attackbots	Jan 12 19:23:37 ms-srv sshd[28359]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.78.212.5 Jan 12 19:23:39 ms-srv sshd[28359]: Failed password for invalid user sentry from 195.78.212.5 port 55928 ssh2	2020-02-02 23:25:16
195.96.231.128	attackspam	Dec 25 17:28:23 ms-srv sshd[36984]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.96.231.128 Dec 25 17:28:25 ms-srv sshd[36984]: Failed password for invalid user regina from 195.96.231.128 port 60392 ssh2	2020-02-02 23:17:22
104.238.38.209	attackspam	[2020-02-02 10:07:17] NOTICE[1148] chan_sip.c: Registration from '' failed for '104.238.38.209:63635' - Wrong password [2020-02-02 10:07:17] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-02-02T10:07:17.257-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="700",SessionID="0x7fd82cd25138",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/104.238.38.209/63635",Challenge="1336417b",ReceivedChallenge="1336417b",ReceivedHash="89eaa00f5fe0c5a7adfcaec61e69ec78" [2020-02-02 10:09:37] NOTICE[1148] chan_sip.c: Registration from '' failed for '104.238.38.209:51602' - Wrong password [2020-02-02 10:09:37] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-02-02T10:09:37.425-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="141",SessionID="0x7fd82c2348d8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/104.238.38.209 ...	2020-02-02 23:30:09
49.88.112.55	attackbots	k+ssh-bruteforce	2020-02-02 23:54:39
195.39.140.129	attackbotsspam	Dec 31 14:36:24 ms-srv sshd[33112]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.39.140.129 Dec 31 14:36:26 ms-srv sshd[33112]: Failed password for invalid user admin from 195.39.140.129 port 1135 ssh2	2020-02-02 23:38:40
221.194.44.151	attack	DATE:2020-02-02 16:09:41, IP:221.194.44.151, PORT:1433 MSSQL brute force auth on honeypot server (honey-neo-dc)	2020-02-02 23:13:58

Recently Reported IPs

127.128.224.59	194.140.94.143	111.190.61.109	160.123.158.204
55.170.182.185	79.206.91.186	145.119.189.141	94.121.238.116
49.81.199.117	160.219.194.211	126.31.201.147	19.114.204.206
114.95.125.77	111.253.2.120	106.12.19.30	2a01:4f8:121:12f2::2:5885
42.156.230.1	107.174.126.84	61.160.233.125	148.240.211.253