Hi «abuse@hetzner.com«,
This is an email abuse report about the IP address 138.201.192.9, which has been temporarily banned by Fail2Ban
after 3 attempts against SIP at consulintel.com.
You get this email because you are listed as the official abuse contact for this IP address.
The following intrusion attempts were detected from IP: 138.201.192.9
[2023-04-12 06:00:22] NOTICE[16572] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:000@213.0.69.132>’ failed for ‘138.201.192.9:63136’ (callid: e5f4a195797263314403e4f7a) — No matching endpoint found
[2023-04-12 06:00:22] SECURITY[3175] res_security_log.c: SecurityEvent=»InvalidAccountID»,EventTV=»2023-04-12T06:00:22.254+0200″,Severity=»Error»,Service=»PJSIP»,EventVersion=»1″,AccountID=»000″,SessionID=»e5f4a195797263314403e4f7a»,LocalAddress=»IPV4/UDP/10.10.9.252/5060″,RemoteAddress=»IPV4/UDP/138.201.192.9/63136″
[2023-04-12 06:00:22] SECURITY[3175] res_security_log.c: SecurityEvent=»ChallengeSent»,EventTV=»2023-04-12T06:00:22.255+0200″,Severity=»Informational»,Service=»PJSIP»,EventVersion=»1″,AccountID=»<unknown>»,SessionID=»e5f4a195797263314403e4f7a»,LocalAddress=»IPV4/UDP/10.10.9.252/5060″,RemoteAddress=»IPV4/UDP/138.201.192.9/63136″,Challenge=»»
[2023-04-12 06:00:22] NOTICE[16572] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:000@213.0.69.132>’ failed for ‘138.201.192.9:63136’ (callid: e5f4a195797263314403e4f7a) — No matching endpoint found
[2023-04-12 06:00:22] SECURITY[3175] res_security_log.c: SecurityEvent=»InvalidAccountID»,EventTV=»2023-04-12T06:00:22.367+0200″,Severity=»Error»,Service=»PJSIP»,EventVersion=»1″,AccountID=»000″,SessionID=»e5f4a195797263314403e4f7a»,LocalAddress=»IPV4/UDP/10.10.9.252/5060″,RemoteAddress=»IPV4/UDP/138.201.192.9/63136″
[2023-04-12 06:00:22] SECURITY[3175] res_security_log.c: SecurityEvent=»ChallengeSent»,EventTV=»2023-04-12T06:00:22.367+0200″,Severity=»Informational»,Service=»PJSIP»,EventVersion=»1″,AccountID=»<unknown>»,SessionID=»e5f4a195797263314403e4f7a»,LocalAddress=»IPV4/UDP/10.10.9.252/5060″,RemoteAddress=»IPV4/UDP/138.201.192.9/63136″,Challenge=»»
[2023-04-12 06:00:22] NOTICE[16572] res_pjsip/pjsip_distributor.c: Request ‘REGISTER’ from ‘<sip:000@213.0.69.132>’ failed for ‘138.201.192.9:63136’ (callid: e5f4a195797263314403e4f7a) — No matching endpoint found
[2023-04-12 06:00:22] SECURITY[3175] res_security_log.c: SecurityEvent=»InvalidAccountID»,EventTV=»2023-04-12T06:00:22.478+0200″,Severity=»Error»,Service=»PJSIP»,EventVersion=»1″,AccountID=»000″,SessionID=»e5f4a195797263314403e4f7a»,LocalAddress=»IPV4/UDP/10.10.9.252/5060″,RemoteAddress=»IPV4/UDP/138.201.192.9/63136″
[2023-04-12 06:00:22] SECURITY[3175] res_security_log.c: SecurityEvent=»ChallengeSent»,EventTV=»2023-04-12T06:00:22.478+0200″,Severity=»Informational»,Service=»PJSIP»,EventVersion=»1″,AccountID=»<unknown>»,SessionID=»e5f4a195797263314403e4f7a»,LocalAddress=»IPV4/UDP/10.10.9.252/5060″,RemoteAddress=»IPV4/UDP/138.201.192.9/63136″,Challenge=»»
Here is more information about 138.201.192.9:
[Querying whois.arin.net]
[Redirected to whois.ripe.net]
[Querying whois.ripe.net]
[whois.ripe.net]
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the «-B» flag.
% Information related to ‘138.201.192.0 — 138.201.192.63’
% Abuse contact for ‘138.201.192.0 — 138.201.192.63’ is ‘abuse@hetzner.com‘
inetnum: 138.201.192.0 — 138.201.192.63
netname: HETZNER-fsn1-dc8
descr: Hetzner Online GmbH
descr: Datacenter fsn1-dc8
country: DE
admin-c: HOAC1-RIPE
tech-c: HOAC1-RIPE
status: LEGACY
remarks: INFRA-AW
mnt-by: HOS-GUN
mnt-lower: HOS-GUN
mnt-routes: HOS-GUN
created: 2018-03-15T14:10:43Z
last-modified: 2018-03-15T14:10:43Z
source: RIPE
role: Hetzner Online GmbH — Contact Role
address: Hetzner Online GmbH
address: Industriestrasse 25
address: D-91710 Gunzenhausen
address: Germany
phone: +49 9831 505-0
fax-no: +49 9831 505-3
abuse-mailbox: abuse@hetzner.com
remarks: *************************************************
remarks: * For spam/abuse/security issues please contact *
remarks: * abuse@hetzner.com, or fill out the form at *
remarks: * abuse.hetzner.com, thank you. *
remarks: *************************************************
remarks:
remarks: *************************************************
remarks: * Any questions on Peering please send to *
remarks: * peering@hetzner.com *
remarks: *************************************************
org: ORG-HOA1-RIPE
admin-c: MH375-RIPE
tech-c: GM834-RIPE
tech-c: SK2374-RIPE
tech-c: MF1400-RIPE
tech-c: SK8441-RIPE
tech-c: DD15478-RIPE
nic-hdl: HOAC1-RIPE
mnt-by: HOS-GUN
created: 2004-08-12T09:40:20Z
last-modified: 2022-11-22T18:33:55Z
source: RIPE # Filtered
% Information related to ‘138.201.0.0/16AS24940’
route: 138.201.0.0/16
descr: HETZNER-RZ-BLK-ERX4
origin: AS24940
org: ORG-HOA1-RIPE
mnt-by: HOS-GUN
created: 2012-12-24T09:10:23Z
last-modified: 2012-12-24T09:10:23Z
source: RIPE
organisation: ORG-HOA1-RIPE
org-name: Hetzner Online GmbH
country: DE
org-type: LIR
address: Industriestrasse 25
address: D-91710
address: Gunzenhausen
address: GERMANY
phone: +49 9831 5050
fax-no: +49 9831 5053
admin-c: MF1400-RIPE
admin-c: GM834-RIPE
admin-c: HOAC1-RIPE
admin-c: MH375-RIPE
admin-c: SK2374-RIPE
admin-c: SK8441-RIPE
abuse-c: HOAC1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: HOS-GUN
mnt-by: RIPE-NCC-HM-MNT
mnt-by: HOS-GUN
created: 2004-04-17T11:07:58Z
last-modified: 2022-11-22T18:32:44Z
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.106 (DEXTER)
Regards,
Fail2Ban
**********************************************
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company
This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
