128.91.13.207 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States of America

运营商(isp): University of Pennsylvania

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): University/College/School

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	May 29 11:25:33 Ubuntu-1404-trusty-64-minimal sshd\[1287\]: Invalid user postgres from 128.91.13.207 May 29 11:25:33 Ubuntu-1404-trusty-64-minimal sshd\[1287\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.91.13.207 May 29 11:25:35 Ubuntu-1404-trusty-64-minimal sshd\[1287\]: Failed password for invalid user postgres from 128.91.13.207 port 53734 ssh2 May 30 10:49:52 Ubuntu-1404-trusty-64-minimal sshd\[24974\]: Invalid user postgres from 128.91.13.207 May 30 10:49:52 Ubuntu-1404-trusty-64-minimal sshd\[24974\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.91.13.207	2020-05-30 17:11:06

类型

评论内容

时间

attack

May 29 11:25:33 Ubuntu-1404-trusty-64-minimal sshd\[1287\]: Invalid user postgres from 128.91.13.207
May 29 11:25:33 Ubuntu-1404-trusty-64-minimal sshd\[1287\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.91.13.207
May 29 11:25:35 Ubuntu-1404-trusty-64-minimal sshd\[1287\]: Failed password for invalid user postgres from 128.91.13.207 port 53734 ssh2
May 30 10:49:52 Ubuntu-1404-trusty-64-minimal sshd\[24974\]: Invalid user postgres from 128.91.13.207
May 30 10:49:52 Ubuntu-1404-trusty-64-minimal sshd\[24974\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.91.13.207

2020-05-30 17:11:06

相同子网IP讨论:

暂无关于此IP所属子网相关IP的讨论.

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 128.91.13.207
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64300
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;128.91.13.207.			IN	A

;; AUTHORITY SECTION:
.			500	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020053000 1800 900 604800 86400

;; Query time: 96 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sat May 30 17:11:02 CST 2020
;; MSG SIZE  rcvd: 117

HOST信息:

207.13.91.128.in-addr.arpa domain name pointer mipg14.med.upenn.edu.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
207.13.91.128.in-addr.arpa	name = mipg14.med.upenn.edu.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
159.65.144.233	attack	Jul 10 03:34:40 debian sshd\[5401\]: Invalid user rpmbuilder from 159.65.144.233 port 16381 Jul 10 03:34:40 debian sshd\[5401\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.144.233 ...	2019-07-10 12:23:39
37.120.150.139	attackbots	Jul 10 01:18:01 online-web-vs-1 postfix/smtpd[29473]: connect from expect.procars-m5-pl.com[37.120.150.139] Jul x@x Jul 10 01:18:10 online-web-vs-1 postfix/smtpd[29473]: disconnect from expect.procars-m5-pl.com[37.120.150.139] Jul 10 01:18:32 online-web-vs-1 postfix/smtpd[29479]: connect from expect.procars-m5-pl.com[37.120.150.139] Jul x@x Jul 10 01:18:40 online-web-vs-1 postfix/smtpd[29479]: disconnect from expect.procars-m5-pl.com[37.120.150.139] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=37.120.150.139	2019-07-10 12:30:29
46.101.88.10	attackbots	2019-07-10T03:51:56.799196abusebot-4.cloudsearch.cf sshd\[26267\]: Invalid user bnc from 46.101.88.10 port 50288	2019-07-10 11:52:14
62.210.162.128	attackbots	Port Scan detected from 62.210.162.128 (FR/France/62-210-162-128.rev.poneytelecom.eu). 4 hits in the last 200 seconds	2019-07-10 12:33:47
218.92.0.199	attackbotsspam	Jul 10 05:33:08 minden010 sshd[9263]: Failed password for root from 218.92.0.199 port 45955 ssh2 Jul 10 05:34:14 minden010 sshd[9616]: Failed password for root from 218.92.0.199 port 30277 ssh2 Jul 10 05:34:16 minden010 sshd[9616]: Failed password for root from 218.92.0.199 port 30277 ssh2 ...	2019-07-10 12:29:34
125.212.233.50	attackspam	Jul 10 05:36:02 mail sshd\[3988\]: Invalid user ls from 125.212.233.50 Jul 10 05:36:02 mail sshd\[3988\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.212.233.50 Jul 10 05:36:03 mail sshd\[3988\]: Failed password for invalid user ls from 125.212.233.50 port 38886 ssh2 ...	2019-07-10 11:48:42
203.195.134.205	attack	Jul 8 10:15:04 www6-3 sshd[1053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.134.205 user=r.r Jul 8 10:15:06 www6-3 sshd[1053]: Failed password for r.r from 203.195.134.205 port 44842 ssh2 Jul 8 10:15:06 www6-3 sshd[1053]: Received disconnect from 203.195.134.205 port 44842:11: Bye Bye [preauth] Jul 8 10:15:06 www6-3 sshd[1053]: Disconnected from 203.195.134.205 port 44842 [preauth] Jul 8 10:18:17 www6-3 sshd[1170]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.195.134.205 user=mysql Jul 8 10:18:19 www6-3 sshd[1170]: Failed password for mysql from 203.195.134.205 port 45052 ssh2 Jul 8 10:18:19 www6-3 sshd[1170]: Received disconnect from 203.195.134.205 port 45052:11: Bye Bye [preauth] Jul 8 10:18:19 www6-3 sshd[1170]: Disconnected from 203.195.134.205 port 45052 [preauth] Jul 8 10:20:36 www6-3 sshd[1282]: Invalid user console from 203.195.134.205 port 34048 Jul ........ -------------------------------	2019-07-10 11:56:08
106.12.36.21	attackspambots	Jul 10 02:45:44 rpi sshd[3896]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.36.21 Jul 10 02:45:46 rpi sshd[3896]: Failed password for invalid user was from 106.12.36.21 port 40946 ssh2	2019-07-10 12:02:54
125.41.17.127	attackspam	Jul 10 01:26:30 apollo sshd\[26345\]: Failed password for root from 125.41.17.127 port 46824 ssh2Jul 10 01:26:32 apollo sshd\[26345\]: Failed password for root from 125.41.17.127 port 46824 ssh2Jul 10 01:26:35 apollo sshd\[26345\]: Failed password for root from 125.41.17.127 port 46824 ssh2 ...	2019-07-10 12:03:28
2401:78c0:1::cac4	attackspam	WordPress wp-login brute force :: 2401:78c0:1::cac4 0.064 BYPASS [10/Jul/2019:10:03:54 1000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 4630 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-07-10 12:01:01
115.31.167.28	attack	SMB Server BruteForce Attack	2019-07-10 11:53:56
58.216.238.76	attackspam	Jul 10 04:04:34 srv-4 sshd\[1823\]: Invalid user admin from 58.216.238.76 Jul 10 04:04:34 srv-4 sshd\[1823\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.216.238.76 Jul 10 04:04:36 srv-4 sshd\[1823\]: Failed password for invalid user admin from 58.216.238.76 port 52319 ssh2 ...	2019-07-10 12:10:44
104.244.79.33	attackbotsspam	" "	2019-07-10 12:22:57
180.231.45.132	attackbotsspam	Jul 10 02:25:09 debian sshd\[4919\]: Invalid user sandeep from 180.231.45.132 port 60158 Jul 10 02:25:09 debian sshd\[4919\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.231.45.132 ...	2019-07-10 12:11:11
201.243.226.154	attack	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-08 20:05:19,343 INFO [shellcode_manager] (201.243.226.154) no match, writing hexdump (d863bce569ad7f3dfa01154c860f56ee :2132037) - MS17010 (EternalBlue)	2019-07-10 12:04:04

最近上报的IP列表

157.245.237.33	158.176.213.56	156.225.3.224	87.251.74.143
5.188.210.87	109.236.60.34	35.204.228.166	68.45.8.26
246.46.140.154	52.178.134.108	81.35.197.66	109.208.64.128
150.136.220.58	2.95.54.222	68.179.169.125	187.176.27.125
113.179.16.225	34.96.228.73	111.251.54.168	149.210.53.239