141.85.13.4 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Romania

Internet Service Provider: Politehnica University of Bucharest

Hostname: unknown

Organization: unknown

Usage Type: University/College/School

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Jun 27 05:50:01 server sshd\[59601\]: Invalid user alfred from 141.85.13.4 Jun 27 05:50:01 server sshd\[59601\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.4 Jun 27 05:50:03 server sshd\[59601\]: Failed password for invalid user alfred from 141.85.13.4 port 60148 ssh2 ...	2019-07-12 05:29:25
attackspam	Jun 26 22:43:10 [snip] sshd[2579]: Invalid user gong from 141.85.13.4 port 58722 Jun 26 22:43:10 [snip] sshd[2579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.4 Jun 26 22:43:12 [snip] sshd[2579]: Failed password for invalid user gong from 141.85.13.4 port 58722 ssh2[...]	2019-06-27 06:04:38
attack	Jun 25 00:02:53 host sshd\[23476\]: Invalid user webadmin from 141.85.13.4 port 38974 Jun 25 00:02:53 host sshd\[23476\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.4 ...	2019-06-25 10:28:12

Type

Details

Datetime

attackbots

Jun 27 05:50:01 server sshd\[59601\]: Invalid user alfred from 141.85.13.4
Jun 27 05:50:01 server sshd\[59601\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.4
Jun 27 05:50:03 server sshd\[59601\]: Failed password for invalid user alfred from 141.85.13.4 port 60148 ssh2
...

2019-07-12 05:29:25

attackspam

Jun 26 22:43:10 [snip] sshd[2579]: Invalid user gong from 141.85.13.4 port 58722
Jun 26 22:43:10 [snip] sshd[2579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.4
Jun 26 22:43:12 [snip] sshd[2579]: Failed password for invalid user gong from 141.85.13.4 port 58722 ssh2[...]

2019-06-27 06:04:38

attack

Jun 25 00:02:53 host sshd\[23476\]: Invalid user webadmin from 141.85.13.4 port 38974
Jun 25 00:02:53 host sshd\[23476\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.4
...

2019-06-25 10:28:12

Comments on same subnet:

IP	Type	Details	Datetime
141.85.13.6	attackbotsspam	Sep 1 09:53:24 auw2 sshd\[24421\]: Invalid user quercia from 141.85.13.6 Sep 1 09:53:24 auw2 sshd\[24421\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.6 Sep 1 09:53:27 auw2 sshd\[24421\]: Failed password for invalid user quercia from 141.85.13.6 port 39336 ssh2 Sep 1 09:57:56 auw2 sshd\[24818\]: Invalid user go from 141.85.13.6 Sep 1 09:57:56 auw2 sshd\[24818\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.6	2019-09-02 04:17:44
141.85.13.6	attackspam	Invalid user scan12345 from 141.85.13.6 port 33982 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.6 Failed password for invalid user scan12345 from 141.85.13.6 port 33982 ssh2 Invalid user 123456 from 141.85.13.6 port 52812 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.6	2019-08-26 14:57:22
141.85.13.6	attackbots	Invalid user mqm from 141.85.13.6 port 56402	2019-08-17 07:55:35
141.85.13.6	attackbotsspam	Automatic report - Banned IP Access	2019-08-09 03:28:44
141.85.13.6	attackbots	Jul 26 16:55:41 aat-srv002 sshd[4917]: Failed password for root from 141.85.13.6 port 59178 ssh2 Jul 26 17:00:15 aat-srv002 sshd[5055]: Failed password for root from 141.85.13.6 port 53314 ssh2 Jul 26 17:04:55 aat-srv002 sshd[5181]: Failed password for root from 141.85.13.6 port 47458 ssh2 ...	2019-07-27 06:06:53
141.85.13.6	attackspam	2019-07-20T02:45:01.904037abusebot.cloudsearch.cf sshd\[28430\]: Invalid user ggg from 141.85.13.6 port 36478	2019-07-20 10:45:43
141.85.13.6	attackspambots	2019-07-19T23:55:44.193279abusebot.cloudsearch.cf sshd\[26497\]: Invalid user openstack from 141.85.13.6 port 34068	2019-07-20 08:07:28
141.85.13.6	attackbots	Jul 10 22:53:53 ns341937 sshd[23381]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.6 Jul 10 22:53:55 ns341937 sshd[23381]: Failed password for invalid user deploy from 141.85.13.6 port 49630 ssh2 Jul 10 22:57:16 ns341937 sshd[24270]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.85.13.6 ...	2019-07-11 05:24:17
141.85.13.6	attackbots	Tried sshing with brute force.	2019-07-06 02:42:41
141.85.13.6	attack	Jun 23 10:57:02 *** sshd[20099]: Failed password for invalid user admin from 141.85.13.6 port 54394 ssh2	2019-06-24 08:18:24

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 141.85.13.4
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24633
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;141.85.13.4.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019062401 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Jun 25 10:28:07 CST 2019
;; MSG SIZE  rcvd: 115

Host info

Host 4.13.85.141.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 4.13.85.141.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
121.182.166.82	attack	Sep 4 15:53:55 php1 sshd\[31481\]: Invalid user developer from 121.182.166.82 Sep 4 15:53:55 php1 sshd\[31481\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.182.166.82 Sep 4 15:53:57 php1 sshd\[31481\]: Failed password for invalid user developer from 121.182.166.82 port 47699 ssh2 Sep 4 15:59:12 php1 sshd\[31939\]: Invalid user minecraft from 121.182.166.82 Sep 4 15:59:12 php1 sshd\[31939\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.182.166.82	2019-09-05 10:08:08
94.190.190.35	attackbots	RDP Scan	2019-09-05 09:42:01
68.183.230.224	attackbots	Sep 4 15:55:19 lcprod sshd\[22825\]: Invalid user nagios from 68.183.230.224 Sep 4 15:55:19 lcprod sshd\[22825\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.230.224 Sep 4 15:55:21 lcprod sshd\[22825\]: Failed password for invalid user nagios from 68.183.230.224 port 44084 ssh2 Sep 4 16:01:18 lcprod sshd\[23377\]: Invalid user ftptest from 68.183.230.224 Sep 4 16:01:18 lcprod sshd\[23377\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=68.183.230.224	2019-09-05 10:01:50
92.222.66.234	attackbotsspam	Sep 5 02:32:16 yabzik sshd[26277]: Failed password for ftp from 92.222.66.234 port 33526 ssh2 Sep 5 02:36:42 yabzik sshd[27682]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.222.66.234 Sep 5 02:36:44 yabzik sshd[27682]: Failed password for invalid user bert from 92.222.66.234 port 50518 ssh2	2019-09-05 09:56:16
5.129.131.63	attack	8080/tcp [2019-09-04]1pkt	2019-09-05 09:40:47
78.128.113.76	attack	Sep 5 03:29:14 relay postfix/smtpd\[9003\]: warning: unknown\[78.128.113.76\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 5 03:29:22 relay postfix/smtpd\[21043\]: warning: unknown\[78.128.113.76\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 5 03:36:03 relay postfix/smtpd\[22053\]: warning: unknown\[78.128.113.76\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 5 03:36:11 relay postfix/smtpd\[26716\]: warning: unknown\[78.128.113.76\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 5 03:41:08 relay postfix/smtpd\[29595\]: warning: unknown\[78.128.113.76\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-09-05 09:53:31
185.211.245.198	attack	Sep 5 03:25:48 relay postfix/smtpd\[21043\]: warning: unknown\[185.211.245.198\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 5 03:25:57 relay postfix/smtpd\[22053\]: warning: unknown\[185.211.245.198\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 5 03:29:39 relay postfix/smtpd\[9003\]: warning: unknown\[185.211.245.198\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 5 03:29:47 relay postfix/smtpd\[21043\]: warning: unknown\[185.211.245.198\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 5 03:39:39 relay postfix/smtpd\[26205\]: warning: unknown\[185.211.245.198\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-09-05 09:48:40
114.36.86.196	attack	Unauthorized connection attempt from IP address 114.36.86.196 on Port 445(SMB)	2019-09-05 09:58:42
218.98.26.175	attackbots	2019-09-05T01:29:49.646188abusebot-6.cloudsearch.cf sshd\[16216\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.98.26.175 user=root	2019-09-05 09:36:38
116.58.241.121	attackbots	Unauthorized connection attempt from IP address 116.58.241.121 on Port 445(SMB)	2019-09-05 09:38:20
36.91.38.95	attackspambots	Unauthorized connection attempt from IP address 36.91.38.95 on Port 445(SMB)	2019-09-05 10:02:16
187.188.169.68	attack	88/tcp [2019-09-04]1pkt	2019-09-05 09:25:43
51.15.55.90	attack	Sep 5 02:35:30 icinga sshd[19881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.15.55.90 Sep 5 02:35:32 icinga sshd[19881]: Failed password for invalid user support from 51.15.55.90 port 51982 ssh2 ...	2019-09-05 09:56:49
80.211.83.105	attackbots	Automatic report - Banned IP Access	2019-09-05 09:29:08
188.165.242.200	attack	Sep 5 03:23:48 XXX sshd[61789]: Invalid user ofsaa from 188.165.242.200 port 35050	2019-09-05 10:06:46

Recently Reported IPs

183.182.115.185	183.78.192.164	183.5.91.70	183.108.27.227
183.104.169.136	183.102.192.179	182.75.88.86	96.143.68.232
164.77.71.148	182.73.168.94	182.66.35.64	182.64.88.100
109.111.143.194	182.253.162.48	182.231.138.153	86.124.204.81
123.13.59.118	182.228.179.53	182.213.217.171	182.23.164.9