104.131.139.147

Basic Info

City: San Francisco

Region: California

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	104.131.139.147 - - [11/Jun/2020:15:45:12 +0200] "GET /wp-login.php HTTP/1.1" 200 6302 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [11/Jun/2020:15:45:18 +0200] "POST /wp-login.php HTTP/1.1" 200 6469 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [11/Jun/2020:15:45:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-12 01:34:56
attackbotsspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-24 16:39:26
attackbots	104.131.139.147 - - [23/May/2020:22:13:41 +0200] "GET /wp-login.php HTTP/1.1" 200 6614 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [23/May/2020:22:13:43 +0200] "POST /wp-login.php HTTP/1.1" 200 6865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [23/May/2020:22:13:49 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-24 06:27:14
attackbotsspam	104.131.139.147 - - [04/May/2020:14:11:58 +0200] "GET /wp-login.php HTTP/1.1" 200 5863 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [04/May/2020:14:12:04 +0200] "POST /wp-login.php HTTP/1.1" 200 6114 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [04/May/2020:14:12:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-05 00:09:26
attackspambots	WordPress login Brute force / Web App Attack on client site.	2020-04-21 17:16:32
attack	Automatic report - XMLRPC Attack	2020-04-09 08:24:41
attackspam	104.131.139.147 - - \[05/Mar/2020:05:50:15 +0100\] "POST /wp-login.php HTTP/1.0" 200 7427 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - \[05/Mar/2020:05:50:17 +0100\] "POST /wp-login.php HTTP/1.0" 200 7242 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - \[05/Mar/2020:05:50:19 +0100\] "POST /wp-login.php HTTP/1.0" 200 7239 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-03-05 16:29:01
attack	WordPress wp-login brute force :: 104.131.139.147 0.168 BYPASS [07/Jan/2020:21:18:15 0000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 2100 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-01-08 07:24:03
attack	Wordpress Admin Login attack	2019-12-30 21:09:31
attackspam	[munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:24 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:27 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:30 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:38 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:51 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:59 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.	2019-12-19 06:49:17
attack	Wordpress Admin Login attack	2019-11-14 18:11:38
attackspam	104.131.139.147 - - \[11/Nov/2019:23:43:35 +0100\] "POST /wp-login.php HTTP/1.0" 200 10602 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - \[11/Nov/2019:23:43:48 +0100\] "POST /wp-login.php HTTP/1.0" 200 10427 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - \[11/Nov/2019:23:43:51 +0100\] "POST /wp-login.php HTTP/1.0" 200 10422 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-11-12 07:08:37
attackspam	Automatic report - XMLRPC Attack	2019-11-09 06:56:50
attack	B: /wp-login.php attack	2019-11-06 18:45:14

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.131.139.147
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3484
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.131.139.147.		IN	A

;; AUTHORITY SECTION:
.			480	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019110600 1800 900 604800 86400

;; Query time: 113 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Nov 06 18:45:10 CST 2019
;; MSG SIZE  rcvd: 119

Host info

Host 147.139.131.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 147.139.131.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
74.82.47.29	attackbots	" "	2020-06-11 01:38:40
47.100.220.7	attackbots	2020-06-10T08:45:06.8968121495-001 sshd[54754]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.100.220.7 user=root 2020-06-10T08:45:09.2819861495-001 sshd[54754]: Failed password for root from 47.100.220.7 port 55702 ssh2 2020-06-10T08:46:09.4704471495-001 sshd[54805]: Invalid user test from 47.100.220.7 port 37940 2020-06-10T08:46:09.4763331495-001 sshd[54805]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.100.220.7 2020-06-10T08:46:09.4704471495-001 sshd[54805]: Invalid user test from 47.100.220.7 port 37940 2020-06-10T08:46:11.5103991495-001 sshd[54805]: Failed password for invalid user test from 47.100.220.7 port 37940 ssh2 ...	2020-06-11 01:45:26
171.103.25.82	attackspam	Unauthorized connection attempt from IP address 171.103.25.82 on port 993	2020-06-11 01:38:01
178.128.22.249	attackspambots	Jun 10 22:17:33 webhost01 sshd[8499]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.22.249 Jun 10 22:17:35 webhost01 sshd[8499]: Failed password for invalid user useradmin from 178.128.22.249 port 33641 ssh2 ...	2020-06-11 01:42:49
103.92.24.240	attackspam	Jun 10 18:44:06 abendstille sshd\[22043\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.92.24.240 user=root Jun 10 18:44:07 abendstille sshd\[22043\]: Failed password for root from 103.92.24.240 port 45464 ssh2 Jun 10 18:47:45 abendstille sshd\[25706\]: Invalid user jianghh from 103.92.24.240 Jun 10 18:47:45 abendstille sshd\[25706\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.92.24.240 Jun 10 18:47:47 abendstille sshd\[25706\]: Failed password for invalid user jianghh from 103.92.24.240 port 60596 ssh2 ...	2020-06-11 01:13:48
86.100.130.65	attackbots	[H1.VM2] Blocked by UFW	2020-06-11 01:14:45
49.149.78.110	attackbots	1591786682 - 06/10/2020 12:58:02 Host: 49.149.78.110/49.149.78.110 Port: 445 TCP Blocked	2020-06-11 01:40:25
14.172.94.164	attackspam	1591786687 - 06/10/2020 12:58:07 Host: 14.172.94.164/14.172.94.164 Port: 445 TCP Blocked	2020-06-11 01:37:11
209.105.146.54	attackspam	Honeypot attack, port: 81, PTR: ddsl-209-105-146-54.uniteone.net.	2020-06-11 01:29:04
88.102.244.211	attackbotsspam	2020-06-10T11:09:16.441568dmca.cloudsearch.cf sshd[24566]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.244.broadband7.iol.cz user=root 2020-06-10T11:09:18.454096dmca.cloudsearch.cf sshd[24566]: Failed password for root from 88.102.244.211 port 44012 ssh2 2020-06-10T11:13:57.181038dmca.cloudsearch.cf sshd[24968]: Invalid user ignacy from 88.102.244.211 port 44600 2020-06-10T11:13:57.187371dmca.cloudsearch.cf sshd[24968]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.244.broadband7.iol.cz 2020-06-10T11:13:57.181038dmca.cloudsearch.cf sshd[24968]: Invalid user ignacy from 88.102.244.211 port 44600 2020-06-10T11:13:59.109503dmca.cloudsearch.cf sshd[24968]: Failed password for invalid user ignacy from 88.102.244.211 port 44600 ssh2 2020-06-10T11:18:23.027213dmca.cloudsearch.cf sshd[25386]: Invalid user nxautomation from 88.102.244.211 port 45192 ...	2020-06-11 01:24:02
196.38.70.24	attack	Jun 10 07:08:18 server1 sshd\[24948\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.38.70.24 user=root Jun 10 07:08:20 server1 sshd\[24948\]: Failed password for root from 196.38.70.24 port 52067 ssh2 Jun 10 07:12:47 server1 sshd\[26544\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.38.70.24 user=root Jun 10 07:12:49 server1 sshd\[26544\]: Failed password for root from 196.38.70.24 port 54696 ssh2 Jun 10 07:17:16 server1 sshd\[27930\]: Invalid user scmqa from 196.38.70.24 ...	2020-06-11 01:32:34
154.223.188.228	attackspambots	Jun 10 13:58:20 debian kernel: [689255.065131] [UFW BLOCK] IN=eth0 OUT= MAC=52:54:00:be:e4:65:08:e8:4f:6e:48:0c:08:00 SRC=154.223.188.228 DST=89.252.131.35 LEN=40 TOS=0x00 PREC=0x00 TTL=235 ID=34954 PROTO=TCP SPT=46008 DPT=5000 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-11 01:22:58
192.89.0.73	attack	Automatic report - Banned IP Access	2020-06-11 01:37:49
46.101.206.205	attack	Jun 10 19:03:15 debian-2gb-nbg1-2 kernel: \[14067325.103458\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=46.101.206.205 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=35476 PROTO=TCP SPT=44067 DPT=19242 WINDOW=1024 RES=0x00 SYN URGP=0	2020-06-11 01:20:24
138.197.195.52	attackspam	Jun 10 20:19:37 pkdns2 sshd\[36329\]: Invalid user webmaster from 138.197.195.52Jun 10 20:19:38 pkdns2 sshd\[36329\]: Failed password for invalid user webmaster from 138.197.195.52 port 52896 ssh2Jun 10 20:23:27 pkdns2 sshd\[36503\]: Invalid user oji from 138.197.195.52Jun 10 20:23:28 pkdns2 sshd\[36503\]: Failed password for invalid user oji from 138.197.195.52 port 54066 ssh2Jun 10 20:27:27 pkdns2 sshd\[36669\]: Invalid user lijin from 138.197.195.52Jun 10 20:27:29 pkdns2 sshd\[36669\]: Failed password for invalid user lijin from 138.197.195.52 port 55238 ssh2 ...	2020-06-11 01:31:44

Recently Reported IPs

114.46.163.111	139.59.27.104	51.255.74.98	101.249.83.94
185.84.188.138	167.71.156.62	146.48.96.196	193.173.109.168
138.118.103.172	177.73.8.230	108.162.219.48	104.244.78.162
66.50.11.146	185.222.57.76	117.216.130.109	167.71.115.227
2a00:d680:20:50::40e9	24.244.144.145	42.236.220.32	128.1.91.205