104.131.139.228

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.131.139.147	attack	104.131.139.147 - - [11/Jun/2020:15:45:12 +0200] "GET /wp-login.php HTTP/1.1" 200 6302 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [11/Jun/2020:15:45:18 +0200] "POST /wp-login.php HTTP/1.1" 200 6469 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [11/Jun/2020:15:45:19 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-12 01:34:56
104.131.139.147	attackbotsspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-24 16:39:26
104.131.139.147	attackbots	104.131.139.147 - - [23/May/2020:22:13:41 +0200] "GET /wp-login.php HTTP/1.1" 200 6614 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [23/May/2020:22:13:43 +0200] "POST /wp-login.php HTTP/1.1" 200 6865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [23/May/2020:22:13:49 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-24 06:27:14
104.131.139.147	attackbotsspam	104.131.139.147 - - [04/May/2020:14:11:58 +0200] "GET /wp-login.php HTTP/1.1" 200 5863 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [04/May/2020:14:12:04 +0200] "POST /wp-login.php HTTP/1.1" 200 6114 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - [04/May/2020:14:12:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-05 00:09:26
104.131.139.147	attackspambots	WordPress login Brute force / Web App Attack on client site.	2020-04-21 17:16:32
104.131.139.147	attack	Automatic report - XMLRPC Attack	2020-04-09 08:24:41
104.131.139.147	attackspam	104.131.139.147 - - \[05/Mar/2020:05:50:15 +0100\] "POST /wp-login.php HTTP/1.0" 200 7427 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - \[05/Mar/2020:05:50:17 +0100\] "POST /wp-login.php HTTP/1.0" 200 7242 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - \[05/Mar/2020:05:50:19 +0100\] "POST /wp-login.php HTTP/1.0" 200 7239 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-03-05 16:29:01
104.131.139.147	attack	WordPress wp-login brute force :: 104.131.139.147 0.168 BYPASS [07/Jan/2020:21:18:15 0000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 2100 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-01-08 07:24:03
104.131.139.147	attack	Wordpress Admin Login attack	2019-12-30 21:09:31
104.131.139.147	attackspam	[munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:24 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:27 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:30 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:38 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:51 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 104.131.139.147 - - [18/Dec/2019:23:39:59 +0100] "POST /[munged]: HTTP/1.1" 200 9083 "-" "Mozilla/5.	2019-12-19 06:49:17
104.131.139.147	attack	Wordpress Admin Login attack	2019-11-14 18:11:38
104.131.139.147	attackspam	104.131.139.147 - - \[11/Nov/2019:23:43:35 +0100\] "POST /wp-login.php HTTP/1.0" 200 10602 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - \[11/Nov/2019:23:43:48 +0100\] "POST /wp-login.php HTTP/1.0" 200 10427 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.139.147 - - \[11/Nov/2019:23:43:51 +0100\] "POST /wp-login.php HTTP/1.0" 200 10422 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-11-12 07:08:37
104.131.139.147	attackspam	Automatic report - XMLRPC Attack	2019-11-09 06:56:50
104.131.139.147	attack	B: /wp-login.php attack	2019-11-06 18:45:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.131.139.228
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 52697
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.131.139.228.		IN	A

;; AUTHORITY SECTION:
.			230	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021700 1800 900 604800 86400

;; Query time: 56 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 18 01:32:01 CST 2022
;; MSG SIZE  rcvd: 108

Host info

228.139.131.104.in-addr.arpa domain name pointer amanecechihuahua.gob.mx.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
228.139.131.104.in-addr.arpa	name = amanecechihuahua.gob.mx.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
172.68.10.14	attackbots	SQL injection:/newsites/free/pierre/search/search-1-prj.php?idPrj=-4800%20OR%204972%3DCAST%28%28CHR%28113%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%284972%3D4972%29%20THEN%201%20ELSE%200%20END%29%29%3A%3Atext%7C%7C%28CHR%28113%29%7C%7CCHR%28120%29%7C%7CCHR%28112%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%29%20AS%20NUMERIC%29	2020-06-07 08:13:11
49.234.207.226	attackspam	2020-06-06T22:36:27.992944vps773228.ovh.net sshd[4659]: Failed password for root from 49.234.207.226 port 58126 ssh2 2020-06-06T22:39:39.218723vps773228.ovh.net sshd[4709]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.207.226 user=root 2020-06-06T22:39:40.920682vps773228.ovh.net sshd[4709]: Failed password for root from 49.234.207.226 port 55682 ssh2 2020-06-06T22:42:49.869149vps773228.ovh.net sshd[4767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.234.207.226 user=root 2020-06-06T22:42:51.987659vps773228.ovh.net sshd[4767]: Failed password for root from 49.234.207.226 port 53238 ssh2 ...	2020-06-07 07:58:17
193.56.28.124	attack	2020-06-07 01:05:04 auth_plain authenticator failed for (User) [193.56.28.124]: 535 Incorrect authentication data 2020-06-07 02:58:18 auth_plain authenticator failed for (User) [193.56.28.124]: 535 Incorrect authentication data (set_id=public1@lavrinenko.info,) ...	2020-06-07 08:04:14
120.53.15.134	attack	SSH / Telnet Brute Force Attempts on Honeypot	2020-06-07 08:07:55
114.141.52.94	attackspam	Lines containing failures of 114.141.52.94 Jun 5 22:45:32 neweola sshd[21674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.141.52.94 user=r.r Jun 5 22:45:35 neweola sshd[21674]: Failed password for r.r from 114.141.52.94 port 35968 ssh2 Jun 5 22:45:36 neweola sshd[21674]: Received disconnect from 114.141.52.94 port 35968:11: Bye Bye [preauth] Jun 5 22:45:36 neweola sshd[21674]: Disconnected from authenticating user r.r 114.141.52.94 port 35968 [preauth] Jun 5 23:02:40 neweola sshd[22202]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.141.52.94 user=r.r Jun 5 23:02:41 neweola sshd[22202]: Failed password for r.r from 114.141.52.94 port 36554 ssh2 Jun 5 23:02:42 neweola sshd[22202]: Received disconnect from 114.141.52.94 port 36554:11: Bye Bye [preauth] Jun 5 23:02:42 neweola sshd[22202]: Disconnected from authenticating user r.r 114.141.52.94 port 36554 [preauth] Jun 5........ ------------------------------	2020-06-07 07:55:23
164.132.70.22	attackspambots	Jun 6 23:48:10 prox sshd[1683]: Failed password for root from 164.132.70.22 port 40908 ssh2	2020-06-07 07:49:56
2001:41d0:a:446f::	attackbots	WordPress login Brute force / Web App Attack on client site.	2020-06-07 08:18:52
91.220.101.134	attackspam	IP was detected trying to Brute-Force SSH, FTP, Web Apps, Port-Scan or Hacking.	2020-06-07 08:12:33
5.227.15.240	attackspambots	Email rejected due to spam filtering	2020-06-07 07:49:31
190.117.62.241	attackspam	CMS (WordPress or Joomla) login attempt.	2020-06-07 07:52:16
163.172.49.56	attackbots	SSH / Telnet Brute Force Attempts on Honeypot	2020-06-07 08:08:54
178.128.114.194	attackbots	Lines containing failures of 178.128.114.194 Jun 6 08:37:47 shared06 sshd[29523]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.114.194 user=r.r Jun 6 08:37:49 shared06 sshd[29523]: Failed password for r.r from 178.128.114.194 port 41060 ssh2 Jun 6 08:37:49 shared06 sshd[29523]: Received disconnect from 178.128.114.194 port 41060:11: Bye Bye [preauth] Jun 6 08:37:49 shared06 sshd[29523]: Disconnected from authenticating user r.r 178.128.114.194 port 41060 [preauth] Jun 6 08:40:28 shared06 sshd[30106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.114.194 user=r.r Jun 6 08:40:30 shared06 sshd[30106]: Failed password for r.r from 178.128.114.194 port 43464 ssh2 Jun 6 08:40:30 shared06 sshd[30106]: Received disconnect from 178.128.114.194 port 43464:11: Bye Bye [preauth] Jun 6 08:40:30 shared06 sshd[30106]: Disconnected from authenticating user r.r 178.128.114.194 p........ ------------------------------	2020-06-07 08:05:13
201.156.223.75	attack	Automatic report - Port Scan Attack	2020-06-07 08:14:45
195.54.160.135	attackspam	TCP (SYN) 195.54.160.135:59360 -> port 443, len 44	2020-06-07 07:51:32
68.183.169.251	attackbots	SSH / Telnet Brute Force Attempts on Honeypot	2020-06-07 08:13:45

Recently Reported IPs

104.131.121.58	104.131.154.129	104.131.151.164	104.131.13.220
104.131.159.111	104.131.156.119	104.131.134.86	104.131.16.159
104.131.17.183	104.131.187.95	104.131.160.233	104.131.200.238
104.21.63.146	104.131.188.107	104.131.25.249	104.131.242.70
104.131.19.149	104.131.21.84	104.131.176.229	104.131.33.191