104.131.20.141

Basic Info

City: Clifton

Region: New Jersey

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.131.208.119	attackbots	104.131.208.119 - - [13/Sep/2020:14:07:06 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-13 23:13:41
104.131.208.119	attackbotsspam	104.131.208.119 - - [13/Sep/2020:06:08:52 +0200] "GET /wp-login.php HTTP/1.1" 200 9184 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.208.119 - - [13/Sep/2020:06:08:54 +0200] "POST /wp-login.php HTTP/1.1" 200 9435 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.208.119 - - [13/Sep/2020:06:08:55 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-13 15:07:45
104.131.208.119	attackspam	104.131.208.119 - - [12/Sep/2020:18:29:02 +0500] "GET /wp-login.php HTTP/1.1" 301 185 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-09-13 06:50:41
104.131.208.119	attack	104.131.208.119 - - [30/Aug/2020:11:27:59 +0200] "GET /wp-login.php HTTP/1.1" 200 8775 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.208.119 - - [30/Aug/2020:11:28:00 +0200] "POST /wp-login.php HTTP/1.1" 200 9026 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.208.119 - - [30/Aug/2020:11:28:01 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-30 17:39:25
104.131.208.119	attack	Hacking Attempt (Website Honeypot)	2020-08-27 03:19:52
104.131.208.119	attackspambots	WordPress XMLRPC scan :: 104.131.208.119 0.112 - [22/Aug/2020:03:53:15 0000] [censored_1] "POST /xmlrpc.php HTTP/1.1" 200 236 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/1.1"	2020-08-22 14:21:59
104.131.208.119	attack	CF RAY ID: 5bba3f3beaa4e851 IP Class: noRecord URI: /xmlrpc.php	2020-08-01 18:31:11
104.131.203.173	attackbots	104.131.203.173 - - \[28/Apr/2020:07:30:22 +0200\] "POST /wp-login.php HTTP/1.0" 200 6702 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - \[28/Apr/2020:07:30:24 +0200\] "POST /wp-login.php HTTP/1.0" 200 6710 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - \[28/Apr/2020:07:30:26 +0200\] "POST /wp-login.php HTTP/1.0" 200 6698 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-04-28 14:54:24
104.131.203.173	attackbots	25.04.2020 06:28:59 - Wordpress fail Detected by ELinOX-ALM	2020-04-25 15:52:08
104.131.203.173	attackbots	104.131.203.173 - - [20/Apr/2020:05:59:13 +0200] "GET /wp-login.php HTTP/1.1" 200 6463 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - [20/Apr/2020:05:59:16 +0200] "POST /wp-login.php HTTP/1.1" 200 7362 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - [20/Apr/2020:05:59:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-20 12:50:22
104.131.203.173	attackspam	104.131.203.173 - - [11/Apr/2020:06:18:57 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - [11/Apr/2020:06:18:58 +0200] "POST /wp-login.php HTTP/1.1" 200 1811 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - [11/Apr/2020:06:18:58 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - [11/Apr/2020:06:18:58 +0200] "POST /wp-login.php HTTP/1.1" 200 1799 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - [11/Apr/2020:06:18:58 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - [11/Apr/2020:06:18:59 +0200] "POST /wp-login.php HTTP/1.1" 200 1798 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/ ...	2020-04-11 17:59:00
104.131.203.173	attack	CMS (WordPress or Joomla) login attempt.	2020-03-07 13:59:06
104.131.203.173	attack	Attempt to hack Wordpress Login, XMLRPC or other login	2020-02-18 16:23:24
104.131.203.173	attackbotsspam	104.131.203.173 - - \[13/Feb/2020:05:50:35 +0100\] "POST /wp-login.php HTTP/1.0" 200 6640 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - \[13/Feb/2020:05:50:37 +0100\] "POST /wp-login.php HTTP/1.0" 200 6618 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - \[13/Feb/2020:05:50:39 +0100\] "POST /wp-login.php HTTP/1.0" 200 6618 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2020-02-13 16:51:18
104.131.203.173	attackbotsspam	104.131.203.173 - - \[07/Dec/2019:16:08:27 +0100\] "POST /wp-login.php HTTP/1.0" 200 7524 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - \[07/Dec/2019:16:08:29 +0100\] "POST /wp-login.php HTTP/1.0" 200 7391 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 104.131.203.173 - - \[07/Dec/2019:16:08:31 +0100\] "POST /wp-login.php HTTP/1.0" 200 7387 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-12-07 23:25:22

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.131.20.141
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 38990
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.131.20.141.			IN	A

;; AUTHORITY SECTION:
.			186	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022032602 1800 900 604800 86400

;; Query time: 21 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Mar 27 08:43:35 CST 2022
;; MSG SIZE  rcvd: 107

Host info

Host 141.20.131.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 141.20.131.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
95.9.136.194	attackspambots	SMB Server BruteForce Attack	2019-09-23 02:29:05
165.22.16.90	attackspambots	2019-08-12 04:23:19,730 fail2ban.actions [791]: NOTICE [sshd] Ban 165.22.16.90 2019-08-12 07:31:28,488 fail2ban.actions [791]: NOTICE [sshd] Ban 165.22.16.90 2019-08-12 10:35:54,517 fail2ban.actions [791]: NOTICE [sshd] Ban 165.22.16.90 ...	2019-09-23 02:13:17
121.32.151.202	attackspam	Sep 22 14:41:19 MK-Soft-VM7 sshd[1254]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.32.151.202 Sep 22 14:41:21 MK-Soft-VM7 sshd[1254]: Failed password for invalid user somcuritiba from 121.32.151.202 port 43752 ssh2 ...	2019-09-23 02:08:49
102.159.148.249	attack	Sep 22 14:32:30 mxgate1 postfix/postscreen[30518]: CONNECT from [102.159.148.249]:33182 to [176.31.12.44]:25 Sep 22 14:32:30 mxgate1 postfix/dnsblog[30901]: addr 102.159.148.249 listed by domain zen.spamhaus.org as 127.0.0.11 Sep 22 14:32:30 mxgate1 postfix/dnsblog[30901]: addr 102.159.148.249 listed by domain zen.spamhaus.org as 127.0.0.4 Sep 22 14:32:30 mxgate1 postfix/dnsblog[30900]: addr 102.159.148.249 listed by domain cbl.abuseat.org as 127.0.0.2 Sep 22 14:32:36 mxgate1 postfix/postscreen[30518]: DNSBL rank 3 for [102.159.148.249]:33182 Sep x@x Sep 22 14:32:39 mxgate1 postfix/postscreen[30518]: HANGUP after 2.4 from [102.159.148.249]:33182 in tests after SMTP handshake Sep 22 14:32:39 mxgate1 postfix/postscreen[30518]: DISCONNECT [102.159.148.249]:33182 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=102.159.148.249	2019-09-23 01:59:18
51.91.249.91	attack	2019-08-06 04:58:56,533 fail2ban.actions [791]: NOTICE [sshd] Ban 51.91.249.91 2019-08-06 08:04:15,971 fail2ban.actions [791]: NOTICE [sshd] Ban 51.91.249.91 2019-08-06 11:11:05,098 fail2ban.actions [791]: NOTICE [sshd] Ban 51.91.249.91 ...	2019-09-23 01:51:52
185.36.81.236	attackspam	185.36.81.236 has been banned from MailServer for Abuse ...	2019-09-23 02:06:54
51.38.49.204	attackbots	2019-09-15 05:06:59,569 fail2ban.actions \[946\]: NOTICE \[sshd\] Ban 51.38.49.204 2019-09-15 07:37:10,624 fail2ban.actions \[946\]: NOTICE \[sshd\] Ban 51.38.49.204 2019-09-15 09:56:55,024 fail2ban.actions \[946\]: NOTICE \[sshd\] Ban 51.38.49.204 2019-09-15 12:25:09,650 fail2ban.actions \[946\]: NOTICE \[sshd\] Ban 51.38.49.204 2019-09-15 14:33:59,538 fail2ban.actions \[946\]: NOTICE \[sshd\] Ban 51.38.49.204 ...	2019-09-23 02:08:29
140.224.103.171	attackspambots	failed root login	2019-09-23 02:15:36
51.38.113.45	attack	2019-08-18 02:27:26,302 fail2ban.actions [878]: NOTICE [sshd] Ban 51.38.113.45 2019-08-18 05:34:06,536 fail2ban.actions [878]: NOTICE [sshd] Ban 51.38.113.45 2019-08-18 08:40:01,025 fail2ban.actions [878]: NOTICE [sshd] Ban 51.38.113.45 ...	2019-09-23 01:52:50
124.156.168.84	attackspam	Sep 22 07:45:23 lcdev sshd\[31953\]: Invalid user rebeca from 124.156.168.84 Sep 22 07:45:23 lcdev sshd\[31953\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.156.168.84 Sep 22 07:45:25 lcdev sshd\[31953\]: Failed password for invalid user rebeca from 124.156.168.84 port 47952 ssh2 Sep 22 07:49:48 lcdev sshd\[32338\]: Invalid user bridge from 124.156.168.84 Sep 22 07:49:48 lcdev sshd\[32338\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.156.168.84	2019-09-23 02:06:25
139.59.142.82	attackbotsspam	10 attempts against mh-misc-ban on heat.magehost.pro	2019-09-23 02:21:16
111.85.191.131	attack	Sep 22 14:45:40 mail1 sshd\[22252\]: Invalid user tester from 111.85.191.131 port 52402 Sep 22 14:45:40 mail1 sshd\[22252\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.85.191.131 Sep 22 14:45:43 mail1 sshd\[22252\]: Failed password for invalid user tester from 111.85.191.131 port 52402 ssh2 Sep 22 14:53:00 mail1 sshd\[25552\]: Invalid user comercial from 111.85.191.131 port 49336 Sep 22 14:53:00 mail1 sshd\[25552\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.85.191.131 ...	2019-09-23 02:02:41
129.204.46.170	attack	Sep 22 20:02:13 mail sshd\[4831\]: Invalid user oracle from 129.204.46.170 port 36740 Sep 22 20:02:13 mail sshd\[4831\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.46.170 Sep 22 20:02:15 mail sshd\[4831\]: Failed password for invalid user oracle from 129.204.46.170 port 36740 ssh2 Sep 22 20:08:22 mail sshd\[5518\]: Invalid user bl from 129.204.46.170 port 50430 Sep 22 20:08:22 mail sshd\[5518\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.46.170	2019-09-23 02:25:24
123.28.211.53	attackbots	Chat Spam	2019-09-23 02:27:35
62.219.3.57	attackbots	Reported by AbuseIPDB proxy server.	2019-09-23 02:29:33

Recently Reported IPs

104.131.2.250	104.131.204.80	104.131.219.173	104.131.22.111
104.131.223.252	104.131.228.82	104.131.233.13	104.131.25.199
104.131.29.179	104.131.31.105	104.131.34.131	104.131.34.167
104.131.42.68	104.131.46.32	104.131.49.175	104.131.5.212
104.131.53.141	104.131.55.224	104.131.63.24	104.131.66.12