104.131.216.136

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed	2020-04-17 20:36:08

Comments on same subnet:

IP	Type	Details	Datetime
104.131.216.62	attackspam	DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed	2020-04-20 01:53:27
104.131.216.33	attackbots	DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed	2020-03-30 01:38:07
104.131.216.35	attackbots	DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed	2020-03-29 23:47:17
104.131.216.36	attackspambots	DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0	2020-03-10 04:33:40
104.131.216.55	attack	DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0	2020-03-09 05:17:03
104.131.216.170	attackbotsspam	Fail2Ban Ban Triggered	2020-01-08 13:52:20
104.131.216.33	attackspam	DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0	2019-12-27 01:17:50

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.131.216.136
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61361
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.131.216.136.		IN	A

;; AUTHORITY SECTION:
.			527	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020041701 1800 900 604800 86400

;; Query time: 128 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Apr 17 20:36:05 CST 2020
;; MSG SIZE  rcvd: 119

Host info

Host 136.216.131.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 136.216.131.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
178.32.120.141	attackspambots	Dec 29 07:23:34 grey postfix/smtpd\[1445\]: NOQUEUE: reject: RCPT from ip141.ip-178-32-120.eu\[178.32.120.141\]: 554 5.7.1 Service unavailable\; Client host \[178.32.120.141\] blocked using bl.spamcop.net\; Blocked - see https://www.spamcop.net/bl.shtml\?178.32.120.141\; from=\ to=\ proto=ESMTP helo=\ ...	2019-12-29 22:51:54
61.19.27.253	attack	Dec 29 13:47:51 sxvn sshd[1981902]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.19.27.253	2019-12-29 22:35:59
68.183.86.76	attackspambots	Fail2Ban Ban Triggered	2019-12-29 23:02:26
111.64.235.28	attackbotsspam	Dec 29 15:47:54 srv-ubuntu-dev3 sshd[31629]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.64.235.28 user=root Dec 29 15:47:55 srv-ubuntu-dev3 sshd[31629]: Failed password for root from 111.64.235.28 port 47497 ssh2 Dec 29 15:50:20 srv-ubuntu-dev3 sshd[31808]: Invalid user skyeyes from 111.64.235.28 Dec 29 15:50:20 srv-ubuntu-dev3 sshd[31808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.64.235.28 Dec 29 15:50:20 srv-ubuntu-dev3 sshd[31808]: Invalid user skyeyes from 111.64.235.28 Dec 29 15:50:22 srv-ubuntu-dev3 sshd[31808]: Failed password for invalid user skyeyes from 111.64.235.28 port 57603 ssh2 Dec 29 15:52:46 srv-ubuntu-dev3 sshd[32034]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.64.235.28 user=www-data Dec 29 15:52:47 srv-ubuntu-dev3 sshd[32034]: Failed password for www-data from 111.64.235.28 port 39556 ssh2 Dec 29 15:55:07 srv-ubuntu-d ...	2019-12-29 23:03:00
182.61.57.226	attack	Automatic report - Banned IP Access	2019-12-29 22:34:08
175.5.22.189	attack	Scanning	2019-12-29 22:49:11
165.227.26.69	attack	Dec 29 15:55:07 lnxweb61 sshd[16289]: Failed password for root from 165.227.26.69 port 57364 ssh2 Dec 29 15:55:07 lnxweb61 sshd[16289]: Failed password for root from 165.227.26.69 port 57364 ssh2	2019-12-29 23:03:56
178.46.212.1	attackbots	Dec 29 15:54:53 mc1 kernel: \[1790082.644465\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=178.46.212.1 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=56748 PROTO=TCP SPT=1792 DPT=23 WINDOW=58170 RES=0x00 SYN URGP=0 Dec 29 15:54:53 mc1 kernel: \[1790082.658194\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=178.46.212.1 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=56748 PROTO=TCP SPT=1792 DPT=23 WINDOW=58170 RES=0x00 SYN URGP=0 Dec 29 15:54:53 mc1 kernel: \[1790082.669067\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:11:a9:7b:d2:74:7f:6e:37:e3:08:00 SRC=178.46.212.1 DST=159.69.205.51 LEN=40 TOS=0x00 PREC=0x00 TTL=52 ID=56748 PROTO=TCP SPT=1792 DPT=23 WINDOW=58170 RES=0x00 SYN URGP=0 ...	2019-12-29 23:13:38
67.207.88.180	attackbotsspam	$f2bV_matches	2019-12-29 22:57:05
46.101.139.105	attackbotsspam	Fail2Ban Ban Triggered	2019-12-29 22:49:30
106.54.114.248	attack	Dec 29 15:54:53 vmanager6029 sshd\[5790\]: Invalid user 26 from 106.54.114.248 port 51956 Dec 29 15:54:53 vmanager6029 sshd\[5790\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.54.114.248 Dec 29 15:54:55 vmanager6029 sshd\[5790\]: Failed password for invalid user 26 from 106.54.114.248 port 51956 ssh2	2019-12-29 23:13:02
167.62.124.82	attackspam	Automatic report - Port Scan Attack	2019-12-29 22:38:55
217.112.142.140	attackbots	RBL listed IP. Trying to send Spam.	2019-12-29 22:31:58
121.69.93.226	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-12-29 23:09:48
159.203.201.39	attack	12/29/2019-07:24:03.385117 159.203.201.39 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-12-29 22:29:08

Recently Reported IPs

173.82.212.72	200.98.175.43	86.99.4.38	185.174.103.25
178.62.41.40	198.54.124.124	182.61.105.189	159.89.114.202
250.126.61.94	95.69.0.189	204.77.11.130	188.191.4.158
95.14.152.120	106.12.69.68	47.112.60.136	117.1.93.251
104.131.221.197	139.223.210.1	125.139.129.201	61.51.183.48