City: unknown
Region: unknown
Country: United States of America
Internet Service Provider: DigitalOcean LLC
Hostname: unknown
Organization: unknown
Usage Type: Data Center/Web Hosting/Transit
| Type | Details | Datetime |
|---|---|---|
| attackbotsspam | 104.131.22.18 - - [11/Sep/2020:08:16:40 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.22.18 - - [11/Sep/2020:08:16:41 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.22.18 - - [11/Sep/2020:08:16:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-09-12 02:55:40 |
| attackspam | 104.131.22.18 - - [11/Sep/2020:08:16:40 +0200] "GET /wp-login.php HTTP/1.1" 200 9061 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.22.18 - - [11/Sep/2020:08:16:41 +0200] "POST /wp-login.php HTTP/1.1" 200 9312 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 104.131.22.18 - - [11/Sep/2020:08:16:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-09-11 18:53:43 |
| attack | digital ocean sponsor and attack. YAY! Jail. 104.131.22.18 - - [11/Aug/2020:12:04:27 -0400] "GET /wp-login.php HTTP/1.1" 404 809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 0 0 "off:-:-" 197 1499 |
2020-08-12 03:17:00 |
| IP | Type | Details | Datetime |
|---|---|---|---|
| 104.131.221.38 | attackbots | DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed |
2020-04-19 20:30:57 |
| 104.131.221.118 | attack | DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed |
2020-04-17 22:45:52 |
| 104.131.221.197 | attackspam | DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed |
2020-04-17 21:18:48 |
| 104.131.222.45 | attack | DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed |
2020-04-13 19:11:03 |
| 104.131.221.38 | attackspam | DigitalOcean BotNet attack - 10s of requests to non- pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks UA removed |
2020-04-10 23:34:18 |
| 104.131.224.81 | attackspam | detected by Fail2Ban |
2020-04-05 18:52:23 |
| 104.131.224.81 | attack | Mar 31 01:06:53 ns381471 sshd[30702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.224.81 Mar 31 01:06:55 ns381471 sshd[30702]: Failed password for invalid user wo from 104.131.224.81 port 41894 ssh2 |
2020-03-31 07:36:23 |
| 104.131.224.81 | attack | Mar 30 01:01:26 vps647732 sshd[29167]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.224.81 Mar 30 01:01:28 vps647732 sshd[29167]: Failed password for invalid user hkcfpsmtp from 104.131.224.81 port 57981 ssh2 ... |
2020-03-30 07:23:36 |
| 104.131.221.236 | attackbots | DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0 |
2020-03-26 23:10:31 |
| 104.131.224.81 | attackspambots | SSH login attempts @ 2020-03-17 22:46:26 |
2020-03-22 03:34:20 |
| 104.131.221.208 | attack | DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0 |
2020-03-17 02:27:41 |
| 104.131.223.156 | attackspam | DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0 |
2020-03-12 01:48:30 |
| 104.131.224.81 | attackspambots | 20 attempts against mh-ssh on echoip |
2020-03-11 13:29:51 |
| 104.131.224.81 | attackspambots | 2020-03-07T18:26:02.890430ns386461 sshd\[3650\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.224.81 user=root 2020-03-07T18:26:05.198571ns386461 sshd\[3650\]: Failed password for root from 104.131.224.81 port 35616 ssh2 2020-03-07T18:42:47.110320ns386461 sshd\[19184\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.224.81 user=root 2020-03-07T18:42:49.054428ns386461 sshd\[19184\]: Failed password for root from 104.131.224.81 port 43718 ssh2 2020-03-07T18:47:57.576007ns386461 sshd\[23603\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.224.81 user=root ... |
2020-03-08 02:31:04 |
| 104.131.224.81 | attackbotsspam | 2020-03-06T23:55:54.063777shield sshd\[7420\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.224.81 user=root 2020-03-06T23:55:55.806357shield sshd\[7420\]: Failed password for root from 104.131.224.81 port 52285 ssh2 2020-03-07T00:00:26.874330shield sshd\[8252\]: Invalid user ts3server1 from 104.131.224.81 port 60605 2020-03-07T00:00:26.879527shield sshd\[8252\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.224.81 2020-03-07T00:00:28.961605shield sshd\[8252\]: Failed password for invalid user ts3server1 from 104.131.224.81 port 60605 ssh2 |
2020-03-07 09:59:28 |
b; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.131.22.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 19893
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;104.131.22.18. IN A
;; AUTHORITY SECTION:
. 434 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2020081101 1800 900 604800 86400
;; Query time: 28 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Aug 12 03:16:56 CST 2020
;; MSG SIZE rcvd: 11718.22.131.104.in-addr.arpa domain name pointer 58287-47322.cloudwaysapps.com.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
18.22.131.104.in-addr.arpa name = 58287-47322.cloudwaysapps.com.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 81.84.249.147 | attackspambots | Jun 24 14:40:27 srv-ubuntu-dev3 sshd[70260]: Invalid user xyj from 81.84.249.147 Jun 24 14:40:27 srv-ubuntu-dev3 sshd[70260]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.84.249.147 Jun 24 14:40:27 srv-ubuntu-dev3 sshd[70260]: Invalid user xyj from 81.84.249.147 Jun 24 14:40:29 srv-ubuntu-dev3 sshd[70260]: Failed password for invalid user xyj from 81.84.249.147 port 41144 ssh2 Jun 24 14:44:35 srv-ubuntu-dev3 sshd[70873]: Invalid user mongodb from 81.84.249.147 Jun 24 14:44:35 srv-ubuntu-dev3 sshd[70873]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=81.84.249.147 Jun 24 14:44:35 srv-ubuntu-dev3 sshd[70873]: Invalid user mongodb from 81.84.249.147 Jun 24 14:44:38 srv-ubuntu-dev3 sshd[70873]: Failed password for invalid user mongodb from 81.84.249.147 port 40738 ssh2 Jun 24 14:48:54 srv-ubuntu-dev3 sshd[71608]: Invalid user toor from 81.84.249.147 ... |
2020-06-25 00:17:46 |
| 37.104.139.216 | attackspam | Jun 24 13:41:02 mxgate1 postfix/postscreen[19011]: CONNECT from [37.104.139.216]:39011 to [176.31.12.44]:25 Jun 24 13:41:02 mxgate1 postfix/dnsblog[19013]: addr 37.104.139.216 listed by domain zen.spamhaus.org as 127.0.0.4 Jun 24 13:41:02 mxgate1 postfix/dnsblog[19013]: addr 37.104.139.216 listed by domain zen.spamhaus.org as 127.0.0.11 Jun 24 13:41:02 mxgate1 postfix/dnsblog[19016]: addr 37.104.139.216 listed by domain cbl.abuseat.org as 127.0.0.2 Jun 24 13:41:04 mxgate1 postfix/dnsblog[19014]: addr 37.104.139.216 listed by domain b.barracudacentral.org as 127.0.0.2 Jun 24 13:41:08 mxgate1 postfix/postscreen[19011]: DNSBL rank 4 for [37.104.139.216]:39011 Jun x@x Jun 24 13:41:09 mxgate1 postfix/postscreen[19011]: HANGUP after 0.45 from [37.104.139.216]:39011 in tests after SMTP handshake Jun 24 13:41:09 mxgate1 postfix/postscreen[19011]: DISCONNECT [37.104.139.216]:39011 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=37.104.139.216 |
2020-06-25 00:29:03 |
| 71.6.232.4 | attack | Unauthorized connection attempt detected from IP address 71.6.232.4 to port 80 |
2020-06-25 00:15:56 |
| 185.140.12.8 | attack | Jun 24 14:32:01 ns382633 sshd\[3084\]: Invalid user hca from 185.140.12.8 port 47452 Jun 24 14:32:01 ns382633 sshd\[3084\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.140.12.8 Jun 24 14:32:03 ns382633 sshd\[3084\]: Failed password for invalid user hca from 185.140.12.8 port 47452 ssh2 Jun 24 14:36:41 ns382633 sshd\[3976\]: Invalid user broadcast from 185.140.12.8 port 37814 Jun 24 14:36:41 ns382633 sshd\[3976\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.140.12.8 |
2020-06-24 23:52:58 |
| 102.44.141.46 | attackspam | 1593000357 - 06/24/2020 14:05:57 Host: 102.44.141.46/102.44.141.46 Port: 445 TCP Blocked |
2020-06-25 00:04:53 |
| 36.255.222.44 | attack | Jun 24 11:56:16 rush sshd[23186]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.222.44 Jun 24 11:56:18 rush sshd[23186]: Failed password for invalid user openbravo from 36.255.222.44 port 58246 ssh2 Jun 24 12:06:11 rush sshd[23461]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.255.222.44 ... |
2020-06-24 23:56:25 |
| 46.101.31.128 | attackbots | 46.101.31.128 - - [24/Jun/2020:14:05:43 +0200] "POST /xmlrpc.php HTTP/1.1" 403 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 46.101.31.128 - - [24/Jun/2020:14:05:43 +0200] "POST /xmlrpc.php HTTP/1.1" 403 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" ... |
2020-06-25 00:21:33 |
| 119.45.17.223 | attackspambots | Jun 24 14:05:56 vmd48417 sshd[32055]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.45.17.223 |
2020-06-25 00:05:26 |
| 159.89.155.124 | attackspambots | Jun 24 15:32:55 pkdns2 sshd\[57639\]: Invalid user teamspeak from 159.89.155.124Jun 24 15:32:57 pkdns2 sshd\[57639\]: Failed password for invalid user teamspeak from 159.89.155.124 port 41792 ssh2Jun 24 15:36:14 pkdns2 sshd\[57844\]: Invalid user osboxes from 159.89.155.124Jun 24 15:36:16 pkdns2 sshd\[57844\]: Failed password for invalid user osboxes from 159.89.155.124 port 41498 ssh2Jun 24 15:39:34 pkdns2 sshd\[57959\]: Invalid user byteme from 159.89.155.124Jun 24 15:39:36 pkdns2 sshd\[57959\]: Failed password for invalid user byteme from 159.89.155.124 port 41206 ssh2 ... |
2020-06-24 23:53:58 |
| 180.76.242.171 | attackspambots | Jun 24 16:17:30 minden010 sshd[24555]: Failed password for root from 180.76.242.171 port 37384 ssh2 Jun 24 16:22:16 minden010 sshd[26751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.76.242.171 Jun 24 16:22:17 minden010 sshd[26751]: Failed password for invalid user jupyter from 180.76.242.171 port 59836 ssh2 ... |
2020-06-25 00:27:47 |
| 222.186.42.137 | attackspambots | sshd jail - ssh hack attempt |
2020-06-25 00:25:16 |
| 85.107.106.208 | attack | Jun 24 15:06:00 www5 sshd\[47426\]: Invalid user pi from 85.107.106.208 Jun 24 15:06:00 www5 sshd\[47427\]: Invalid user pi from 85.107.106.208 Jun 24 15:06:00 www5 sshd\[47426\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.107.106.208 ... |
2020-06-24 23:59:07 |
| 45.252.248.16 | attackspam | 45.252.248.16 - - [24/Jun/2020:14:05:52 +0200] "POST /xmlrpc.php HTTP/2.0" 403 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 45.252.248.16 - - [24/Jun/2020:14:05:54 +0200] "POST /xmlrpc.php HTTP/2.0" 403 795 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" ... |
2020-06-25 00:08:23 |
| 188.226.167.212 | attackbotsspam | Jun 24 17:15:58 minden010 sshd[17535]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.226.167.212 Jun 24 17:16:00 minden010 sshd[17535]: Failed password for invalid user jonas from 188.226.167.212 port 38814 ssh2 Jun 24 17:21:37 minden010 sshd[19455]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.226.167.212 ... |
2020-06-25 00:07:40 |
| 34.73.237.110 | attack | 34.73.237.110 - - [24/Jun/2020:16:48:20 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 34.73.237.110 - - [24/Jun/2020:16:48:22 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 34.73.237.110 - - [24/Jun/2020:16:48:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-06-24 23:58:02 |