104.131.4.220 - IPInfo

Basic Info

City: Clifton

Region: New Jersey

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
104.131.45.150	attackbotsspam	SSH Brute-Force Attack	2020-10-10 06:06:26
104.131.45.150	attackspam	Oct 9 12:08:42 santamaria sshd\[16538\]: Invalid user user1 from 104.131.45.150 Oct 9 12:08:42 santamaria sshd\[16538\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.45.150 Oct 9 12:08:44 santamaria sshd\[16538\]: Failed password for invalid user user1 from 104.131.45.150 port 57974 ssh2 ...	2020-10-09 22:13:31
104.131.45.150	attack	$f2bV_matches	2020-10-09 14:03:29
104.131.45.150	attackbots	2020-10-04 13:27:23.806264-0500 localhost sshd[92460]: Failed password for root from 104.131.45.150 port 34974 ssh2	2020-10-05 04:06:22
104.131.45.150	attack	(sshd) Failed SSH login from 104.131.45.150 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Oct 4 02:01:54 optimus sshd[12276]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.45.150 user=root Oct 4 02:01:56 optimus sshd[12276]: Failed password for root from 104.131.45.150 port 39428 ssh2 Oct 4 02:14:27 optimus sshd[29613]: Invalid user student7 from 104.131.45.150 Oct 4 02:14:27 optimus sshd[29613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.45.150 Oct 4 02:14:29 optimus sshd[29613]: Failed password for invalid user student7 from 104.131.45.150 port 57512 ssh2	2020-10-04 19:56:44
104.131.42.61	attack	Invalid user kfk from 104.131.42.61 port 39612	2020-09-29 06:03:56
104.131.42.61	attack	Sep 28 11:05:12 fhem-rasp sshd[1994]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.42.61 Sep 28 11:05:15 fhem-rasp sshd[1994]: Failed password for invalid user alessandro from 104.131.42.61 port 48486 ssh2 ...	2020-09-28 22:29:55
104.131.42.61	attack	Sep 28 08:03:50 vmd26974 sshd[13173]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.42.61 Sep 28 08:03:52 vmd26974 sshd[13173]: Failed password for invalid user ubuntu from 104.131.42.61 port 48854 ssh2 ...	2020-09-28 14:34:42
104.131.48.26	attack	Sep 25 23:00:01 journals sshd\[39491\]: Invalid user phion from 104.131.48.26 Sep 25 23:00:01 journals sshd\[39491\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.48.26 Sep 25 23:00:03 journals sshd\[39491\]: Failed password for invalid user phion from 104.131.48.26 port 39942 ssh2 Sep 25 23:05:51 journals sshd\[40106\]: Invalid user freeswitch from 104.131.48.26 Sep 25 23:05:51 journals sshd\[40106\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.48.26 ...	2020-09-26 05:02:13
104.131.48.26	attack	Sep 25 13:48:46 IngegnereFirenze sshd[22567]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.48.26 user=root ...	2020-09-25 21:55:56
104.131.48.26	attackbotsspam	Ssh brute force	2020-09-25 13:33:58
104.131.48.67	attack	SSH brute force	2020-09-20 22:22:25
104.131.48.67	attack	SSH brute force	2020-09-20 14:13:58
104.131.48.67	attackbots	Sep 19 22:47:20 xeon sshd[43792]: Failed password for root from 104.131.48.67 port 33574 ssh2	2020-09-20 06:13:58
104.131.45.150	attack	Sep 12 17:21:00 prox sshd[28018]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.131.45.150 Sep 12 17:21:03 prox sshd[28018]: Failed password for invalid user chloe from 104.131.45.150 port 45598 ssh2	2020-09-13 00:04:48

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 104.131.4.220
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47346
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;104.131.4.220.			IN	A

;; AUTHORITY SECTION:
.			171	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022052200 1800 900 604800 86400

;; Query time: 17 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun May 22 22:28:01 CST 2022
;; MSG SIZE  rcvd: 106

Host info

Host 220.4.131.104.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 220.4.131.104.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
113.172.233.196	attackspambots	113.172.233.196 - - [30/Jun/2020:03:54:10 +0000] "GET / HTTP/1.1" 400 166 "-" "-"	2020-06-30 14:39:21
103.137.184.127	attackspam	Jun 30 13:06:52 webhost01 sshd[18933]: Failed password for root from 103.137.184.127 port 49122 ssh2 ...	2020-06-30 14:13:31
37.49.224.224	attackspam	22/tcp [2020-06-30]1pkt	2020-06-30 14:02:41
37.49.224.39	attackbotsspam	Jun 30 05:53:48 OPSO sshd\[29066\]: Invalid user postgres from 37.49.224.39 port 38426 Jun 30 05:53:48 OPSO sshd\[29066\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.49.224.39 Jun 30 05:53:50 OPSO sshd\[29066\]: Failed password for invalid user postgres from 37.49.224.39 port 38426 ssh2 Jun 30 05:54:31 OPSO sshd\[29217\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.49.224.39 user=root Jun 30 05:54:34 OPSO sshd\[29217\]: Failed password for root from 37.49.224.39 port 35560 ssh2	2020-06-30 14:19:04
49.234.27.90	attack	$f2bV_matches	2020-06-30 14:34:52
92.43.170.131	attackspam	[Tue Jun 30 10:54:45.746079 2020] [:error] [pid 3299:tid 139691177268992] [client 92.43.170.131:57592] [client 92.43.170.131] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "Xvq3hZyhCVLOeMdk4nA9CAAAAcQ"] ...	2020-06-30 14:11:29
178.33.229.120	attackbotsspam	$f2bV_matches	2020-06-30 14:33:33
188.254.0.124	attack	2020-06-30T07:56:24.542921sd-86998 sshd[46308]: Invalid user admin from 188.254.0.124 port 45664 2020-06-30T07:56:24.550186sd-86998 sshd[46308]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.254.0.124 2020-06-30T07:56:24.542921sd-86998 sshd[46308]: Invalid user admin from 188.254.0.124 port 45664 2020-06-30T07:56:26.460910sd-86998 sshd[46308]: Failed password for invalid user admin from 188.254.0.124 port 45664 ssh2 2020-06-30T08:00:56.127584sd-86998 sshd[46868]: Invalid user vr from 188.254.0.124 port 46000 ...	2020-06-30 14:31:27
46.38.150.72	attackspam	Jun 30 08:11:10 relay postfix/smtpd\[21935\]: warning: unknown\[46.38.150.72\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 30 08:12:54 relay postfix/smtpd\[30689\]: warning: unknown\[46.38.150.72\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 30 08:13:08 relay postfix/smtpd\[21937\]: warning: unknown\[46.38.150.72\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 30 08:13:55 relay postfix/smtpd\[27374\]: warning: unknown\[46.38.150.72\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jun 30 08:14:06 relay postfix/smtpd\[13561\]: warning: unknown\[46.38.150.72\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-06-30 14:25:55
134.175.16.32	attackspam	2020-06-30T06:54:50.281088vps773228.ovh.net sshd[5168]: Failed password for invalid user ubuntu from 134.175.16.32 port 57642 ssh2 2020-06-30T06:56:03.566187vps773228.ovh.net sshd[5182]: Invalid user prueba from 134.175.16.32 port 42732 2020-06-30T06:56:03.581734vps773228.ovh.net sshd[5182]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.175.16.32 2020-06-30T06:56:03.566187vps773228.ovh.net sshd[5182]: Invalid user prueba from 134.175.16.32 port 42732 2020-06-30T06:56:05.390891vps773228.ovh.net sshd[5182]: Failed password for invalid user prueba from 134.175.16.32 port 42732 ssh2 ...	2020-06-30 14:43:48
60.250.244.210	attackspambots	Jun 30 07:55:12 pornomens sshd\[3359\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.250.244.210 user=root Jun 30 07:55:14 pornomens sshd\[3359\]: Failed password for root from 60.250.244.210 port 54946 ssh2 Jun 30 07:58:32 pornomens sshd\[3394\]: Invalid user svt from 60.250.244.210 port 50332 Jun 30 07:58:32 pornomens sshd\[3394\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.250.244.210 ...	2020-06-30 14:10:53
92.43.170.11	attack	[Tue Jun 30 10:54:47.002031 2020] [:error] [pid 3647:tid 139691177268992] [client 92.43.170.11:58982] [client 92.43.170.11] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/favicon.ico"] [unique_id "Xvq3hp5-VmYWBSWxGQF6ZwAAAfE"], referer: http://103.27.207.197/ ...	2020-06-30 14:09:25
222.186.42.137	attackspam	Jun 29 19:47:31 eddieflores sshd\[5130\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.137 user=root Jun 29 19:47:34 eddieflores sshd\[5130\]: Failed password for root from 222.186.42.137 port 21708 ssh2 Jun 29 19:47:36 eddieflores sshd\[5130\]: Failed password for root from 222.186.42.137 port 21708 ssh2 Jun 29 19:47:38 eddieflores sshd\[5130\]: Failed password for root from 222.186.42.137 port 21708 ssh2 Jun 29 19:47:40 eddieflores sshd\[5136\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.42.137 user=root	2020-06-30 14:01:48
121.166.187.187	attackspambots	Jun 30 07:43:50 piServer sshd[5977]: Failed password for root from 121.166.187.187 port 54282 ssh2 Jun 30 07:47:21 piServer sshd[6246]: Failed password for root from 121.166.187.187 port 52874 ssh2 ...	2020-06-30 14:16:43
104.41.209.131	attackspam	Jun 30 05:05:37 marvibiene sshd[37728]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.41.209.131 user=root Jun 30 05:05:39 marvibiene sshd[37728]: Failed password for root from 104.41.209.131 port 60104 ssh2 Jun 30 06:40:42 marvibiene sshd[38810]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.41.209.131 user=root Jun 30 06:40:44 marvibiene sshd[38810]: Failed password for root from 104.41.209.131 port 7227 ssh2 ...	2020-06-30 14:41:11

Recently Reported IPs

104.131.39.153	104.131.40.209	104.131.41.89	104.131.45.207
104.131.46.37	104.131.48.149	104.131.53.127	104.131.56.83
104.131.59.46	104.131.67.221	104.131.67.4	104.131.67.83
104.131.7.119	104.131.72.142	62.58.173.103	104.131.73.215
104.131.74.223	104.131.76.235	104.131.77.115	104.131.77.52