139.199.166.104

Basic Info

City: Beijing

Region: Beijing

Country: China

Internet Service Provider: Tencent Cloud Computing (Beijing) Co. Ltd.

Hostname: unknown

Organization: Shenzhen Tencent Computer Systems Company Limited

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Oct 20 17:00:44 xtremcommunity sshd\[718718\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 user=root Oct 20 17:00:46 xtremcommunity sshd\[718718\]: Failed password for root from 139.199.166.104 port 54408 ssh2 Oct 20 17:04:59 xtremcommunity sshd\[718804\]: Invalid user 8ikm from 139.199.166.104 port 36792 Oct 20 17:04:59 xtremcommunity sshd\[718804\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Oct 20 17:05:00 xtremcommunity sshd\[718804\]: Failed password for invalid user 8ikm from 139.199.166.104 port 36792 ssh2 ...	2019-10-21 05:19:43
attackspambots	Oct 18 17:04:12 MK-Soft-VM5 sshd[3808]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Oct 18 17:04:14 MK-Soft-VM5 sshd[3808]: Failed password for invalid user julie from 139.199.166.104 port 38872 ssh2 ...	2019-10-18 23:05:33
attackbotsspam	Oct 18 07:56:59 dev0-dcde-rnet sshd[20823]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Oct 18 07:57:01 dev0-dcde-rnet sshd[20823]: Failed password for invalid user password@123456789 from 139.199.166.104 port 40108 ssh2 Oct 18 08:02:12 dev0-dcde-rnet sshd[20837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104	2019-10-18 14:04:25
attackspam	Oct 11 11:22:39 lnxmail61 sshd[22603]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104	2019-10-11 17:43:32
attackbots	Oct 11 01:15:52 fr01 sshd[9000]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 user=root Oct 11 01:15:54 fr01 sshd[9000]: Failed password for root from 139.199.166.104 port 59954 ssh2 Oct 11 01:19:43 fr01 sshd[9639]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 user=root Oct 11 01:19:45 fr01 sshd[9639]: Failed password for root from 139.199.166.104 port 37688 ssh2 ...	2019-10-11 07:21:27
attackbots	Invalid user bandit from 139.199.166.104 port 60458	2019-09-29 19:49:23
attackspambots	Sep 26 06:24:46 eventyay sshd[841]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Sep 26 06:24:48 eventyay sshd[841]: Failed password for invalid user minecraft from 139.199.166.104 port 33294 ssh2 Sep 26 06:30:04 eventyay sshd[1010]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 ...	2019-09-26 12:30:49
attackspam	Aug 21 19:36:43 ubuntu-2gb-nbg1-dc3-1 sshd[28296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Aug 21 19:36:45 ubuntu-2gb-nbg1-dc3-1 sshd[28296]: Failed password for invalid user umesh from 139.199.166.104 port 33138 ssh2 ...	2019-08-22 05:23:02
attackbotsspam	Aug 17 19:18:58 vps200512 sshd\[6871\]: Invalid user user123 from 139.199.166.104 Aug 17 19:18:58 vps200512 sshd\[6871\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Aug 17 19:19:01 vps200512 sshd\[6871\]: Failed password for invalid user user123 from 139.199.166.104 port 36308 ssh2 Aug 17 19:23:40 vps200512 sshd\[7010\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 user=root Aug 17 19:23:42 vps200512 sshd\[7010\]: Failed password for root from 139.199.166.104 port 52366 ssh2	2019-08-18 10:03:28

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 139.199.166.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50869
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;139.199.166.104.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019033000 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Sat Mar 30 16:31:47 +08 2019
;; MSG SIZE  rcvd: 119

Host info

Host 104.166.199.139.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 104.166.199.139.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
178.128.114.248	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-07-28 23:48:18
134.209.237.152	attackbotsspam	2019-07-28T14:50:56.613207abusebot-7.cloudsearch.cf sshd\[16570\]: Invalid user woqunimabi from 134.209.237.152 port 44940	2019-07-28 22:58:18
168.232.129.174	attackbots	Jul 28 06:29:10 roadrisk sshd[8380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.232.129.174 user=r.r Jul 28 06:29:12 roadrisk sshd[8380]: Failed password for r.r from 168.232.129.174 port 41293 ssh2 Jul 28 06:29:15 roadrisk sshd[8380]: Failed password for r.r from 168.232.129.174 port 41293 ssh2 Jul 28 06:29:17 roadrisk sshd[8380]: Failed password for r.r from 168.232.129.174 port 41293 ssh2 Jul 28 06:29:19 roadrisk sshd[8380]: Failed password for r.r from 168.232.129.174 port 41293 ssh2 Jul 28 06:29:21 roadrisk sshd[8380]: Failed password for r.r from 168.232.129.174 port 41293 ssh2 Jul 28 06:29:24 roadrisk sshd[8380]: Failed password for r.r from 168.232.129.174 port 41293 ssh2 Jul 28 06:29:24 roadrisk sshd[8380]: Disconnecting: Too many authentication failures for r.r from 168.232.129.174 port 41293 ssh2 [preauth] Jul 28 06:29:24 roadrisk sshd[8380]: PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ru........ -------------------------------	2019-07-28 23:59:20
176.225.29.159	attackspambots	Wordpress Admin Login attack	2019-07-28 23:10:47
122.195.200.36	attackbotsspam	2019-07-28T15:52:51.558430abusebot-6.cloudsearch.cf sshd\[2479\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.195.200.36 user=root	2019-07-28 23:53:50
103.28.22.138	attackbotsspam	Wordpress Admin Login attack	2019-07-29 00:10:06
112.118.236.96	attackbotsspam	112.118.236.96 - - [28/Jul/2019:14:21:48 +0200] "GET /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.118.236.96 - - [28/Jul/2019:14:21:53 +0200] "POST /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.118.236.96 - - [28/Jul/2019:14:21:53 +0200] "GET /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.118.236.96 - - [28/Jul/2019:14:22:04 +0200] "POST /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.118.236.96 - - [28/Jul/2019:14:22:13 +0200] "GET /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 112.118.236.96 - - [28/Jul/2019:14:22:24 +0200] "GET /wp-login.php HTTP/1.1" 200 4403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-07-28 23:45:09
144.217.14.14	attackbotsspam	144.217.14.14 - - [28/Jul/2019:14:07:57 +0200] "POST /wp-login.php HTTP/1.1" 200 1396 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.14.14 - - [28/Jul/2019:14:07:58 +0200] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.14.14 - - [28/Jul/2019:14:07:58 +0200] "POST /wp-login.php HTTP/1.1" 200 1609 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.14.14 - - [28/Jul/2019:14:07:58 +0200] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.14.14 - - [28/Jul/2019:14:07:59 +0200] "POST /wp-login.php HTTP/1.1" 200 1608 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 144.217.14.14 - - [28/Jul/2019:14:07:59 +0200] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-07-28 22:55:53
34.76.210.152	attackspam	19/7/28@11:07:48: FAIL: Alarm-Intrusion address from=34.76.210.152 ...	2019-07-29 00:05:45
191.53.223.217	attack	Brute force attempt	2019-07-28 23:03:44
23.129.64.208	attack	GET posting.php	2019-07-28 23:38:43
12.132.247.86	attackspam	Automatic report - Port Scan Attack	2019-07-28 23:44:01
79.195.112.55	attackbotsspam	2019-07-28T11:25:57.113315abusebot-5.cloudsearch.cf sshd\[27678\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=p4fc37037.dip0.t-ipconnect.de user=root	2019-07-28 23:18:57
177.209.137.158	attackspambots	Automatic report - Port Scan Attack	2019-07-28 23:26:03
121.15.11.13	attackspam	Lines containing failures of 121.15.11.13 (max 1000) Jul 28 03:10:26 localhost sshd[3427]: User r.r from 121.15.11.13 not allowed because listed in DenyUsers Jul 28 03:10:26 localhost sshd[3427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.15.11.13 user=r.r Jul 28 03:10:29 localhost sshd[3427]: Failed password for invalid user r.r from 121.15.11.13 port 45337 ssh2 Jul 28 03:10:30 localhost sshd[3427]: Received disconnect from 121.15.11.13 port 45337:11: Bye Bye [preauth] Jul 28 03:10:30 localhost sshd[3427]: Disconnected from invalid user r.r 121.15.11.13 port 45337 [preauth] Jul 28 03:30:12 localhost sshd[5929]: User r.r from 121.15.11.13 not allowed because listed in DenyUsers Jul 28 03:30:12 localhost sshd[5929]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.15.11.13 user=r.r Jul 28 03:30:15 localhost sshd[5929]: Failed password for invalid user r.r from 121.15.11.13 port 3........ ------------------------------	2019-07-28 23:21:25

Recently Reported IPs

187.7.231.60	120.92.122.133	139.59.56.121	156.197.37.249
36.229.189.103	202.155.149.162	71.6.167.142	23.229.29.237
213.32.69.98	177.67.48.198	121.49.99.9	99.149.251.77
186.116.196.212	180.64.71.114	109.255.228.154	107.170.202.91
174.22.165.106	114.35.191.170	64.76.49.68	152.249.226.38