166.111.7.104 - IPInfo

Basic Info

City: Beijing

Region: Beijing

Country: China

Internet Service Provider: IIINT

Hostname: unknown

Organization: China Education and Research Network Center

Usage Type: University/College/School

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Sep 4 13:29:34 web9 sshd\[22830\]: Invalid user inge from 166.111.7.104 Sep 4 13:29:34 web9 sshd\[22830\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Sep 4 13:29:36 web9 sshd\[22830\]: Failed password for invalid user inge from 166.111.7.104 port 44077 ssh2 Sep 4 13:34:46 web9 sshd\[23825\]: Invalid user frederika from 166.111.7.104 Sep 4 13:34:46 web9 sshd\[23825\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104	2019-09-05 07:43:22
attack	Aug 30 17:25:41 kapalua sshd\[10491\]: Invalid user cumulus from 166.111.7.104 Aug 30 17:25:41 kapalua sshd\[10491\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Aug 30 17:25:43 kapalua sshd\[10491\]: Failed password for invalid user cumulus from 166.111.7.104 port 49761 ssh2 Aug 30 17:30:49 kapalua sshd\[10891\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 user=root Aug 30 17:30:52 kapalua sshd\[10891\]: Failed password for root from 166.111.7.104 port 43968 ssh2	2019-08-31 11:42:09
attackspambots	2019-08-24T22:16:13.192444 sshd[5574]: Invalid user postgres from 166.111.7.104 port 46036 2019-08-24T22:16:13.207420 sshd[5574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 2019-08-24T22:16:13.192444 sshd[5574]: Invalid user postgres from 166.111.7.104 port 46036 2019-08-24T22:16:15.132782 sshd[5574]: Failed password for invalid user postgres from 166.111.7.104 port 46036 ssh2 2019-08-24T22:19:00.310008 sshd[5626]: Invalid user ds from 166.111.7.104 port 58931 ...	2019-08-25 04:27:04
attackspam	Invalid user snagg from 166.111.7.104 port 60107	2019-08-23 09:59:44
attackspam	Aug 18 05:04:01 v22019058497090703 sshd[10340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Aug 18 05:04:02 v22019058497090703 sshd[10340]: Failed password for invalid user palonso from 166.111.7.104 port 51042 ssh2 Aug 18 05:09:03 v22019058497090703 sshd[10773]: Failed password for root from 166.111.7.104 port 45885 ssh2 ...	2019-08-18 12:06:04
attackbots	Aug 14 04:19:38 areeb-Workstation sshd\[9481\]: Invalid user save from 166.111.7.104 Aug 14 04:19:38 areeb-Workstation sshd\[9481\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Aug 14 04:19:40 areeb-Workstation sshd\[9481\]: Failed password for invalid user save from 166.111.7.104 port 46135 ssh2 ...	2019-08-14 09:17:22
attackspambots	Aug 7 01:35:48 dev0-dcde-rnet sshd[29287]: Failed password for root from 166.111.7.104 port 57777 ssh2 Aug 7 01:38:23 dev0-dcde-rnet sshd[29290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Aug 7 01:38:25 dev0-dcde-rnet sshd[29290]: Failed password for invalid user admin from 166.111.7.104 port 42468 ssh2	2019-08-07 08:34:47
attackbots	Feb 23 21:14:16 vpn sshd[28264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Feb 23 21:14:18 vpn sshd[28264]: Failed password for invalid user www from 166.111.7.104 port 54828 ssh2 Feb 23 21:23:39 vpn sshd[28319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104	2019-07-19 10:20:29
attack	Jul 18 05:14:20 dedicated sshd[6570]: Invalid user me from 166.111.7.104 port 37078	2019-07-18 11:29:16
attack	Jul 18 01:16:36 dedicated sshd[17613]: Invalid user tony from 166.111.7.104 port 52481	2019-07-18 07:35:48
attackspam	Jul 15 08:09:00 localhost sshd\[9339\]: Invalid user unix from 166.111.7.104 port 50153 Jul 15 08:09:00 localhost sshd\[9339\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Jul 15 08:09:02 localhost sshd\[9339\]: Failed password for invalid user unix from 166.111.7.104 port 50153 ssh2	2019-07-15 14:22:50
attackbotsspam	Invalid user inactive from 166.111.7.104 port 38271 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Failed password for invalid user inactive from 166.111.7.104 port 38271 ssh2 Invalid user oracle from 166.111.7.104 port 58308 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104	2019-07-13 07:45:10
attackbots	'Fail2Ban'	2019-07-10 09:34:53

Comments on same subnet:

IP	Type	Details	Datetime
166.111.71.34	attackspam	2019-12-23T18:32:37.563548scmdmz1 sshd[31761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 user=lp 2019-12-23T18:32:39.960101scmdmz1 sshd[31761]: Failed password for lp from 166.111.71.34 port 48670 ssh2 2019-12-23T18:38:33.383804scmdmz1 sshd[32248]: Invalid user guest from 166.111.71.34 port 40626 2019-12-23T18:38:33.387645scmdmz1 sshd[32248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 2019-12-23T18:38:33.383804scmdmz1 sshd[32248]: Invalid user guest from 166.111.71.34 port 40626 2019-12-23T18:38:35.653460scmdmz1 sshd[32248]: Failed password for invalid user guest from 166.111.71.34 port 40626 ssh2 ...	2019-12-24 01:50:07
166.111.71.34	attack	Dec 23 08:33:09 server sshd\[15465\]: Invalid user sesso from 166.111.71.34 Dec 23 08:33:09 server sshd\[15465\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 Dec 23 08:33:11 server sshd\[15465\]: Failed password for invalid user sesso from 166.111.71.34 port 54992 ssh2 Dec 23 08:54:12 server sshd\[21071\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 user=root Dec 23 08:54:15 server sshd\[21071\]: Failed password for root from 166.111.71.34 port 36842 ssh2 ...	2019-12-23 13:54:31
166.111.71.34	attack	Dec 18 02:15:53 eventyay sshd[9266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 Dec 18 02:15:55 eventyay sshd[9266]: Failed password for invalid user !a@a#a$a from 166.111.71.34 port 39560 ssh2 Dec 18 02:23:53 eventyay sshd[9695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 ...	2019-12-18 09:40:39
166.111.71.34	attackspambots	$f2bV_matches	2019-12-13 23:19:06
166.111.71.34	attackbotsspam	Dec 9 04:09:04 liveconfig01 sshd[12867]: Invalid user wwwrun from 166.111.71.34 Dec 9 04:09:04 liveconfig01 sshd[12867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 Dec 9 04:09:06 liveconfig01 sshd[12867]: Failed password for invalid user wwwrun from 166.111.71.34 port 42658 ssh2 Dec 9 04:09:06 liveconfig01 sshd[12867]: Received disconnect from 166.111.71.34 port 42658:11: Bye Bye [preauth] Dec 9 04:09:06 liveconfig01 sshd[12867]: Disconnected from 166.111.71.34 port 42658 [preauth] Dec 9 04:24:12 liveconfig01 sshd[13863]: Invalid user yoyo from 166.111.71.34 Dec 9 04:24:12 liveconfig01 sshd[13863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 Dec 9 04:24:14 liveconfig01 sshd[13863]: Failed password for invalid user yoyo from 166.111.71.34 port 48158 ssh2 Dec 9 04:24:14 liveconfig01 sshd[13863]: Received disconnect from 166.111.71.34 port 48158:11:........ -------------------------------	2019-12-09 22:37:07
166.111.71.34	attack	Dec 7 14:35:53 Ubuntu-1404-trusty-64-minimal sshd\[22149\]: Invalid user master from 166.111.71.34 Dec 7 14:35:53 Ubuntu-1404-trusty-64-minimal sshd\[22149\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 Dec 7 14:35:55 Ubuntu-1404-trusty-64-minimal sshd\[22149\]: Failed password for invalid user master from 166.111.71.34 port 50854 ssh2 Dec 7 14:45:05 Ubuntu-1404-trusty-64-minimal sshd\[27120\]: Invalid user redemption from 166.111.71.34 Dec 7 14:45:05 Ubuntu-1404-trusty-64-minimal sshd\[27120\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34	2019-12-07 22:57:43

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 166.111.7.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31617
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;166.111.7.104.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019040401 1800 900 604800 86400

;; Query time: 71 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri Apr 05 02:40:41 +08 2019
;; MSG SIZE  rcvd: 117

Host info

Host 104.7.111.166.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 104.7.111.166.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
94.25.174.169	attackspam	Attempt to attack host OS, exploiting network vulnerabilities, on 10-02-2020 22:10:51.	2020-02-11 08:47:48
73.167.84.250	attackbots	Feb 10 23:10:50 MK-Soft-VM3 sshd[25666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=73.167.84.250 Feb 10 23:10:52 MK-Soft-VM3 sshd[25666]: Failed password for invalid user dpm from 73.167.84.250 port 51746 ssh2 ...	2020-02-11 08:47:00
177.73.119.253	attack	Honeypot attack, port: 81, PTR: PTR record not found	2020-02-11 08:55:08
176.215.252.1	attackbotsspam	Feb 10 23:10:51 debian-2gb-nbg1-2 kernel: \[3631885.652811\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=176.215.252.1 DST=195.201.40.59 LEN=40 TOS=0x10 PREC=0x60 TTL=246 ID=45673 PROTO=TCP SPT=58098 DPT=40079 WINDOW=1024 RES=0x00 SYN URGP=0	2020-02-11 08:47:17
107.175.36.171	attack	DATE:2020-02-10 23:11:33, IP:107.175.36.171, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2020-02-11 08:19:43
85.172.108.2	attackspam	Unauthorised access (Feb 11) SRC=85.172.108.2 LEN=48 PREC=0x20 TTL=113 ID=31729 TCP DPT=445 WINDOW=8192 SYN	2020-02-11 08:35:23
138.68.105.194	attackspam	Feb 11 00:12:07 cvbnet sshd[30442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.68.105.194 Feb 11 00:12:09 cvbnet sshd[30442]: Failed password for invalid user uob from 138.68.105.194 port 59478 ssh2 ...	2020-02-11 08:48:49
221.194.44.153	attackspambots	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: TCP cat: Potentially Bad Traffic	2020-02-11 08:48:28
149.202.45.205	attackbotsspam	Feb 11 01:10:32 dedicated sshd[17517]: Invalid user fc from 149.202.45.205 port 50214	2020-02-11 08:22:55
164.52.195.15	attackspambots	Feb 11 00:15:17 ws26vmsma01 sshd[176043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.52.195.15 Feb 11 00:15:18 ws26vmsma01 sshd[176043]: Failed password for invalid user sdk from 164.52.195.15 port 41110 ssh2 ...	2020-02-11 08:44:51
183.88.4.109	attack	Honeypot attack, port: 81, PTR: mx-ll-183.88.4-109.dynamic.3bb.co.th.	2020-02-11 08:41:44
145.239.94.191	attackspam	Feb 11 01:28:07 sd-53420 sshd\[10751\]: Invalid user gld from 145.239.94.191 Feb 11 01:28:07 sd-53420 sshd\[10751\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.94.191 Feb 11 01:28:10 sd-53420 sshd\[10751\]: Failed password for invalid user gld from 145.239.94.191 port 49984 ssh2 Feb 11 01:30:55 sd-53420 sshd\[11114\]: Invalid user qxm from 145.239.94.191 Feb 11 01:30:55 sd-53420 sshd\[11114\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.94.191 ...	2020-02-11 08:42:23
78.60.248.178	attackspambots	Honeypot attack, port: 81, PTR: 78-60-248-178.static.zebra.lt.	2020-02-11 08:46:12
180.183.249.157	attack	IDS	2020-02-11 08:45:17
112.30.133.241	attackbotsspam	Invalid user wov from 112.30.133.241 port 47763	2020-02-11 08:34:19

Recently Reported IPs

94.176.76.188	109.110.52.77	112.134.67.53	165.231.54.64
89.203.249.251	175.158.52.57	89.152.99.150	203.195.177.254
154.8.217.73	189.10.157.20	193.39.187.224	196.52.43.52
139.162.104.208	185.176.26.103	157.230.142.37	193.32.163.112
188.131.228.130	89.39.142.34	77.74.123.142	121.157.229.23