166.111.7.104 - IPInfo

Basic Info

City: Beijing

Region: Beijing

Country: China

Internet Service Provider: IIINT

Hostname: unknown

Organization: China Education and Research Network Center

Usage Type: University/College/School

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Sep 4 13:29:34 web9 sshd\[22830\]: Invalid user inge from 166.111.7.104 Sep 4 13:29:34 web9 sshd\[22830\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Sep 4 13:29:36 web9 sshd\[22830\]: Failed password for invalid user inge from 166.111.7.104 port 44077 ssh2 Sep 4 13:34:46 web9 sshd\[23825\]: Invalid user frederika from 166.111.7.104 Sep 4 13:34:46 web9 sshd\[23825\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104	2019-09-05 07:43:22
attack	Aug 30 17:25:41 kapalua sshd\[10491\]: Invalid user cumulus from 166.111.7.104 Aug 30 17:25:41 kapalua sshd\[10491\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Aug 30 17:25:43 kapalua sshd\[10491\]: Failed password for invalid user cumulus from 166.111.7.104 port 49761 ssh2 Aug 30 17:30:49 kapalua sshd\[10891\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 user=root Aug 30 17:30:52 kapalua sshd\[10891\]: Failed password for root from 166.111.7.104 port 43968 ssh2	2019-08-31 11:42:09
attackspambots	2019-08-24T22:16:13.192444 sshd[5574]: Invalid user postgres from 166.111.7.104 port 46036 2019-08-24T22:16:13.207420 sshd[5574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 2019-08-24T22:16:13.192444 sshd[5574]: Invalid user postgres from 166.111.7.104 port 46036 2019-08-24T22:16:15.132782 sshd[5574]: Failed password for invalid user postgres from 166.111.7.104 port 46036 ssh2 2019-08-24T22:19:00.310008 sshd[5626]: Invalid user ds from 166.111.7.104 port 58931 ...	2019-08-25 04:27:04
attackspam	Invalid user snagg from 166.111.7.104 port 60107	2019-08-23 09:59:44
attackspam	Aug 18 05:04:01 v22019058497090703 sshd[10340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Aug 18 05:04:02 v22019058497090703 sshd[10340]: Failed password for invalid user palonso from 166.111.7.104 port 51042 ssh2 Aug 18 05:09:03 v22019058497090703 sshd[10773]: Failed password for root from 166.111.7.104 port 45885 ssh2 ...	2019-08-18 12:06:04
attackbots	Aug 14 04:19:38 areeb-Workstation sshd\[9481\]: Invalid user save from 166.111.7.104 Aug 14 04:19:38 areeb-Workstation sshd\[9481\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Aug 14 04:19:40 areeb-Workstation sshd\[9481\]: Failed password for invalid user save from 166.111.7.104 port 46135 ssh2 ...	2019-08-14 09:17:22
attackspambots	Aug 7 01:35:48 dev0-dcde-rnet sshd[29287]: Failed password for root from 166.111.7.104 port 57777 ssh2 Aug 7 01:38:23 dev0-dcde-rnet sshd[29290]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Aug 7 01:38:25 dev0-dcde-rnet sshd[29290]: Failed password for invalid user admin from 166.111.7.104 port 42468 ssh2	2019-08-07 08:34:47
attackbots	Feb 23 21:14:16 vpn sshd[28264]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Feb 23 21:14:18 vpn sshd[28264]: Failed password for invalid user www from 166.111.7.104 port 54828 ssh2 Feb 23 21:23:39 vpn sshd[28319]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104	2019-07-19 10:20:29
attack	Jul 18 05:14:20 dedicated sshd[6570]: Invalid user me from 166.111.7.104 port 37078	2019-07-18 11:29:16
attack	Jul 18 01:16:36 dedicated sshd[17613]: Invalid user tony from 166.111.7.104 port 52481	2019-07-18 07:35:48
attackspam	Jul 15 08:09:00 localhost sshd\[9339\]: Invalid user unix from 166.111.7.104 port 50153 Jul 15 08:09:00 localhost sshd\[9339\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Jul 15 08:09:02 localhost sshd\[9339\]: Failed password for invalid user unix from 166.111.7.104 port 50153 ssh2	2019-07-15 14:22:50
attackbotsspam	Invalid user inactive from 166.111.7.104 port 38271 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104 Failed password for invalid user inactive from 166.111.7.104 port 38271 ssh2 Invalid user oracle from 166.111.7.104 port 58308 pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.7.104	2019-07-13 07:45:10
attackbots	'Fail2Ban'	2019-07-10 09:34:53

Comments on same subnet:

IP	Type	Details	Datetime
166.111.71.34	attackspam	2019-12-23T18:32:37.563548scmdmz1 sshd[31761]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 user=lp 2019-12-23T18:32:39.960101scmdmz1 sshd[31761]: Failed password for lp from 166.111.71.34 port 48670 ssh2 2019-12-23T18:38:33.383804scmdmz1 sshd[32248]: Invalid user guest from 166.111.71.34 port 40626 2019-12-23T18:38:33.387645scmdmz1 sshd[32248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 2019-12-23T18:38:33.383804scmdmz1 sshd[32248]: Invalid user guest from 166.111.71.34 port 40626 2019-12-23T18:38:35.653460scmdmz1 sshd[32248]: Failed password for invalid user guest from 166.111.71.34 port 40626 ssh2 ...	2019-12-24 01:50:07
166.111.71.34	attack	Dec 23 08:33:09 server sshd\[15465\]: Invalid user sesso from 166.111.71.34 Dec 23 08:33:09 server sshd\[15465\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 Dec 23 08:33:11 server sshd\[15465\]: Failed password for invalid user sesso from 166.111.71.34 port 54992 ssh2 Dec 23 08:54:12 server sshd\[21071\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 user=root Dec 23 08:54:15 server sshd\[21071\]: Failed password for root from 166.111.71.34 port 36842 ssh2 ...	2019-12-23 13:54:31
166.111.71.34	attack	Dec 18 02:15:53 eventyay sshd[9266]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 Dec 18 02:15:55 eventyay sshd[9266]: Failed password for invalid user !a@a#a$a from 166.111.71.34 port 39560 ssh2 Dec 18 02:23:53 eventyay sshd[9695]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 ...	2019-12-18 09:40:39
166.111.71.34	attackspambots	$f2bV_matches	2019-12-13 23:19:06
166.111.71.34	attackbotsspam	Dec 9 04:09:04 liveconfig01 sshd[12867]: Invalid user wwwrun from 166.111.71.34 Dec 9 04:09:04 liveconfig01 sshd[12867]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 Dec 9 04:09:06 liveconfig01 sshd[12867]: Failed password for invalid user wwwrun from 166.111.71.34 port 42658 ssh2 Dec 9 04:09:06 liveconfig01 sshd[12867]: Received disconnect from 166.111.71.34 port 42658:11: Bye Bye [preauth] Dec 9 04:09:06 liveconfig01 sshd[12867]: Disconnected from 166.111.71.34 port 42658 [preauth] Dec 9 04:24:12 liveconfig01 sshd[13863]: Invalid user yoyo from 166.111.71.34 Dec 9 04:24:12 liveconfig01 sshd[13863]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 Dec 9 04:24:14 liveconfig01 sshd[13863]: Failed password for invalid user yoyo from 166.111.71.34 port 48158 ssh2 Dec 9 04:24:14 liveconfig01 sshd[13863]: Received disconnect from 166.111.71.34 port 48158:11:........ -------------------------------	2019-12-09 22:37:07
166.111.71.34	attack	Dec 7 14:35:53 Ubuntu-1404-trusty-64-minimal sshd\[22149\]: Invalid user master from 166.111.71.34 Dec 7 14:35:53 Ubuntu-1404-trusty-64-minimal sshd\[22149\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34 Dec 7 14:35:55 Ubuntu-1404-trusty-64-minimal sshd\[22149\]: Failed password for invalid user master from 166.111.71.34 port 50854 ssh2 Dec 7 14:45:05 Ubuntu-1404-trusty-64-minimal sshd\[27120\]: Invalid user redemption from 166.111.71.34 Dec 7 14:45:05 Ubuntu-1404-trusty-64-minimal sshd\[27120\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.111.71.34	2019-12-07 22:57:43

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 166.111.7.104
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31617
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;166.111.7.104.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019040401 1800 900 604800 86400

;; Query time: 71 msec
;; SERVER: 67.207.67.3#53(67.207.67.3)
;; WHEN: Fri Apr 05 02:40:41 +08 2019
;; MSG SIZE  rcvd: 117

Host info

Host 104.7.111.166.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 104.7.111.166.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
101.228.82.239	attack	Automatic report - Banned IP Access	2019-09-29 03:32:45
13.67.91.234	attackbots	Sep 28 08:52:58 auw2 sshd\[19156\]: Invalid user mti from 13.67.91.234 Sep 28 08:52:58 auw2 sshd\[19156\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.67.91.234 Sep 28 08:53:00 auw2 sshd\[19156\]: Failed password for invalid user mti from 13.67.91.234 port 40302 ssh2 Sep 28 08:57:52 auw2 sshd\[19612\]: Invalid user cilene from 13.67.91.234 Sep 28 08:57:52 auw2 sshd\[19612\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.67.91.234	2019-09-29 03:07:34
52.163.221.85	attack	Automatic report - Banned IP Access	2019-09-29 03:10:45
51.254.248.18	attackspam	Sep 28 12:33:51 Tower sshd[25880]: Connection from 51.254.248.18 port 58330 on 192.168.10.220 port 22 Sep 28 12:33:52 Tower sshd[25880]: Invalid user tomcat from 51.254.248.18 port 58330 Sep 28 12:33:52 Tower sshd[25880]: error: Could not get shadow information for NOUSER Sep 28 12:33:52 Tower sshd[25880]: Failed password for invalid user tomcat from 51.254.248.18 port 58330 ssh2 Sep 28 12:33:52 Tower sshd[25880]: Received disconnect from 51.254.248.18 port 58330:11: Bye Bye [preauth] Sep 28 12:33:52 Tower sshd[25880]: Disconnected from invalid user tomcat 51.254.248.18 port 58330 [preauth]	2019-09-29 03:27:44
183.109.79.253	attackbotsspam	2019-09-09T04:09:52.176211suse-nuc sshd[11490]: Invalid user support from 183.109.79.253 port 62088 ...	2019-09-29 03:42:35
177.126.188.2	attackbots	Sep 28 20:44:36 jane sshd[31301]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.126.188.2 Sep 28 20:44:39 jane sshd[31301]: Failed password for invalid user ashton from 177.126.188.2 port 34678 ssh2 ...	2019-09-29 03:34:01
104.216.108.190	attackspam	Sep 28 04:03:50 zulu1842 sshd[3595]: Address 104.216.108.190 maps to unassigned.psychz.net, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Sep 28 04:03:50 zulu1842 sshd[3595]: Invalid user karim from 104.216.108.190 Sep 28 04:03:50 zulu1842 sshd[3595]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.216.108.190 Sep 28 04:03:52 zulu1842 sshd[3595]: Failed password for invalid user karim from 104.216.108.190 port 60860 ssh2 Sep 28 04:03:52 zulu1842 sshd[3595]: Received disconnect from 104.216.108.190: 11: Bye Bye [preauth] Sep 28 04:24:18 zulu1842 sshd[4850]: Address 104.216.108.190 maps to unassigned.psychz.net, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! Sep 28 04:24:18 zulu1842 sshd[4850]: Invalid user search from 104.216.108.190 Sep 28 04:24:18 zulu1842 sshd[4850]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.216.108.190 Sep 2........ -------------------------------	2019-09-29 03:08:44
159.65.109.148	attack	Sep 28 09:01:21 php1 sshd\[18489\]: Invalid user erika from 159.65.109.148 Sep 28 09:01:21 php1 sshd\[18489\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.109.148 Sep 28 09:01:23 php1 sshd\[18489\]: Failed password for invalid user erika from 159.65.109.148 port 42014 ssh2 Sep 28 09:05:29 php1 sshd\[18907\]: Invalid user aria from 159.65.109.148 Sep 28 09:05:29 php1 sshd\[18907\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.109.148	2019-09-29 03:40:46
171.245.93.7	attack	Sep 28 14:27:15 localhost sshd\[7381\]: Invalid user admin from 171.245.93.7 port 59829 Sep 28 14:27:15 localhost sshd\[7381\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.245.93.7 Sep 28 14:27:17 localhost sshd\[7381\]: Failed password for invalid user admin from 171.245.93.7 port 59829 ssh2	2019-09-29 03:43:01
84.254.28.47	attackspambots	Sep 28 03:02:15 aiointranet sshd\[16344\]: Invalid user jstwo from 84.254.28.47 Sep 28 03:02:15 aiointranet sshd\[16344\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.254.28.47 Sep 28 03:02:18 aiointranet sshd\[16344\]: Failed password for invalid user jstwo from 84.254.28.47 port 52320 ssh2 Sep 28 03:07:01 aiointranet sshd\[16701\]: Invalid user netdiag from 84.254.28.47 Sep 28 03:07:01 aiointranet sshd\[16701\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=84.254.28.47	2019-09-29 03:24:11
58.47.177.160	attack	ssh failed login	2019-09-29 03:13:06
5.101.217.84	attackspambots	B: Magento admin pass test (abusive)	2019-09-29 03:44:29
185.176.27.18	attack	09/28/2019-20:56:20.154506 185.176.27.18 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-09-29 03:16:24
60.10.70.230	attackbotsspam	(Sep 28) LEN=40 TTL=48 ID=53152 TCP DPT=8080 WINDOW=42482 SYN (Sep 28) LEN=40 TTL=48 ID=28713 TCP DPT=8080 WINDOW=47090 SYN (Sep 28) LEN=40 TTL=48 ID=20660 TCP DPT=8080 WINDOW=47090 SYN (Sep 28) LEN=40 TTL=48 ID=37383 TCP DPT=8080 WINDOW=42482 SYN (Sep 27) LEN=40 TTL=48 ID=16749 TCP DPT=8080 WINDOW=42482 SYN (Sep 27) LEN=40 TTL=48 ID=34846 TCP DPT=8080 WINDOW=42482 SYN (Sep 27) LEN=40 TTL=48 ID=42462 TCP DPT=8080 WINDOW=37066 SYN (Sep 27) LEN=40 TTL=48 ID=63551 TCP DPT=8080 WINDOW=42482 SYN (Sep 26) LEN=40 TTL=48 ID=20529 TCP DPT=8080 WINDOW=37066 SYN (Sep 26) LEN=40 TTL=48 ID=10156 TCP DPT=8080 WINDOW=37066 SYN (Sep 26) LEN=40 TTL=48 ID=28992 TCP DPT=8080 WINDOW=42482 SYN (Sep 26) LEN=40 TTL=48 ID=3105 TCP DPT=8080 WINDOW=37066 SYN (Sep 26) LEN=40 TTL=48 ID=51403 TCP DPT=8080 WINDOW=42482 SYN (Sep 25) LEN=40 TTL=48 ID=9396 TCP DPT=8080 WINDOW=37066 SYN (Sep 25) LEN=40 TTL=48 ID=10308 TCP DPT=8080 WINDOW=42482 SYN (Sep 25) LEN=40 TTL=48 ID...	2019-09-29 03:33:12
187.95.230.11	attackspambots	Unauthorised access (Sep 28) SRC=187.95.230.11 LEN=44 TTL=41 ID=263 TCP DPT=8080 WINDOW=21812 SYN Unauthorised access (Sep 28) SRC=187.95.230.11 LEN=44 TTL=41 ID=263 TCP DPT=8080 WINDOW=21812 SYN Unauthorised access (Sep 28) SRC=187.95.230.11 LEN=44 TTL=41 ID=263 TCP DPT=8080 WINDOW=21812 SYN Unauthorised access (Sep 28) SRC=187.95.230.11 LEN=44 TTL=41 ID=263 TCP DPT=8080 WINDOW=21812 SYN Unauthorised access (Sep 27) SRC=187.95.230.11 LEN=44 TTL=41 ID=263 TCP DPT=8080 WINDOW=21812 SYN	2019-09-29 03:09:43

Recently Reported IPs

94.176.76.188	109.110.52.77	112.134.67.53	165.231.54.64
89.203.249.251	175.158.52.57	89.152.99.150	203.195.177.254
154.8.217.73	189.10.157.20	193.39.187.224	196.52.43.52
139.162.104.208	185.176.26.103	157.230.142.37	193.32.163.112
188.131.228.130	89.39.142.34	77.74.123.142	121.157.229.23