218.104.96.139

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Wuhan City

Hostname: unknown

Organization: unknown

Usage Type: Commercial

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Brute force attempt	2020-07-02 03:04:02
attack	(sshd) Failed SSH login from 218.104.96.139 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Mar 8 05:46:16 amsweb01 sshd[1373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.104.96.139 user=root Mar 8 05:46:19 amsweb01 sshd[1373]: Failed password for root from 218.104.96.139 port 40406 ssh2 Mar 8 05:56:34 amsweb01 sshd[2371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.104.96.139 user=root Mar 8 05:56:36 amsweb01 sshd[2371]: Failed password for root from 218.104.96.139 port 28192 ssh2 Mar 8 05:57:20 amsweb01 sshd[2435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.104.96.139 user=root	2020-03-08 14:35:34

Type

Details

Datetime

attack

Brute force attempt

2020-07-02 03:04:02

attack

(sshd) Failed SSH login from 218.104.96.139 (CN/China/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Mar  8 05:46:16 amsweb01 sshd[1373]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.104.96.139  user=root
Mar  8 05:46:19 amsweb01 sshd[1373]: Failed password for root from 218.104.96.139 port 40406 ssh2
Mar  8 05:56:34 amsweb01 sshd[2371]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.104.96.139  user=root
Mar  8 05:56:36 amsweb01 sshd[2371]: Failed password for root from 218.104.96.139 port 28192 ssh2
Mar  8 05:57:20 amsweb01 sshd[2435]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.104.96.139  user=root

2020-03-08 14:35:34

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 218.104.96.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44804
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;218.104.96.139.			IN	A

;; AUTHORITY SECTION:
.			593	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030800 1800 900 604800 86400

;; Query time: 107 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Mar 08 14:35:28 CST 2020
;; MSG SIZE  rcvd: 118

Host info

Host 139.96.104.218.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 139.96.104.218.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
12.7.47.244	attack	Nov 20 15:36:38 xeon cyrus/imap[52746]: badlogin: [12.7.47.244] plain [SASL(-13): authentication failure: Password verification failed]	2019-11-21 03:48:57
159.203.201.139	attackbots	22153/tcp 27019/tcp 30511/tcp... [2019-09-20/11-20]41pkt,37pt.(tcp)	2019-11-21 04:04:28
211.144.154.70	attack	1433/tcp 1433/tcp 1433/tcp... [2019-10-31/11-20]5pkt,1pt.(tcp)	2019-11-21 04:07:28
210.16.100.132	attack	" "	2019-11-21 04:07:05
190.64.135.122	attackspam	Nov 20 17:28:50 server sshd\[6850\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.135.122 user=root Nov 20 17:28:52 server sshd\[6850\]: Failed password for root from 190.64.135.122 port 36440 ssh2 Nov 20 17:54:41 server sshd\[12897\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.135.122 user=root Nov 20 17:54:44 server sshd\[12897\]: Failed password for root from 190.64.135.122 port 36570 ssh2 Nov 20 17:59:19 server sshd\[14045\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.64.135.122 user=apache ...	2019-11-21 03:58:30
159.203.74.227	attackbots	Nov 20 15:30:08 ns382633 sshd\[8716\]: Invalid user tauntianna from 159.203.74.227 port 32856 Nov 20 15:30:08 ns382633 sshd\[8716\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.74.227 Nov 20 15:30:10 ns382633 sshd\[8716\]: Failed password for invalid user tauntianna from 159.203.74.227 port 32856 ssh2 Nov 20 15:39:26 ns382633 sshd\[10365\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.203.74.227 user=root Nov 20 15:39:28 ns382633 sshd\[10365\]: Failed password for root from 159.203.74.227 port 42478 ssh2	2019-11-21 04:08:32
89.248.160.193	attack	11/20/2019-14:21:51.915618 89.248.160.193 Protocol: 6 ET SCAN NMAP -sS window 1024	2019-11-21 03:44:43
67.213.75.130	attack	Nov 20 20:20:11 serwer sshd\[1866\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.213.75.130 user=root Nov 20 20:20:13 serwer sshd\[1866\]: Failed password for root from 67.213.75.130 port 37057 ssh2 Nov 20 20:28:03 serwer sshd\[2563\]: Invalid user ching from 67.213.75.130 port 48357 Nov 20 20:28:03 serwer sshd\[2563\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.213.75.130 ...	2019-11-21 03:59:22
43.231.185.29	attackbotsspam	1433/tcp 1433/tcp 1433/tcp... [2019-10-12/11-20]6pkt,1pt.(tcp)	2019-11-21 04:10:26
185.175.93.18	attack	11/20/2019-14:29:55.129887 185.175.93.18 Protocol: 6 ET DROP Dshield Block Listed Source group 1	2019-11-21 04:04:48
185.13.33.108	attackbotsspam	B: Magento admin pass test (wrong country)	2019-11-21 03:37:19
177.1.214.207	attack	Nov 20 15:34:19 OPSO sshd\[30260\]: Invalid user usuario from 177.1.214.207 port 44304 Nov 20 15:34:19 OPSO sshd\[30260\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.1.214.207 Nov 20 15:34:21 OPSO sshd\[30260\]: Failed password for invalid user usuario from 177.1.214.207 port 44304 ssh2 Nov 20 15:39:25 OPSO sshd\[31011\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.1.214.207 user=named Nov 20 15:39:27 OPSO sshd\[31011\]: Failed password for named from 177.1.214.207 port 16570 ssh2	2019-11-21 04:09:45
77.55.212.168	attackbots	Repeated brute force against a port	2019-11-21 03:52:53
106.75.103.35	attackbots	Nov 20 06:22:47 php1 sshd\[15821\]: Invalid user boon from 106.75.103.35 Nov 20 06:22:47 php1 sshd\[15821\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.103.35 Nov 20 06:22:49 php1 sshd\[15821\]: Failed password for invalid user boon from 106.75.103.35 port 38076 ssh2 Nov 20 06:27:10 php1 sshd\[16427\]: Invalid user bitrix from 106.75.103.35 Nov 20 06:27:10 php1 sshd\[16427\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.75.103.35	2019-11-21 03:45:04
188.166.42.50	attackspam	Nov 20 20:17:58 relay postfix/smtpd\[9865\]: warning: unknown\[188.166.42.50\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 20 20:19:13 relay postfix/smtpd\[8360\]: warning: unknown\[188.166.42.50\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 20 20:19:45 relay postfix/smtpd\[10996\]: warning: unknown\[188.166.42.50\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 20 20:24:14 relay postfix/smtpd\[16477\]: warning: unknown\[188.166.42.50\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 20 20:33:31 relay postfix/smtpd\[10996\]: warning: unknown\[188.166.42.50\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-11-21 04:04:01

Recently Reported IPs

171.196.121.234	103.98.63.112	99.70.185.251	215.4.226.191
169.55.110.247	141.194.94.120	103.84.69.218	3.231.87.11
236.41.88.74	80.187.117.233	212.72.247.28	70.58.193.177
205.88.197.146	82.64.60.90	147.41.33.154	198.249.210.227
110.193.197.99	146.109.85.193	146.131.42.214	65.91.132.217