This IP address has been reported a total of
19
times from
18 distinct
sources.
119.199.164.174 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
Anonymous
2026-07-01T05:33:59.532670+00:00 de-fra2-dns1 sshd[2583010]: Invalid user femdom from 119.199.164.17 ...
show more2026-07-01T05:33:59.532670+00:00 de-fra2-dns1 sshd[2583010]: Invalid user femdom from 119.199.164.174 port 36840
2026-07-01T05:36:13.064880+00:00 de-fra2-dns1 sshd[2583038]: Invalid user lac from 119.199.164.174 port 48190
2026-07-01T05:38:22.198098+00:00 de-fra2-dns1 sshd[2583066]: Invalid user dashboard from 119.199.164.174 port 59708
...
show less
2026-07-01T05:33:33.433793+00:00 edge-hur-fmt01.int.pdx.net.uk sshd[2762413]: Invalid user femdom fr ...
show more2026-07-01T05:33:33.433793+00:00 edge-hur-fmt01.int.pdx.net.uk sshd[2762413]: Invalid user femdom from 119.199.164.174 port 39358
2026-07-01T05:35:48.856237+00:00 edge-hur-fmt01.int.pdx.net.uk sshd[2762636]: Invalid user lac from 119.199.164.174 port 48058
2026-07-01T05:37:58.442390+00:00 edge-hur-fmt01.int.pdx.net.uk sshd[2762811]: Invalid user dashboard from 119.199.164.174 port 33836
...
show less
2026-06-30T18:30:36.903391-06:00 node1.us sshd-session[3502118]: Disconnected from authenticating us ...
show more2026-06-30T18:30:36.903391-06:00 node1.us sshd-session[3502118]: Disconnected from authenticating user root 119.199.164.174 port 45624 [preauth]
2026-06-30T18:32:49.666109-06:00 node1.us sshd-session[3502489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.199.164.174 user=root
2026-06-30T18:32:52.048890-06:00 node1.us sshd-session[3502489]: Failed password for root from 119.199.164.174 port 54130 ssh2
...
show less
SSH honeypot interaction detected. The source host initiated a connection to a monitored SSH endpoin ...
show moreSSH honeypot interaction detected. The source host initiated a connection to a monitored SSH endpoint, behavior consistent with automated SSH scanning or brute-force reconnaissance.
show less
Jun 29 10:46:57 xiaohack sshd[28856]: User root from 119.199.164.174 not allowed because not listed ...
show moreJun 29 10:46:57 xiaohack sshd[28856]: User root from 119.199.164.174 not allowed because not listed in AllowUsers
Jun 29 10:49:32 xiaohack sshd[28860]: User root from 119.199.164.174 not allowed because not listed in AllowUsers
Jun 29 10:51:37 xiaohack sshd[28865]: User root from 119.199.164.174 not allowed because not listed in AllowUsers
...
show less
119.199.164.174 (KR/South Korea/-), 5 distributed sshd attacks on account [root] in the last 3600 se ...
show more119.199.164.174 (KR/South Korea/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: Jun 29 03:42:09 14487 sshd[8976]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.199.164.174 user=root
Jun 29 03:42:11 14487 sshd[8976]: Failed password for root from 119.199.164.174 port 56680 ssh2
Jun 29 03:48:09 14487 sshd[12070]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.243.138.30 user=root
Jun 29 03:37:56 14487 sshd[6721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.58.198.35 user=root
Jun 29 03:37:59 14487 sshd[6721]: Failed password for root from 123.58.198.35 port 39010 ssh2
IP Addresses Blocked:
show less
2026-06-29T10:25:13.828048+02:00 ieyasu.moretrix.com sshd-session[943551]: User root from 119.199.16 ...
show more2026-06-29T10:25:13.828048+02:00 ieyasu.moretrix.com sshd-session[943551]: User root from 119.199.164.174 not allowed because none of user's groups are listed in AllowGroups
2026-06-29T10:27:17.366046+02:00 ieyasu.moretrix.com sshd-session[943574]: Connection from 119.199.164.174 port 51670 on 176.9.64.17 port 22 rdomain ""
2026-06-29T10:27:18.877455+02:00 ieyasu.moretrix.com sshd-session[943574]: Invalid user debian from 119.199.164.174 port 51670
...
show less
SSH Brute force: 1 attempts were recorded from 119.199.164.174
2026-06-29T09:08:32+02:00 User root f ...
show moreSSH Brute force: 1 attempts were recorded from 119.199.164.174
2026-06-29T09:08:32+02:00 User root from 119.199.164.174 not allowed because not listed in AllowUsers
show less
119.199.164.174 (KR/South Korea/-), 5 distributed sshd attacks on account [root] in the last 3600 se ...
show more119.199.164.174 (KR/South Korea/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: Jun 29 02:18:21 15533 sshd[12967]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.176.123.196 user=root
Jun 29 02:07:29 15533 sshd[7144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.199.164.174 user=root
Jun 29 02:07:31 15533 sshd[7144]: Failed password for root from 119.199.164.174 port 43462 ssh2
Jun 29 02:16:28 15533 sshd[11944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.99.4.252 user=root
Jun 29 02:16:30 15533 sshd[11944]: Failed password for root from 167.99.4.252 port 58698 ssh2
IP Addresses Blocked:
121.176.123.196 (KR/South Korea/-)
show less
2026-06-29T06:48:01.952224+00:00 TimberTrailCarving sshd[2765767]: Invalid user user1 from 119.199.1 ...
show more2026-06-29T06:48:01.952224+00:00 TimberTrailCarving sshd[2765767]: Invalid user user1 from 119.199.164.174 port 38614
2026-06-29T06:50:12.761331+00:00 TimberTrailCarving sshd[2766705]: Invalid user es from 119.199.164.174 port 37694
2026-06-29T06:54:53.782271+00:00 TimberTrailCarving sshd[2768545]: Invalid user oracle from 119.199.164.174 port 42254
...
show less
Multiple SSH login attempts from 119.199.164.174 targeting user(s): root,user1 | Server Managed by F ...
show moreMultiple SSH login attempts from 119.199.164.174 targeting user(s): root,user1 | Server Managed by Focusnic
show less
Brute-Force
SSH
Showing 1 to
15
of 19 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ