Go
139.199.166.104
is a
Hacker
100 %
China
Report Abuse
1016attacks reported
549Brute-ForceSSH
387Brute-Force
38SSH
11HackingBrute-ForceSSH
8Port ScanHackingBrute-ForceWeb App AttackSSH
7uncategorized
6Port ScanBrute-ForceSSH
4Hacking
2DDoS Attack
2DDoS AttackSSH
...
1organizations reported
1uncategorized
from 142 distinct reporters
and 8 distinct sources : BadIPs.com, Blocklist.de, darklist.de, FireHOL, Charles Haley, NoThink.org, NormShield.com, AbuseIPDB
139.199.166.104 was first signaled at 2019-01-02 00:43 and last record was at 2019-07-08 11:50.
IP

139.199.166.104

Organization
Asia Pacific Network Information Centre
Localisation
China
Beijing, Beijing
NetRange : First & Last IP
139.199.0.0 - 139.199.255.255
Network CIDR
139.199.0.0/16

Cybercrime IP Feeds

Date UTC Category Sub Categories Source List Source Logs
2019-04-06 17:47 attacks Brute-ForceSSH AbuseIPDB Apr 7 04:47:36 ubuntu-2gb-nbg1-dc3-1 sshd[20437]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.
2019-04-06 17:27 attacks Brute-ForceSSH AbuseIPDB $f2bV_matches
2019-04-06 14:30 attacks Brute-ForceSSH AbuseIPDB Apr 7 01:30:23 cvbmail sshd\[7608\]: Invalid user shah from 139.199.166.104 Apr 7 01:30:23 cvbmail sshd\[7608\]: pam_unix\(sshd:auth\): authentication
2019-04-06 12:19 attacks Brute-ForceSSH AbuseIPDB Apr 6 23:12:14 s64-1 sshd[4544]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Apr 6 23:12:1
2019-04-06 12:14 attacks Brute-ForceSSH AbuseIPDB Apr 6 14:14:02 cac1d2 sshd\[24087\]: Invalid user rpms from 139.199.166.104 port 52572 Apr 6 14:14:02 cac1d2 sshd\[24087\]: pam_unix\(sshd:auth\): aut
2019-04-06 12:13 attacks Brute-ForceSSH AbuseIPDB  
2019-04-06 05:41 attacks Brute-ForceSSH AbuseIPDB  
2019-04-06 03:33 attacks Brute-ForceSSH AbuseIPDB Apr 6 14:33:35 srv206 sshd[11869]: Invalid user tokend from 139.199.166.104 Apr 6 14:33:35 srv206 sshd[11869]: pam_unix(sshd:auth): authentication fai
2019-04-06 02:29 attacks SSH AbuseIPDB 2019-04-06T18:29:49.645833enmeeting.mahidol.ac.th sshd\[9183\]: Invalid user tomcat from 139.199.166.104 port 58414 2019-04-06T18:29:49.659554enmeetin
2019-04-05 20:45 attacks Brute-ForceSSH AbuseIPDB Apr 6 08:45:30 server01 sshd\[13295\]: Invalid user css from 139.199.166.104 Apr 6 08:45:30 server01 sshd\[13295\]: pam_unix\(sshd:auth\): authenticat
2019-04-05 19:19 attacks Brute-ForceSSH AbuseIPDB Apr 6 04:19:20 localhost sshd\[45137\]: Invalid user virus from 139.199.166.104 port 53606 Apr 6 04:19:20 localhost sshd\[45137\]: pam_unix\(sshd:auth
2019-04-05 17:31 attacks Brute-Force AbuseIPDB Apr 6 02:31:41 unicornsoft sshd\[17102\]: Invalid user virus from 139.199.166.104 Apr 6 02:31:41 unicornsoft sshd\[17102\]: pam_unix\(sshd:auth\): aut
2019-04-05 17:19 attacks Brute-ForceSSH AbuseIPDB Apr 5 22:19:16 TORMINT sshd\[22263\]: Invalid user testuser from 139.199.166.104 Apr 5 22:19:16 TORMINT sshd\[22263\]: pam_unix\(sshd:auth\): authenti
2019-04-05 16:20 attacks Brute-ForceSSH AbuseIPDB Apr 6 03:20:43 PowerEdge sshd\[21844\]: Invalid user mapred from 139.199.166.104 Apr 6 03:20:43 PowerEdge sshd\[21844\]: pam_unix\(sshd:auth\): authen
2019-04-05 16:18 attacks Brute-ForceSSH AbuseIPDB 2019-04-05 UTC: 2x - <failed preauth>(2x)
2019-04-05 13:41 attacks Brute-ForceSSH AbuseIPDB Apr 6 00:41:21 ubuntu-2gb-nbg1-dc3-1 sshd[29067]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.
2019-04-05 11:37 attacks Brute-ForceSSH AbuseIPDB Apr 5 22:37:45 [host] sshd[24409]: Invalid user darioopen from 139.199.166.104 Apr 5 22:37:45 [host] sshd[24409]: pam_unix(sshd:auth): authentication
2019-04-05 09:08 attacks Brute-ForceSSH AbuseIPDB Apr 5 14:08:21 123flo sshd[21392]: Invalid user odoo from 139.199.166.104 Apr 5 14:08:21 123flo sshd[21392]: pam_unix(sshd:auth): authentication failu
2019-04-05 03:16 attacks Brute-ForceSSH AbuseIPDB Apr 5 12:14:46 *** sshd[22785]: Invalid user office from 139.199.166.104
2019-04-04 21:16 attacks Brute-Force AbuseIPDB Apr 5 06:16:32 localhost sshd\[31143\]: Invalid user michael from 139.199.166.104 port 50222 Apr 5 06:16:32 localhost sshd\[31143\]: pam_unix\(sshd:au
2019-04-04 20:07 attacks Brute-ForceSSH AbuseIPDB  
2019-04-04 19:05 attacks Brute-ForceSSH AbuseIPDB Apr 5 04:05:06 **** sshd[7875]: Invalid user zabbix from 139.199.166.104 port 60286
2019-04-04 16:36 attacks Brute-ForceSSH AbuseIPDB Apr 5 01:35:58 **** sshd[6938]: Invalid user csgo from 139.199.166.104 port 36866
2019-04-04 14:22 attacks Brute-ForceSSH AbuseIPDB Apr 5 01:21:59 nextcloud sshd\[25492\]: Invalid user postgres from 139.199.166.104 Apr 5 01:21:59 nextcloud sshd\[25492\]: pam_unix\(sshd:auth\): auth
2019-04-04 12:40 attacks Brute-ForceSSH AbuseIPDB Apr 4 23:40:31 mail sshd[26973]: Invalid user chris from 139.199.166.104
2019-04-04 11:45 attacks Brute-ForceSSH AbuseIPDB Apr 4 22:45:48 MK-Soft-Root2 sshd\[27541\]: Invalid user deploy from 139.199.166.104 port 41088 Apr 4 22:45:48 MK-Soft-Root2 sshd\[27541\]: pam_unix\(
2019-04-04 11:00 attacks Brute-ForceSSH AbuseIPDB Apr 4 21:59:03 * sshd[32613]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Apr 4 21:59:06 *
2019-04-04 10:05 attacks Brute-ForceSSH AbuseIPDB Apr 4 22:05:37 srv-4 sshd\[16815\]: Invalid user office from 139.199.166.104 Apr 4 22:05:37 srv-4 sshd\[16815\]: pam_unix\(sshd:auth\): authentication
2019-04-04 10:03 attacks Brute-ForceSSH AbuseIPDB Apr 4 21:03:43 vpn01 sshd\[17187\]: Invalid user office from 139.199.166.104 Apr 4 21:03:43 vpn01 sshd\[17187\]: pam_unix\(sshd:auth\): authentication
2019-04-04 07:56 attacks Brute-ForceSSH AbuseIPDB SSH-Bruteforce
2019-04-04 06:19 attacks Brute-ForceSSH AbuseIPDB Attempted SSH login
2019-04-04 02:06 attacks Brute-ForceSSH AbuseIPDB 2019-04-04T13:06:22.039419scmdmz1 sshd\[11044\]: Invalid user linux from 139.199.166.104 port 49380 2019-04-04T13:06:22.041925scmdmz1 sshd\[11044\]: p
2019-04-04 01:17 attacks Brute-ForceSSH AbuseIPDB ssh failed login
2019-04-03 22:02 attacks Brute-ForceSSH AbuseIPDB Apr 4 07:02:51 localhost sshd\[53531\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 use
2019-04-03 21:54 attacks Brute-Force AbuseIPDB Apr 4 08:54:07 s0 sshd\[1693\]: Invalid user redhat from 139.199.166.104 port 36726 Apr 4 08:54:07 s0 sshd\[1693\]: pam_unix\(sshd:auth\): authenticat
2019-04-03 18:18 attacks Brute-ForceSSH AbuseIPDB Apr 4 05:18:40 MK-Soft-Root1 sshd\[30706\]: Invalid user info from 139.199.166.104 port 47896 Apr 4 05:18:40 MK-Soft-Root1 sshd\[30706\]: pam_unix\(ss
2019-04-03 18:17 attacks Brute-ForceSSH AbuseIPDB Distributed SSH attack
2019-04-03 16:48 attacks Brute-ForceSSH AbuseIPDB 2019-04-04T03:47:59.897474stark.klein-stark.info sshd\[30308\]: Invalid user default from 139.199.166.104 port 53326 2019-04-04T03:47:59.902862stark.k
2019-04-03 10:05 attacks Brute-Force AbuseIPDB Apr 3 19:05:17 work-partkepr sshd\[23165\]: Invalid user dbadmin from 139.199.166.104 port 58188 Apr 3 19:05:17 work-partkepr sshd\[23165\]: pam_unix\
2019-04-03 09:22 attacks Brute-ForceSSH AbuseIPDB Apr 3 19:15:21 marquez sshd[9296]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Apr 3 19:15
2019-04-03 04:35 attacks Brute-ForceSSH AbuseIPDB Apr 3 15:35:07 ubuntu-2gb-nbg1-dc3-1 sshd[2797]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.1
2019-04-03 04:02 attacks Brute-ForceSSH AbuseIPDB SSH bruteforce (Triggered fail2ban)
2019-04-03 01:40 attacks Port ScanHackingBrute-ForceWeb App Attack AbuseIPDB 2019-04-03T12:33:07.052256lon01.zurich-datacenter.net sshd\[21057\]: Invalid user carrie from 139.199.166.104 port 36052 2019-04-03T12:33:07.056474lon
2019-04-03 00:48 attacks Brute-ForceSSH AbuseIPDB Apr 3 11:48:25 nextcloud sshd\[29703\]: Invalid user test from 139.199.166.104 Apr 3 11:48:25 nextcloud sshd\[29703\]: pam_unix\(sshd:auth\): authenti
2019-04-02 23:33 attacks Brute-ForceSSH AbuseIPDB Apr 3 10:33:37 ncomp sshd[4681]: Invalid user asoto from 139.199.166.104 Apr 3 10:33:37 ncomp sshd[4681]: pam_unix(sshd:auth): authentication failure;
2019-04-02 22:43 attacks Brute-ForceSSH AbuseIPDB Apr 3 09:43:14 nextcloud sshd\[22121\]: Invalid user bot from 139.199.166.104 Apr 3 09:43:14 nextcloud sshd\[22121\]: pam_unix\(sshd:auth\): authentic
2019-04-02 18:07 attacks Brute-ForceSSH AbuseIPDB Apr 3 05:07:47 ArkNodeAT sshd\[8614\]: Invalid user xz from 139.199.166.104 Apr 3 05:07:47 ArkNodeAT sshd\[8614\]: pam_unix\(sshd:auth\): authenticati
2019-04-02 17:47 attacks Brute-ForceSSH AbuseIPDB Apr 3 04:47:20 MK-Soft-Root2 sshd\[1215\]: Invalid user amy from 139.199.166.104 port 51538 Apr 3 04:47:20 MK-Soft-Root2 sshd\[1215\]: pam_unix\(sshd:
2019-04-02 14:54 attacks Brute-ForceSSH AbuseIPDB [ssh] SSH Attack
2019-04-02 13:35 attacks Brute-ForceSSH AbuseIPDB SSH-BruteForce
2019-01-02 00:43 attacks Brute-ForceSSH AbuseIPDB Jan 2 11:42:53 MK-Soft-Root2 sshd\[22445\]: Invalid user Epin from 139.199.166.104 port 39682 Jan 2 11:42:53 MK-Soft-Root2 sshd\[22445\]: pam_unix\(ss
2019-01-02 01:33 attacks Brute-ForceSSH AbuseIPDB Jan 2 12:33:00 icinga sshd[32367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Jan 2 12:33
2019-01-02 01:34 attacks Brute-ForceSSH AbuseIPDB Jan 2 12:34:38 sv1 sshd\[28040\]: Invalid user teamspeak3 from 139.199.166.104 port 59754 Jan 2 12:34:38 sv1 sshd\[28040\]: pam_unix\(sshd:auth\): aut
2019-01-02 07:47 attacks Brute-ForceSSH AbuseIPDB  
2019-01-02 08:20 attacks Brute-ForceSSH AbuseIPDB Jan 2 19:20:53 vps65 sshd\[31793\]: Invalid user kiwiirc from 139.199.166.104 port 36724 Jan 2 19:20:53 vps65 sshd\[31793\]: pam_unix\(sshd:auth\): au
2019-01-02 09:28 attacks Brute-ForceSSH AbuseIPDB Jan 2 19:28:13 localhost sshd\[26391\]: Invalid user teacher1 from 139.199.166.104 port 47182 Jan 2 19:28:13 localhost sshd\[26391\]: pam_unix\(sshd:a
2019-01-02 10:28 attacks Brute-ForceSSH AbuseIPDB Jan 2 18:47:08 raspberrypi sshd\[15480\]: Invalid user mark from 139.199.166.104Jan 2 18:47:10 raspberrypi sshd\[15480\]: Failed password for invalid
2019-01-02 12:31 attacks Brute-ForceSSH AbuseIPDB Jan 3 05:31:38 webhost01 sshd[27686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Jan 3 05
2019-01-02 12:52 attacks Brute-ForceSSH AbuseIPDB Jan 2 23:52:22 bouncer sshd\[22605\]: Invalid user ia from 139.199.166.104 port 46950 Jan 2 23:52:22 bouncer sshd\[22605\]: pam_unix\(sshd:auth\): aut
2019-01-02 16:15 attacks Brute-ForceSSH AbuseIPDB Jan 3 03:14:55 icinga sshd[772]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.199.166.104 Jan 3 03:14:5
2019-03-29 18:18 attacks bi_any_0_1d BadIPs.com  
2019-03-29 18:19 attacks Bad Web Bot bi_badbots_0_1d BadIPs.com  
2019-03-29 18:19 attacks Brute-Force bi_bruteforce_0_1d BadIPs.com  
2019-03-29 18:20 attacks SSH bi_sshd_0_1d BadIPs.com  
2019-03-29 18:20 attacks SSH bi_ssh_0_1d BadIPs.com  
2019-03-29 18:21 attacks blocklist_de Blocklist.de  
2019-03-29 18:21 attacks SSH blocklist_de_ssh Blocklist.de  
2019-03-29 18:23 attacks darklist_de darklist.de  
2019-03-29 18:27 attacks firehol_level2 FireHOL  
2019-03-29 18:28 attacks firehol_level4 FireHOL  
2019-03-29 18:34 attacks SSH haley_ssh Charles Haley  
2019-06-03 23:00 attacks SSH nt_ssh_7d NoThink.org  
2019-07-01 18:29 attacks bi_default_0_1d BadIPs.com  
2019-07-01 18:30 attacks bi_unknown_0_1d BadIPs.com  
2019-07-08 11:50 attacks Brute-Force normshield_all_bruteforce NormShield.com  
2019-07-08 11:50 attacks Brute-Force normshield_high_bruteforce NormShield.com  
2019-03-29 18:23 organizations datacenters  
only last 50 and first 10 AbuseIPDB logs are shown

Threats Categories :

abuse
IPs used to spam forum, boards, blogs or smtp servers, automated web scripts or scrappers (bad bots)
anonymizer
Onion Router IP addresses. TOR network IPs, TOR exit points, socks or ssl proxy.
attacks
bruteforce ssh/ftp/system account, IPs that have been detected by fail2ban, ports scan, vulnerabilities scan, DDoS.
malware
Addresses that have been identified distributing malware, form-grabber and stealer, Viruses, Worms, Trojans, Ransomware, Adware, Spyware

Whois

whois.apnic.net.



inetnum: 139.199.0.0 - 139.199.255.255
netname: TencentCloud
descr: Tencent cloud computing (Beijing) Co., Ltd.
descr: Floor 6, Yinke Building,38 Haidian St,
descr: Haidian District Beijing
admin-c: JT1125-AP
tech-c: JX1747-AP
country: CN
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNNIC-AP
mnt-irt: IRT-CNNIC-CN
status: ALLOCATED PORTABLE
last-modified: 2015-01-29T06:14:02Z
source: APNIC

irt: IRT-CNNIC-CN
address: Beijing, China
e-mail: ipas@cnnic.cn
abuse-mailbox: ipas@cnnic.cn
admin-c: IP50-AP
tech-c: IP50-AP
auth: # Filtered
remarks: Please note that CNNIC is not an ISP and is not
remarks: empowered to investigate complaints of network abuse.
remarks: Please contact the tech-c or admin-c of the network.
mnt-by: MAINT-CNNIC-AP
last-modified: 2017-11-01T08:57:39Z
source: APNIC

person: James Tian
address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern
address: District of Hi-tech Park, Shenzhen
country: CN
phone: +86-755-86013388-84952
e-mail: harveyduan@tencent.com
nic-hdl: JT1125-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2016-10-31T07:10:47Z
source: APNIC

person: Jimmy Xiao
address: 9F, FIYTA Building, Gaoxinnanyi Road,Southern
address: District of Hi-tech Park, Shenzhen
country: CN
phone: +86-755-86013388-80224
e-mail: harveyduan@tencent.com
nic-hdl: JX1747-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2016-11-04T05:51:38Z
source: APNIC

route: 139.199.0.0/16
descr: TencentCloud
descr: Tencent cloud computing (Beijing) Co., Ltd.
country: CN
origin: AS45090
notify: jimmyxiao@tencent.com
mnt-by: MAINT-CNNIC-AP
last-modified: 2016-01-21T09:24:01Z
source: APNIC
most specific ip range is highlighted
Updated : 2019-07-04