220.166.42.139 is a Hacker from China (Chengdu)

IP informations Cybercrime IP Feeds Raw whois

220.166.42.139

is a

Hacker

100 %

China

Report Abuse

155attacks reported

126Brute-ForceSSH

11SSH

5Brute-Force

4uncategorized

2FTP Brute-ForceHackingBrute-ForceSSH

2Port ScanBrute-ForceSSH

2FTP Brute-ForceHacking

1HackingSSH

1DDoS AttackPort ScanBrute-ForceWeb App AttackSSH

1Bad Web Bot

from 79 distinct reporters

and 5 distinct sources : BadIPs.com, Blocklist.de, FireHOL, GreenSnow.co, AbuseIPDB

220.166.42.139 was first signaled at 2020-06-21 12:49 and last record was at 2020-08-04 14:30.

220.166.42.139

Organization

No.31,Jin-rong Street

list IP owned by No.31,Jin-rong Street

Localisation

China

Sichuan, Chengdu

NetRange : First & Last IP

220.166.0.0 - 220.167.127.255

Network CIDR

220.166.0.0/15

ASN

4134

list IP by ASN 4134

Cybercrime IP Feeds

Date UTC	Category	Sub Categories	Source List	Source	Logs
2020-08-04 14:30	attacks	Brute-ForceSSH		AbuseIPDB	Aug 4 19:15:51 mx sshd[2414]: Failed password for root from 220.166.42.139 port 46190 ssh2
2020-08-04 12:52	attacks	Brute-ForceSSH		AbuseIPDB	2020-08-04T23:51:27.468779n23.at sshd[2549393]: Failed password for root from 220.166.42.139 port 38974 ssh2 2020-08-04T23:52:14.512766n23.at sshd[254
2020-08-04 08:54	attacks	SSH		AbuseIPDB	k+ssh-bruteforce
2020-08-04 06:38	attacks	Brute-ForceSSH		AbuseIPDB	Aug 4 17:32:56 vmd17057 sshd[16589]: Failed password for root from 220.166.42.139 port 59638 ssh2
2020-08-04 04:25	attacks	Brute-ForceSSH		AbuseIPDB	Failed password for root from 220.166.42.139 port 34488 ssh2 pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=2
2020-08-04 01:00	attacks	Brute-ForceSSH		AbuseIPDB	Failed password for root from 220.166.42.139 port 51876 ssh2
2020-08-04 00:59	attacks	Brute-ForceSSH		AbuseIPDB	Aug 4 07:01:13 master sshd[12384]: Failed password for root from 220.166.42.139 port 52392 ssh2 Aug 4 07:11:56 master sshd[12591]: Failed password for
2020-08-04 00:17	attacks	Brute-ForceSSH		AbuseIPDB	Aug 4 06:14:22 firewall sshd[5159]: Failed password for root from 220.166.42.139 port 52790 ssh2 Aug 4 06:17:10 firewall sshd[6467]: pam_unix(sshd:aut
2020-08-03 23:09	attacks	Brute-ForceSSH		AbuseIPDB	Aug 4 05:07:06 firewall sshd[6074]: Failed password for root from 220.166.42.139 port 53306 ssh2 Aug 4 05:09:51 firewall sshd[7353]: pam_unix(sshd:aut
2020-08-03 22:03	attacks	Brute-ForceSSH		AbuseIPDB	Aug 4 04:00:25 firewall sshd[14336]: Failed password for root from 220.166.42.139 port 53816 ssh2 Aug 4 04:03:06 firewall sshd[15474]: pam_unix(sshd:a
2020-08-03 21:46	attacks	Brute-ForceSSH		AbuseIPDB	Aug 4 06:46:49 *** sshd[9167]: User root from 220.166.42.139 not allowed because not listed in AllowUsers
2020-08-03 14:03	attacks	Brute-ForceSSH		AbuseIPDB	Aug 4 00:41:20 Ubuntu-1404-trusty-64-minimal sshd\[10883\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost
2020-08-03 00:44	attacks	Brute-ForceSSH		AbuseIPDB	2020-08-02 UTC: (63x) - root(63x)
2020-08-02 09:50	attacks	Brute-ForceSSH		AbuseIPDB	Aug 2 20:48:43 haigwepa sshd[8722]: Failed password for root from 220.166.42.139 port 52074 ssh2
2020-08-02 09:32	attacks	Brute-ForceSSH		AbuseIPDB	Aug 2 20:27:23 haigwepa sshd[7529]: Failed password for root from 220.166.42.139 port 42246 ssh2
2020-08-02 09:09	attacks	Brute-ForceSSH		AbuseIPDB	Aug 2 20:02:51 haigwepa sshd[6234]: Failed password for root from 220.166.42.139 port 35506 ssh2
2020-08-01 23:25	attacks	Brute-Force		AbuseIPDB	2020-08-02T02:59:30.395626morrigan.ad5gb.com sshd[1294038]: Failed password for root from 220.166.42.139 port 55970 ssh2 2020-08-02T02:59:32.859292mor
2020-08-01 08:14	attacks	Brute-ForceSSH		AbuseIPDB	Aug 1 19:11:48 inter-technics sshd[14964]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.166.42.139 user
2020-08-01 07:47	attacks	Brute-ForceSSH		AbuseIPDB	Aug 1 18:42:31 inter-technics sshd[12884]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.166.42.139 user
2020-07-30 22:31	attacks	SSH		AbuseIPDB	Connection to SSH Honeypot - Detected by HoneypotDB
2020-07-30 19:34	attacks	Brute-ForceSSH		AbuseIPDB	$f2bV_matches
2020-07-30 13:32	attacks	Brute-ForceSSH		AbuseIPDB
2020-07-30 03:29	attacks	Brute-ForceSSH		AbuseIPDB	Jul 30 12:29:53 jumpserver sshd[315056]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.166.42.139 Jul 3
2020-07-30 02:03	attacks	Brute-ForceSSH		AbuseIPDB	Jul 30 11:01:19 jumpserver sshd[313947]: Invalid user kdo from 220.166.42.139 port 55608 Jul 30 11:01:21 jumpserver sshd[313947]: Failed password for
2020-07-29 18:14	attacks	Brute-ForceSSH		AbuseIPDB	Jul 30 05:13:59 fhem-rasp sshd[17413]: Invalid user miaoshan from 220.166.42.139 port 41292
2020-07-29 17:07	attacks	Brute-ForceSSH		AbuseIPDB	Jul 30 04:07:57 fhem-rasp sshd[9051]: Invalid user semi from 220.166.42.139 port 35566
2020-07-29 16:34	attacks	Brute-ForceSSH		AbuseIPDB	Jul 30 03:34:10 fhem-rasp sshd[3386]: Invalid user chenhangting from 220.166.42.139 port 34052
2020-07-29 16:13	attacks	Brute-ForceSSH		AbuseIPDB	Jul 30 03:13:46 fhem-rasp sshd[25773]: Invalid user zhu from 220.166.42.139 port 50098
2020-07-29 15:50	attacks	Brute-ForceSSH		AbuseIPDB	Jul 30 02:50:24 fhem-rasp sshd[9621]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.166.42.139 Jul 30 02
2020-07-29 02:20	attacks	Brute-ForceSSH		AbuseIPDB	fail2ban/Jul 29 13:17:57 h1962932 sshd[24219]: Invalid user lixx from 220.166.42.139 port 39284 Jul 29 13:17:57 h1962932 sshd[24219]: pam_unix(sshd:au
2020-07-28 20:09	attacks	Brute-ForceSSH		AbuseIPDB	Brute force attempt
2020-07-28 15:51	attacks	Brute-ForceSSH		AbuseIPDB	2020-07-29T00:48:47.906407abusebot.cloudsearch.cf sshd[621]: Invalid user mozhaoquan from 220.166.42.139 port 53924 2020-07-29T00:48:47.910784abusebot
2020-07-28 01:17	attacks	Brute-ForceSSH		AbuseIPDB	Jul 27 17:15:08 h2427292 sshd\[32305\]: Invalid user matt from 220.166.42.139 Jul 27 17:15:08 h2427292 sshd\[32305\]: pam_unix$sshd:auth$: authentic
2020-07-27 06:26	attacks	Brute-ForceSSH		AbuseIPDB	2020-07-27T15:26:28+0000 Failed SSH Authentication/Brute Force Attack. (Server 6)
2020-07-27 06:15	attacks	Brute-ForceSSH		AbuseIPDB	Jul 27 17:15:08 h2427292 sshd\[32305\]: Invalid user matt from 220.166.42.139 Jul 27 17:15:08 h2427292 sshd\[32305\]: pam_unix$sshd:auth$: authentic
2020-07-27 05:46	attacks	Brute-ForceSSH		AbuseIPDB	Jul 27 16:46:17 mail sshd[7006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.166.42.139 Jul 27 16:46:1
2020-07-27 03:03	attacks	Brute-ForceSSH		AbuseIPDB	Unauthorized SSH login attempts
2020-07-26 21:04	attacks	Brute-ForceSSH		AbuseIPDB	Jul 27 07:50:02 ns382633 sshd\[5040\]: Invalid user opus from 220.166.42.139 port 48566 Jul 27 07:50:02 ns382633 sshd\[5040\]: pam_unix$sshd:auth$:
2020-07-26 14:57	attacks	SSH		AbuseIPDB	Jul 27 00:57:05 l03 sshd[10512]: Invalid user user from 220.166.42.139 port 46378
2020-07-26 07:39	attacks	FTP Brute-ForceHackingBrute-ForceSSH		AbuseIPDB	SSH brute-force attempt
2020-07-25 23:18	attacks	Brute-ForceSSH		AbuseIPDB	Jul 26 09:42:32 hidden sshd[54579]: Failed password for invalid user coq from 220.166.42.139 port 49414 ssh2 Jul 26 10:12:50 hidden sshd[62187]: I
2020-07-25 13:48	attacks	Brute-ForceSSH		AbuseIPDB	Jul 25 22:48:45 ws26vmsma01 sshd[114043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.166.42.139 Jul 2
2020-07-25 11:26	attacks	Brute-Force		AbuseIPDB	ssh intrusion attempt
2020-07-25 08:54	attacks	Brute-ForceSSH		AbuseIPDB	Failed password for invalid user amit from 220.166.42.139 port 52574 ssh2
2020-07-25 03:29	attacks	Brute-ForceSSH		AbuseIPDB	SSH Brute-Force attacks
2020-07-24 20:50	attacks	Brute-ForceSSH		AbuseIPDB	2020-07-25T05:49:04.353080abusebot-7.cloudsearch.cf sshd[25456]: Invalid user amandabackup from 220.166.42.139 port 34648 2020-07-25T05:49:04.357949ab
2020-07-24 19:26	attacks	Brute-ForceSSH		AbuseIPDB	$f2bV_matches
2020-07-24 11:12	attacks	FTP Brute-ForceHackingBrute-ForceSSH		AbuseIPDB	SSH brute-force attempt
2020-07-23 22:28	attacks	Brute-ForceSSH		AbuseIPDB	Jul 24 09:28:34 serwer sshd\[16801\]: Invalid user sonar from 220.166.42.139 port 50580 Jul 24 09:28:34 serwer sshd\[16801\]: pam_unix$sshd:auth$: a
2020-07-23 14:04	attacks	SSH		AbuseIPDB	Jul 23 23:11:21 django-0 sshd[14675]: Invalid user swy from 220.166.42.139
2020-06-21 12:49	attacks	Port ScanBrute-ForceSSH		AbuseIPDB	Unauthorized access or intrusion attempt detected from Thor banned IP
2020-06-21 15:46	attacks	Brute-ForceSSH		AbuseIPDB	20 attempts against mh-ssh on pluto
2020-06-21 16:54	attacks	Brute-ForceSSH		AbuseIPDB	21 attempts against mh-ssh on pluto
2020-06-21 22:54	attacks	Brute-ForceSSH		AbuseIPDB	20 attempts against mh-ssh on ice
2020-06-22 00:29	attacks	Brute-ForceSSH		AbuseIPDB	21 attempts against mh-ssh on ice
2020-06-22 01:26	attacks	Brute-ForceSSH		AbuseIPDB	20 attempts against mh-ssh on river
2020-06-22 02:11	attacks	Brute-ForceSSH		AbuseIPDB	20 attempts against mh-ssh on boat
2020-06-22 12:32	attacks	Brute-ForceSSH		AbuseIPDB	Invalid user zhengnq from 220.166.42.139 port 46342
2020-06-22 18:01	attacks	Brute-ForceSSH		AbuseIPDB	Jun 23 03:01:08 pbkit sshd[239923]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.166.42.139 Jun 23 03:
2020-06-22 18:04	attacks	FTP Brute-ForceHacking		AbuseIPDB	Lines containing failures of 220.166.42.139 Jun 23 04:48:33 shared03 sshd[9912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tt
2020-07-31 15:56	attacks		bi_any_0_1d	BadIPs.com
2020-07-31 15:57	attacks	SSH	bi_ssh_0_1d	BadIPs.com
2020-07-31 15:57	attacks		blocklist_de	Blocklist.de
2020-07-31 15:57	attacks	SSH	blocklist_de_ssh	Blocklist.de
2020-07-31 16:01	attacks		firehol_level2	FireHOL
2020-07-31 16:10	attacks		greensnow	GreenSnow.co
2020-08-02 14:01	attacks	SSH	bi_sshd_0_1d	BadIPs.com
2020-08-04 12:00	attacks	Bad Web Bot	bi_badbots_0_1d	BadIPs.com
2020-08-04 12:00	attacks	Brute-Force	bi_bruteforce_0_1d	BadIPs.com

only last 50 and first 10 AbuseIPDB logs are shown

Threats Categories :

abuse

IPs used to spam forum, boards, blogs or smtp servers, automated web scripts or scrappers (bad bots)

anonymizer

Onion Router IP addresses. TOR network IPs, TOR exit points, socks or ssl proxy.

attacks

bruteforce ssh/ftp/system account, IPs that have been detected by fail2ban, ports scan, vulnerabilities scan, DDoS.

malware

Addresses that have been identified distributing malware, form-grabber and stealer, Viruses, Worms, Trojans, Ransomware, Adware, Spyware

Whois

inetnum: 220.166.0.0 - 220.167.127.255
netname: CHINANET-SC
descr: CHINANET sichuan province network
descr: Data Communication Division
descr: China Telecom
country: CN
admin-c: CH93-AP
tech-c: XS16-AP
mnt-by: MAINT-CHINANET
mnt-lower: MAINT-CHINANET-SC
status: ALLOCATED NON-PORTABLE
last-modified: 2008-09-04T06:52:05Z
source: APNIC

person: Chinanet Hostmaster
nic-hdl: CH93-AP
e-mail: anti-spam@ns.chinanet.cn.net
address: No.31 ,jingrong street,beijing
address: 100032
phone: +86-10-58501724
fax-no: +86-10-58501724
country: CN
mnt-by: MAINT-CHINANET
last-modified: 2014-02-27T03:37:38Z
source: APNIC

person: Xiaodong Shi
nic-hdl: XS16-AP
e-mail: scipadmin2013@189.cn
address: No.72,Wen Miao Qian Str.
address: Data Communication Bureau Of Sichuan Province
address: Chengdu
address: PR China
phone: +86-28-6190785
fax-no: +86-28-6190641
country: CN
mnt-by: MAINT-CHINANET-SC
last-modified: 2013-12-30T01:32:36Z
source: APNIC

most specific ip range is highlighted

Updated : 2020-08-04