JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 139.99.86.250

139.99.86.250 was found in our database!

This IP was reported 171 times. Confidence of Abuse is 93%: ?

93%

ISP	OVH Singapore PTE. LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16276
Hostname(s)	ip250.ip-139-99-86.net
Domain Name	ovh.net
Country	🇸🇬 Singapore
City	Singapore

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 139.99.86.250

Whois 139.99.86.250

IP Abuse Reports for 139.99.86.250:

This IP address has been reported a total of 171 times from 58 distinct sources. 139.99.86.250 was first reported on June 17th 2025, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 soc-yk	2026-06-10 15:18:14 (2 hours ago)	Type: web_scanning Risk: 70 Events: 20538 Evidence: - Automated hostile web probing detected - Repe ... show more Type: web_scanning Risk: 70 Events: 20538 Evidence: - Automated hostile web probing detected - Repeated web scanning activity observed - Multi-event operational persistence identified show less	Web App Attack
Anonymous	2026-06-10 00:10:37 (17 hours ago)	curl https://gsocket.io/y	Hacking Brute-Force Web App Attack
🇫🇷 Baking333	2026-06-09 10:43:47 (1 day ago)	[redacted] 139.99.86.250 - - [09/Jun/2026:11:43:45 +0100] "GET /[redacted] HTTP/2.0" 301 150 "http:/ ... show more [redacted] 139.99.86.250 - - [09/Jun/2026:11:43:45 +0100] "GET /[redacted] HTTP/2.0" 301 150 "http://[redacted]/[redacted]" "Go-http-client/2.0" [redacted] 139.99.86.250 - - [09/Jun/2026:11:43:46 +0100] "GET /fr/[redacted]/ HTTP/2.0" 404 26778 "https://[redacted]/[redacted]" "Go-http-client/2.0" show less	Bad Web Bot Web App Attack
🇪🇸 bohl-aiG5aef	2026-06-09 08:07:57 (1 day ago)	Suricata Alert [SID:2010920] ET WEB_SERVER Exploit Suspected PHP Injection Attack (cmd=)	SQL Injection
🇧🇪 Saec	2026-06-08 15:15:11 (2 days ago)	Cloudflare WAF blocked 50 requests in 1h from SG. Top paths probed: /wp-admin/maint/index.php, /wp-l ... show more Cloudflare WAF blocked 50 requests in 1h from SG. Top paths probed: /wp-admin/maint/index.php, /wp-login.php, /wp-json/gravitysmtp/v1/tests/mock-data. Pattern: bot/scanner abuse. Auto-reported by Jarvis CF monitor. show less	Brute-Force Web App Attack
🇫🇷 tilellit.pro	2026-06-08 09:01:42 (2 days ago)	Fail2Ban banned 139.99.86.250 for security violations in jail wp-armour. Log: 2026/06/08 09:01:42 [e ... show more Fail2Ban banned 139.99.86.250 for security violations in jail wp-armour. Log: 2026/06/08 09:01:42 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 139.99.86.250 \| Target: wplogin" , client: 139.99.86.250, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED] ... show less	Web Spam
🇧🇪 Saec	2026-06-08 03:45:06 (2 days ago)	Jarvis auto-ban: CF honeypot path /wp-login.php (1× on saec.me)	Port Scan Web App Attack
🇩🇪 maxpower	2026-06-07 12:33:52 (3 days ago)	(wp_login) REGOLA 1 - WP Login Attack 139.99.86.250 (SG/Singapore/ip250.ip-139-99-86.net): 5 in the ... show more (wp_login) REGOLA 1 - WP Login Attack 139.99.86.250 (SG/Singapore/ip250.ip-139-99-86.net): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 139.99.86.250 - - [07/Jun/2026:14:17:28 +0200] "GET /wp-login.php HTTP/1.1" 301 278 "-" "Mozila/5.0" "-" host=riecam.it 139.99.86.250 - - [07/Jun/2026:14:17:31 +0200] "GET /wp-login.php HTTP/1.1" 200 9749 "-" "Mozila/5.0" "-" host=riecam.it 139.99.86.250 - - [07/Jun/2026:14:17:32 +0200] "POST /wp-login.php HTTP/1.1" 200 10234 "-" "Mozila/5.0" "-" host=riecam.it 139.99.86.250 - - [07/Jun/2026:14:17:34 +0200] "GET /wp-login.php?redirect_to=https%3A%2F%2Friecam.it%2Fwp-admin%2F&reauth=1 HTTP/1.1" 200 9839 "-" "Mozila/5.0" "-" host=riecam.it 139.99.86.250 - - [07/Jun/2026:14:33:46 +0200] "GET /wp-login.php HTTP/1.1" 301 278 "-" "Mozila/5.0" "-" host=consac.eu show less	Port Scan
🇫🇷 tilellit.pro	2026-06-07 09:23:28 (3 days ago)	Fail2Ban banned 139.99.86.250 for security violations in jail wp-armour. Log: 2026/06/07 09:23:27 [e ... show more Fail2Ban banned 139.99.86.250 for security violations in jail wp-armour. Log: 2026/06/07 09:23:27 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 139.99.86.250 \| Target: wplogin" , client: 139.99.86.250, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED] ... show less	Web Spam
🇪🇸 bohl-aiG5aef	2026-06-06 08:27:58 (4 days ago)	Suricata Alert [SID:2010920] ET WEB_SERVER Exploit Suspected PHP Injection Attack (cmd=)	SQL Injection
🇧🇪 voormedia	2026-06-05 21:06:33 (4 days ago)	Accessed trap at '/admin.php'	Web App Attack
🇮🇩 sockominfo	2026-06-05 14:00:39 (5 days ago)	Generic webshell or malicious PHP script detected With Performance Metrics Lv.2 (Multi-Layer Detecti ... show more Generic webshell or malicious PHP script detected With Performance Metrics Lv.2 (Multi-Layer Detection), Generic webshell pattern detected (filtered), Indonesian - webshell detected, Suspicious WordPress access pattern detected, Webshell discovery success (Response: 200). Threat Score: 9.3/10 (CRITICAL). Confidence: 85%. CVSS v3.1: 10/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 99%. MITRE ATT&CK: T1566 (Phishing). Tactic: TA0001. Freshness: Moderate. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇮🇩 sockominfo	2026-06-05 13:00:39 (5 days ago)	Generic webshell or malicious PHP script detected With Performance Metrics Lv.2 (Multi-Layer Detecti ... show more Generic webshell or malicious PHP script detected With Performance Metrics Lv.2 (Multi-Layer Detection), Generic webshell pattern detected (filtered), Indonesian - webshell detected, Suspicious WordPress access pattern detected, Webshell discovery success (Response: 200). Threat Score: 9.3/10 (CRITICAL). Confidence: 85%. CVSS v3.1: 10/10 (Critical). CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. Bayesian Probability: 99%. MITRE ATT&CK: T1566 (Phishing). Tactic: TA0001. Freshness: Fresh. Source Reputation: KNOWN_MALICIOUS. Methodology: CVSS 3.1 + Bayesian + Temporal + Environmental + MITRE ATT&CK + OWASP. Standards: ISO/IEC 27065:2022, NIST SP 800-30, IEEE S&P 2020. Reported by TangerangKota-CSIRT. Status: MALICIOUS show less	Hacking Email Spam
🇪🇸 bohl-aiG5aef	2026-06-05 12:38:57 (5 days ago)	Suricata Alert [SID:2064917] ET HUNTING Request for Webshell in .well-known directory	Web App Attack
🇮🇩 sockominfo	2026-06-05 12:00:47 (5 days ago)	Reported by TangerangKota-CSIRT. Status: MALICIOUS	Hacking Email Spam

Showing 1 to 15 of 171 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 66.132.186.188

🇳🇱 51.15.106.128

🇺🇸 34.58.198.253

🇳🇱 195.178.110.30

🇧🇷 177.159.150.111

🇫🇷 163.172.149.158

🇸🇬 161.118.237.181

🇧🇷 152.234.191.188

🇮🇳 152.32.158.74

🇮🇹 151.115.167.207

🇵🇱 151.115.56.254

🇨🇳 124.227.31.94

🇯🇵 115.179.102.180

🇧🇷 69.6.249.146

🇲🇽 68.155.145.129

🇺🇸 47.77.230.66

🇧🇷 45.205.1.73

🇪🇪 45.12.28.218

🇺🇸 34.174.202.232

🇮🇳 2406:7400:119:3773:9ced:cfea:c95e:2298