166.62.10.139 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
166.62.100.99	attackbots	Automatic report - XMLRPC Attack	2020-10-02 03:34:14
166.62.100.99	attackbotsspam	166.62.100.99 - - [01/Oct/2020:10:36:12 +0200] "POST /wp-login.php HTTP/1.0" 200 4794 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-01 19:46:44
166.62.100.99	attack	(PERMBLOCK) 166.62.100.99 (US/United States/ip-166-62-100-99.ip.secureserver.net) has had more than 4 temp blocks in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_PERMBLOCK_COUNT; Logs:	2020-09-30 03:10:54
166.62.100.99	attack	WordPress wp-login brute force :: 166.62.100.99 0.088 - [29/Sep/2020:08:41:15 0000] [censored_1] "POST /wp-login.php HTTP/2.0" 200 2402 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "HTTP/2.0"	2020-09-29 19:14:32
166.62.100.99	attackbots	php WP PHPmyadamin ABUSE blocked for 12h	2020-08-31 23:00:51
166.62.100.99	attackspam	166.62.100.99 - - [30/Aug/2020:21:35:53 +0100] "POST /wp-login.php HTTP/1.1" 200 1905 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [30/Aug/2020:21:35:54 +0100] "POST /wp-login.php HTTP/1.1" 200 1890 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [30/Aug/2020:21:35:56 +0100] "POST /wp-login.php HTTP/1.1" 200 1887 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-31 06:41:46
166.62.100.99	attackspam	166.62.100.99 - - [23/Aug/2020:08:33:26 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [23/Aug/2020:08:33:27 +0200] "POST /wp-login.php HTTP/1.1" 200 1819 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [23/Aug/2020:08:33:28 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [23/Aug/2020:08:33:29 +0200] "POST /wp-login.php HTTP/1.1" 200 1796 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [23/Aug/2020:08:33:30 +0200] "GET /wp-login.php HTTP/1.1" 200 1689 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [23/Aug/2020:08:33:30 +0200] "POST /wp-login.php HTTP/1.1" 200 1797 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Fir ...	2020-08-23 14:33:52
166.62.100.99	attack	166.62.100.99 - - [19/Aug/2020:00:38:21 +0100] "POST /wp-login.php HTTP/1.1" 200 1791 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [19/Aug/2020:00:38:23 +0100] "POST /wp-login.php HTTP/1.1" 200 1772 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [19/Aug/2020:00:38:23 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-19 08:43:26
166.62.100.99	attackbots	166.62.100.99 - - [09/Aug/2020:04:53:38 +0100] "POST /wp-login.php HTTP/1.1" 200 1791 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [09/Aug/2020:04:53:40 +0100] "POST /wp-login.php HTTP/1.1" 200 1772 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [09/Aug/2020:04:53:40 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-09 14:16:00
166.62.100.99	attack	Attempt to login to WordPress via /wp-login.php	2020-08-08 08:30:29
166.62.100.99	attack	166.62.100.99 - - [20/Jul/2020:08:20:23 +0200] "GET /wp-login.php HTTP/1.1" 200 5738 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [20/Jul/2020:08:20:25 +0200] "POST /wp-login.php HTTP/1.1" 200 5989 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [20/Jul/2020:08:20:27 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-20 16:55:56
166.62.100.99	attackspambots	166.62.100.99 - - [29/Jun/2020:11:35:14 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [29/Jun/2020:11:51:33 +0100] "POST /wp-login.php HTTP/1.1" 200 2046 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.100.99 - - [29/Jun/2020:11:51:36 +0100] "POST /wp-login.php HTTP/1.1" 200 2020 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-29 19:04:31
166.62.100.99	attack	Automatically reported by fail2ban report script (mx1)	2020-06-23 17:05:45
166.62.100.99	attack	port scan and connect, tcp 80 (http)	2020-06-08 15:00:58
166.62.100.99	attack	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-10 18:18:42

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 166.62.10.139
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31732
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;166.62.10.139.			IN	A

;; AUTHORITY SECTION:
.			598	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021800 1800 900 604800 86400

;; Query time: 13 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 18 14:51:15 CST 2022
;; MSG SIZE  rcvd: 106

Host info

139.10.62.166.in-addr.arpa domain name pointer ip-166-62-10-139.ip.secureserver.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
139.10.62.166.in-addr.arpa	name = ip-166-62-10-139.ip.secureserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
164.132.49.98	attackbots	Feb 25 02:18:05 server sshd\[12087\]: Invalid user wildfly from 164.132.49.98 Feb 25 02:18:05 server sshd\[12087\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.ip-164-132-49.eu Feb 25 02:18:06 server sshd\[12087\]: Failed password for invalid user wildfly from 164.132.49.98 port 33418 ssh2 Feb 25 02:28:11 server sshd\[14206\]: Invalid user angelo from 164.132.49.98 Feb 25 02:28:11 server sshd\[14206\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=98.ip-164-132-49.eu ...	2020-02-25 07:46:31
14.99.38.109	attack	Feb 25 00:42:55 Ubuntu-1404-trusty-64-minimal sshd\[8041\]: Invalid user admin from 14.99.38.109 Feb 25 00:42:55 Ubuntu-1404-trusty-64-minimal sshd\[8041\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.99.38.109 Feb 25 00:42:57 Ubuntu-1404-trusty-64-minimal sshd\[8041\]: Failed password for invalid user admin from 14.99.38.109 port 50334 ssh2 Feb 25 00:46:44 Ubuntu-1404-trusty-64-minimal sshd\[9818\]: Invalid user reiseblog7 from 14.99.38.109 Feb 25 00:46:44 Ubuntu-1404-trusty-64-minimal sshd\[9818\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.99.38.109	2020-02-25 07:49:56
171.113.101.171	attack	Brute force blocker - service: proftpd1 - aantal: 68 - Tue May 1 13:30:19 2018	2020-02-25 07:21:57
216.218.206.70	attack	suspicious action Mon, 24 Feb 2020 20:25:36 -0300	2020-02-25 07:32:06
119.31.123.147	attackspam	Feb 24 18:23:39 NPSTNNYC01T sshd[26484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.31.123.147 Feb 24 18:23:41 NPSTNNYC01T sshd[26484]: Failed password for invalid user dam from 119.31.123.147 port 53222 ssh2 Feb 24 18:25:42 NPSTNNYC01T sshd[26624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.31.123.147 ...	2020-02-25 07:29:35
113.125.58.0	attackbotsspam	Feb 24 18:25:24 plusreed sshd[8497]: Invalid user lichengzhang from 113.125.58.0 ...	2020-02-25 07:42:59
79.61.51.195	attackspam	Feb 25 00:17:22 vserver sshd\[23941\]: Failed password for root from 79.61.51.195 port 50139 ssh2Feb 25 00:21:25 vserver sshd\[23974\]: Invalid user ftpadmin from 79.61.51.195Feb 25 00:21:27 vserver sshd\[23974\]: Failed password for invalid user ftpadmin from 79.61.51.195 port 63754 ssh2Feb 25 00:25:30 vserver sshd\[24009\]: Invalid user pgsql from 79.61.51.195 ...	2020-02-25 07:37:37
120.150.216.161	attackbotsspam	Feb 25 00:25:18 MK-Soft-VM6 sshd[9892]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.150.216.161 Feb 25 00:25:19 MK-Soft-VM6 sshd[9892]: Failed password for invalid user ftpuser from 120.150.216.161 port 47706 ssh2 ...	2020-02-25 07:48:27
2607:f298:5:114b::b54:d51	attack	WordPress XMLRPC scan :: 2607:f298:5:114b::b54:d51 0.068 BYPASS [24/Feb/2020:23:25:43 0000] [censored_2] "POST /xmlrpc.php HTTP/1.1" 200 236 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-02-25 07:28:22
209.85.220.69	attackbots	Received: from mail-sor-f69.google.com (mail-sor-f69.google.com. [209.85.220.69]) by mx.google.com with SMTPS id n29sor15400294pgc.73.2020.02.24.15.09.26 for <@gmail.com> (Google Transport Security); Mon, 24 Feb 2020 15:09:27 -0800 (PST) CareyHolzman just uploaded a video How Do I Know Which Files Or Directories Are Safe To Delete? http://www.youtube.com/watch?v=WhxuCnLKcBE&feature=em-uploademail Name: Carey Alan Holzman Michelle Lee Holzman Address: 5381 N 87th Ave, Glendale, Arizona, 85305 https://careyholzman.com Phone Numbers: (602) 527-9723 (623) 628-4266 carey@tech-vets.com carey.holzman@yahoo.com cholzman@cox.net carey@careyholzman.com ,cholzman@outlook.com,cholzman@gmail.com IP Number : 68.231.131.39 x-originating-ip: [199.189.26.30]	2020-02-25 07:56:22
58.221.135.14	attackspam	Brute force blocker - service: proftpd1 - aantal: 40 - Tue May 1 15:35:17 2018	2020-02-25 07:22:56
177.11.120.19	attackbots	suspicious action Mon, 24 Feb 2020 20:25:30 -0300	2020-02-25 07:37:26
165.22.215.185	attack	Feb 25 00:25:33 lnxweb61 sshd[16905]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.215.185	2020-02-25 07:35:11
211.117.60.23	attackbots	(sshd) Failed SSH login from 211.117.60.23 (KR/South Korea/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Feb 25 00:21:44 amsweb01 sshd[32278]: Invalid user test from 211.117.60.23 port 53960 Feb 25 00:21:46 amsweb01 sshd[32278]: Failed password for invalid user test from 211.117.60.23 port 53960 ssh2 Feb 25 00:25:40 amsweb01 sshd[314]: User mysql from 211.117.60.23 not allowed because not listed in AllowUsers Feb 25 00:25:40 amsweb01 sshd[314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.117.60.23 user=mysql Feb 25 00:25:42 amsweb01 sshd[314]: Failed password for invalid user mysql from 211.117.60.23 port 51728 ssh2	2020-02-25 07:26:17
112.3.30.14	attackbots	$f2bV_matches	2020-02-25 07:40:21

Recently Reported IPs

166.62.10.137	166.23.250.209	166.241.197.120	166.62.10.140
166.62.10.141	166.62.10.181	166.62.10.183	166.62.10.171
166.62.10.145	166.62.10.187	166.62.10.186	166.62.10.190
166.62.10.223	166.62.10.188	166.62.10.189	166.62.10.143
166.62.10.185	166.62.10.226	166.62.10.184	166.62.10.29