166.62.121.120

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: GoDaddy.com LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	LGS,WP GET /wp-login.php	2019-12-22 05:17:14
attack	WordPress login Brute force / Web App Attack on client site.	2019-11-14 06:07:56
attackspambots	Automatic report - XMLRPC Attack	2019-11-10 20:06:22
attackspam	WordPress login Brute force / Web App Attack on client site.	2019-11-05 13:12:07
attackbots	xmlrpc attack	2019-11-02 20:30:29
attackbotsspam	166.62.121.120 - - [23/Oct/2019:13:49:54 +0200] "GET /wp-login.php HTTP/1.1" 200 1256 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.121.120 - - [23/Oct/2019:13:49:54 +0200] "POST /wp-login.php HTTP/1.1" 200 1678 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.121.120 - - [23/Oct/2019:13:49:55 +0200] "GET /wp-login.php HTTP/1.1" 200 1256 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.121.120 - - [23/Oct/2019:13:49:55 +0200] "POST /wp-login.php HTTP/1.1" 200 1654 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.121.120 - - [23/Oct/2019:13:49:56 +0200] "GET /wp-login.php HTTP/1.1" 200 1256 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.121.120 - - [23/Oct/2019:13:49:56 +0200] "POST /wp-login.php HTTP/1.1" 200 1651 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-10-23 20:24:18
attackspambots	php WP PHPmyadamin ABUSE blocked for 12h	2019-10-15 14:27:07

Comments on same subnet:

IP	Type	Details	Datetime
166.62.121.76	attackspambots	Admin Joomla Attack	2019-09-25 00:51:37
166.62.121.223	attackspam	EventTime:Sun Sep 22 22:46:05 AEST 2019,EventName:Client denied: configuration,TargetDataNamespace:/,TargetDataContainer:srv/www/upperbay.info/site/wp-login.php, referer: http://upperbay.info/,TargetDataName:wp-login.php,SourceIP:166.62.121.223,VendorOutcomeCode:E_NULL,InitiatorServiceName:41138	2019-09-22 21:53:41
166.62.121.223	attackbots	fail2ban honeypot	2019-09-17 17:23:44
166.62.121.223	attackbots	166.62.121.223 - - [14/Sep/2019:09:43:30 +0200] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.121.223 - - [14/Sep/2019:09:43:31 +0200] "POST /wp-login.php HTTP/1.1" 200 1632 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.121.223 - - [14/Sep/2019:09:43:31 +0200] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.121.223 - - [14/Sep/2019:09:43:32 +0200] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.121.223 - - [14/Sep/2019:09:43:33 +0200] "POST /wp-login.php HTTP/1.1" 200 1631 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.121.223 - - [14/Sep/2019:09:43:33 +0200] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-09-14 17:02:54
166.62.121.223	attackbots	xmlrpc attack	2019-09-11 06:17:58
166.62.121.223	attackspam	michaelklotzbier.de 166.62.121.223 \[10/Sep/2019:13:28:43 +0200\] "POST /wp-login.php HTTP/1.1" 200 5837 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" michaelklotzbier.de 166.62.121.223 \[10/Sep/2019:13:28:44 +0200\] "POST /wp-login.php HTTP/1.1" 200 5794 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-09-10 23:20:23
166.62.121.223	attackbots	www.goldgier.de 166.62.121.223 \[05/Sep/2019:03:48:36 +0200\] "POST /wp-login.php HTTP/1.1" 200 8724 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" www.goldgier.de 166.62.121.223 \[05/Sep/2019:03:48:38 +0200\] "POST /wp-login.php HTTP/1.1" 200 8724 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-09-05 10:55:21

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 166.62.121.120
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 37022
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;166.62.121.120.			IN	A

;; AUTHORITY SECTION:
.			520	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019101500 1800 900 604800 86400

;; Query time: 105 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 15 14:27:04 CST 2019
;; MSG SIZE  rcvd: 118

Host info

120.121.62.166.in-addr.arpa domain name pointer ip-166-62-121-120.ip.secureserver.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
120.121.62.166.in-addr.arpa	name = ip-166-62-121-120.ip.secureserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
140.143.134.86	attackspam	Automatic report - SSH Brute-Force Attack	2019-11-21 05:05:26
51.75.28.134	attackbotsspam	Nov 20 18:50:23 meumeu sshd[1820]: Failed password for root from 51.75.28.134 port 53934 ssh2 Nov 20 18:53:52 meumeu sshd[2378]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.75.28.134 Nov 20 18:53:54 meumeu sshd[2378]: Failed password for invalid user named from 51.75.28.134 port 35228 ssh2 ...	2019-11-21 05:14:31
186.3.234.169	attackbotsspam	Nov 20 13:34:21 Tower sshd[26483]: Connection from 186.3.234.169 port 37459 on 192.168.10.220 port 22 Nov 20 13:34:24 Tower sshd[26483]: Invalid user server from 186.3.234.169 port 37459 Nov 20 13:34:24 Tower sshd[26483]: error: Could not get shadow information for NOUSER Nov 20 13:34:24 Tower sshd[26483]: Failed password for invalid user server from 186.3.234.169 port 37459 ssh2 Nov 20 13:34:24 Tower sshd[26483]: Received disconnect from 186.3.234.169 port 37459:11: Bye Bye [preauth] Nov 20 13:34:24 Tower sshd[26483]: Disconnected from invalid user server 186.3.234.169 port 37459 [preauth]	2019-11-21 05:30:10
51.77.140.111	attackspam	Nov 20 16:11:55 icinga sshd[26960]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.77.140.111 Nov 20 16:11:57 icinga sshd[26960]: Failed password for invalid user server from 51.77.140.111 port 49550 ssh2 ...	2019-11-21 05:10:18
179.127.129.23	attack	23/tcp [2019-11-20]1pkt	2019-11-21 05:18:25
218.173.2.233	attackbotsspam	23/tcp [2019-11-20]1pkt	2019-11-21 05:03:16
51.83.42.244	attack	Nov 20 21:54:24 SilenceServices sshd[7042]: Failed password for root from 51.83.42.244 port 45330 ssh2 Nov 20 21:59:11 SilenceServices sshd[8522]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.42.244 Nov 20 21:59:14 SilenceServices sshd[8522]: Failed password for invalid user cssserver from 51.83.42.244 port 53296 ssh2	2019-11-21 05:02:12
112.17.78.210	attack	Automatic report - Port Scan Attack	2019-11-21 05:34:25
13.77.177.1	attackbotsspam	20.11.2019 19:59:44 - RDP Login Fail Detected by https://www.elinox.de/RDP-Wächter	2019-11-21 05:40:17
51.68.82.218	attack	Nov 20 19:31:58 localhost sshd\[29158\]: Invalid user wangshenyang from 51.68.82.218 port 33808 Nov 20 19:31:58 localhost sshd\[29158\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.68.82.218 Nov 20 19:32:00 localhost sshd\[29158\]: Failed password for invalid user wangshenyang from 51.68.82.218 port 33808 ssh2 ...	2019-11-21 05:17:52
114.41.26.248	attackspambots	23/tcp [2019-11-20]1pkt	2019-11-21 05:05:46
130.204.74.70	attackspambots	9001/tcp [2019-11-20]1pkt	2019-11-21 05:28:29
195.62.203.148	attackspam	5500/tcp [2019-11-20]1pkt	2019-11-21 05:29:22
189.125.2.234	attackspambots	Nov 21 01:50:40 vibhu-HP-Z238-Microtower-Workstation sshd\[23779\]: Invalid user settle from 189.125.2.234 Nov 21 01:50:40 vibhu-HP-Z238-Microtower-Workstation sshd\[23779\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.125.2.234 Nov 21 01:50:42 vibhu-HP-Z238-Microtower-Workstation sshd\[23779\]: Failed password for invalid user settle from 189.125.2.234 port 49737 ssh2 Nov 21 01:54:34 vibhu-HP-Z238-Microtower-Workstation sshd\[24812\]: Invalid user reggy from 189.125.2.234 Nov 21 01:54:34 vibhu-HP-Z238-Microtower-Workstation sshd\[24812\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.125.2.234 ...	2019-11-21 05:05:00
115.159.122.190	attackspambots	Nov 21 03:08:51 areeb-Workstation sshd[25963]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.159.122.190 Nov 21 03:08:52 areeb-Workstation sshd[25963]: Failed password for invalid user Telecom@2008 from 115.159.122.190 port 35684 ssh2 ...	2019-11-21 05:39:36

Recently Reported IPs

93.42.110.44	207.210.200.142	87.136.67.145	45.95.99.230
190.116.13.20	120.41.153.128	206.196.110.129	223.240.216.33
36.102.223.92	221.213.44.222	185.164.56.197	220.132.145.237
159.69.144.253	95.104.231.14	58.56.131.246	42.118.52.147
31.173.65.142	27.66.127.242	217.192.236.254	198.108.67.143