166.62.123.55 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: GoDaddy.com LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	C1,WP GET /wp-login.php	2020-09-04 00:47:16
attackspam	166.62.123.55 - - [03/Sep/2020:08:10:01 +0100] "POST /wp-login.php HTTP/1.1" 200 2435 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [03/Sep/2020:08:10:04 +0100] "POST /wp-login.php HTTP/1.1" 200 2370 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [03/Sep/2020:08:10:07 +0100] "POST /wp-login.php HTTP/1.1" 200 2400 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-03 16:11:54
attackspambots	166.62.123.55 - - [02/Sep/2020:21:47:43 +0100] "POST /wp-login.php HTTP/1.1" 200 2178 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [02/Sep/2020:21:48:00 +0100] "POST /wp-login.php HTTP/1.1" 200 2202 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [02/Sep/2020:21:48:03 +0100] "POST /wp-login.php HTTP/1.1" 200 2157 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-03 08:20:26
attackspam	Attempt to run wp-login.php	2020-09-02 20:25:08
attackbots	Automatic report generated by Wazuh	2020-09-02 12:20:16
attackspam	166.62.123.55 - - [01/Sep/2020:22:46:45 +0200] "POST /xmlrpc.php HTTP/1.1" 403 461 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [01/Sep/2020:23:14:35 +0200] "POST /xmlrpc.php HTTP/1.1" 403 22141 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-02 05:30:59
attackspambots	$f2bV_matches	2020-09-02 01:57:42
attack	166.62.123.55 - - [31/Aug/2020:11:47:08 +0200] "GET /wp-login.php HTTP/1.1" 200 8691 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [31/Aug/2020:11:47:11 +0200] "POST /wp-login.php HTTP/1.1" 200 8921 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [31/Aug/2020:11:47:13 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-31 18:55:56
attackspambots	Attempt to hack Wordpress Login, XMLRPC or other login	2020-08-27 20:07:28
attackbots	166.62.123.55 - - [19/Jul/2020:18:09:27 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [19/Jul/2020:18:09:28 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [19/Jul/2020:18:09:30 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-07-20 00:21:29
attack	166.62.123.55 - - [18/Jul/2020:20:51:55 +0100] "POST /wp/wp-login.php HTTP/1.1" 200 1865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [18/Jul/2020:20:51:56 +0100] "POST /wp/wp-login.php HTTP/1.1" 200 1846 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [18/Jul/2020:20:51:57 +0100] "POST /wp/xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-19 04:16:48
attackspam	166.62.123.55 - - [04/Jul/2020:22:42:07 +0100] "POST /wp-login.php HTTP/1.1" 200 1801 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [04/Jul/2020:22:42:08 +0100] "POST /wp-login.php HTTP/1.1" 200 1779 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [04/Jul/2020:22:42:09 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-05 06:23:31
attackbots	166.62.123.55 - - [26/Jun/2020:05:56:10 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [26/Jun/2020:05:56:13 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [26/Jun/2020:05:56:14 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-26 12:51:33
attack	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-20 16:37:29
attack	166.62.123.55 - - [14/May/2020:14:20:36 +0200] "GET /wp-login.php HTTP/1.1" 200 5879 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [14/May/2020:14:20:38 +0200] "POST /wp-login.php HTTP/1.1" 200 6130 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 166.62.123.55 - - [14/May/2020:14:20:40 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-15 03:48:14
attackspam	HTTP/80/443/8080 Probe, BF, WP, Hack -	2020-04-20 07:03:29
attackbotsspam	CMS (WordPress or Joomla) login attempt.	2020-04-17 13:15:42
attack	166.62.123.55 - - \[20/Feb/2020:10:38:36 +0100\] "POST /wp-login.php HTTP/1.0" 200 6997 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 166.62.123.55 - - \[20/Feb/2020:10:38:39 +0100\] "POST /wp-login.php HTTP/1.0" 200 6864 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 166.62.123.55 - - \[20/Feb/2020:10:38:41 +0100\] "POST /wp-login.php HTTP/1.0" 200 6860 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-02-20 21:08:06
attackspambots	xmlrpc attack	2020-02-03 15:08:52
attackspambots	WordPress wp-login brute force :: 166.62.123.55 0.092 BYPASS [09/Jan/2020:22:13:24 0000] [censored_2] "POST /wp-login.php HTTP/1.1" 200 2287 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-01-10 06:27:52
attackspam	xmlrpc attack	2020-01-01 06:24:01
attackspambots	WordPress login Brute force / Web App Attack on client site.	2019-12-18 15:35:02
attackbots	Automatic report - Banned IP Access	2019-12-14 06:04:41
attackbotsspam	Automatic report - XMLRPC Attack	2019-12-13 07:21:17
attack	Wordpress Attacks (Scanning for wp-login.php) @ 2019-11-17 10:21:48	2019-11-17 18:39:25
attack	C1,WP GET /suche/wp-login.php	2019-11-12 01:46:07
attack	Wordpress bruteforce	2019-11-08 07:35:15
attack	[munged]::443 166.62.123.55 - - [17/Oct/2019:20:16:14 +0200] "POST /[munged]: HTTP/1.1" 200 9118 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-18 03:55:23
attackspam	[munged]::443 166.62.123.55 - - [28/Sep/2019:22:50:04 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 166.62.123.55 - - [28/Sep/2019:22:50:23 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 166.62.123.55 - - [28/Sep/2019:22:50:26 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 166.62.123.55 - - [28/Sep/2019:22:50:37 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 166.62.123.55 - - [28/Sep/2019:22:50:46 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 166.62.123.55 - - [28/Sep/2019:22:50:50 +0200] "POST /[munged]: HTTP/1.1" 200 9080 "-" "Mozilla/5.0 (X11; Ubun	2019-09-29 06:43:46
attackspam	166.62.123.55 - - - [20/Sep/2019:01:01:15 +0000] "GET /manager/ldskflks HTTP/1.1" 404 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" "-" "-"	2019-09-20 15:06:06

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 166.62.123.55
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41910
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;166.62.123.55.			IN	A

;; AUTHORITY SECTION:
.			590	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091902 1800 900 604800 86400

;; Query time: 78 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 20 15:06:03 CST 2019
;; MSG SIZE  rcvd: 117

Host info

55.123.62.166.in-addr.arpa domain name pointer ip-166-62-123-55.ip.secureserver.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
55.123.62.166.in-addr.arpa	name = ip-166-62-123-55.ip.secureserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
192.241.209.47	attackbots	firewall-block, port(s): 587/tcp	2020-02-21 19:29:43
176.212.96.3	attack	port scan and connect, tcp 23 (telnet)	2020-02-21 19:11:20
111.91.87.142	attack	Thu Feb 20 21:49:33 2020 - Child process 110599 handling connection Thu Feb 20 21:49:33 2020 - New connection from: 111.91.87.142:58566 Thu Feb 20 21:49:33 2020 - Sending data to client: [Login: ] Thu Feb 20 21:50:05 2020 - Child aborting Thu Feb 20 21:50:05 2020 - Reporting IP address: 111.91.87.142 - mflag: 0	2020-02-21 19:30:42
171.221.241.89	attackbots	Fail2Ban Ban Triggered	2020-02-21 19:31:28
145.14.158.76	attackbotsspam	Feb 21 05:31:56 host sshd[7592]: Invalid user zhup from 145.14.158.76 Feb 21 05:31:56 host sshd[7592]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.14.158.76 Feb 21 05:31:58 host sshd[7592]: Failed password for invalid user zhup from 145.14.158.76 port 50532 ssh2 Feb 21 05:42:13 host sshd[25558]: Invalid user HTTP from 145.14.158.76 Feb 21 05:42:13 host sshd[25558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.14.158.76 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=145.14.158.76	2020-02-21 19:23:51
190.195.131.249	attack	Feb 21 07:00:42 IngegnereFirenze sshd[30869]: Failed password for invalid user nginx from 190.195.131.249 port 43157 ssh2 ...	2020-02-21 19:11:01
159.65.35.14	attack	Feb 21 00:40:03 server sshd\[9218\]: Failed password for invalid user rstudio-server from 159.65.35.14 port 59526 ssh2 Feb 21 14:12:58 server sshd\[31318\]: Invalid user cpaneleximfilter from 159.65.35.14 Feb 21 14:12:58 server sshd\[31318\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.35.14 Feb 21 14:13:00 server sshd\[31318\]: Failed password for invalid user cpaneleximfilter from 159.65.35.14 port 57506 ssh2 Feb 21 14:15:46 server sshd\[32002\]: Invalid user utente from 159.65.35.14 Feb 21 14:15:46 server sshd\[32002\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.35.14 ...	2020-02-21 19:19:46
201.22.95.52	attackbots	Feb 21 11:09:07 MainVPS sshd[13353]: Invalid user couchdb from 201.22.95.52 port 41081 Feb 21 11:09:08 MainVPS sshd[13353]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.22.95.52 Feb 21 11:09:07 MainVPS sshd[13353]: Invalid user couchdb from 201.22.95.52 port 41081 Feb 21 11:09:10 MainVPS sshd[13353]: Failed password for invalid user couchdb from 201.22.95.52 port 41081 ssh2 Feb 21 11:12:38 MainVPS sshd[20120]: Invalid user at from 201.22.95.52 port 52411 ...	2020-02-21 19:04:43
111.229.188.72	attackspam	"SSH brute force auth login attempt."	2020-02-21 19:06:19
162.243.133.152	attackbotsspam	firewall-block, port(s): 110/tcp	2020-02-21 19:02:40
114.40.195.36	attackspam	Port probing on unauthorized port 26	2020-02-21 19:21:48
196.246.211.20	attackspam	Lines containing failures of 196.246.211.20 Feb 21 05:42:03 dns01 sshd[7839]: Invalid user admin from 196.246.211.20 port 42452 Feb 21 05:42:03 dns01 sshd[7839]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.246.211.20 Feb 21 05:42:06 dns01 sshd[7839]: Failed password for invalid user admin from 196.246.211.20 port 42452 ssh2 Feb 21 05:42:06 dns01 sshd[7839]: Connection closed by invalid user admin 196.246.211.20 port 42452 [preauth] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=196.246.211.20	2020-02-21 19:29:22
187.163.69.234	attackbots	Automatic report - Port Scan Attack	2020-02-21 19:22:13
42.117.54.204	attack	Unauthorised access (Feb 21) SRC=42.117.54.204 LEN=40 TTL=44 ID=49781 TCP DPT=23 WINDOW=7952 SYN	2020-02-21 19:31:02
104.225.159.30	attackspam	Invalid user testuser from 104.225.159.30 port 57892	2020-02-21 18:59:13

Recently Reported IPs

101.69.78.175	214.250.92.207	149.192.49.173	73.176.160.29
108.250.62.59	85.15.157.140	74.208.94.213	106.132.164.171
191.2.138.153	212.242.201.117	213.151.197.18	61.230.207.201
143.61.255.169	31.197.239.227	153.224.74.204	172.121.186.19
167.173.131.65	234.54.238.75	24.113.131.229	158.61.10.74