166.62.92.18 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: GoDaddy.com LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Sep 25 15:23:11 vpn sshd[26143]: Invalid user uftp from 166.62.92.18 Sep 25 15:23:11 vpn sshd[26143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.62.92.18 Sep 25 15:23:14 vpn sshd[26143]: Failed password for invalid user uftp from 166.62.92.18 port 53612 ssh2 Sep 25 15:25:59 vpn sshd[26147]: Invalid user weblogic from 166.62.92.18 Sep 25 15:25:59 vpn sshd[26147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.62.92.18	2019-07-19 10:17:53

Type

Details

Datetime

attackbots

Sep 25 15:23:11 vpn sshd[26143]: Invalid user uftp from 166.62.92.18
Sep 25 15:23:11 vpn sshd[26143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.62.92.18
Sep 25 15:23:14 vpn sshd[26143]: Failed password for invalid user uftp from 166.62.92.18 port 53612 ssh2
Sep 25 15:25:59 vpn sshd[26147]: Invalid user weblogic from 166.62.92.18
Sep 25 15:25:59 vpn sshd[26147]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=166.62.92.18

2019-07-19 10:17:53

Comments on same subnet:

IP	Type	Details	Datetime
166.62.92.37	attackspam	21 attempts against mh-misbehave-ban on star	2020-05-28 12:52:20
166.62.92.37	attack	Portscan or hack attempt detected by psad/fwsnort	2019-12-05 19:04:48
166.62.92.48	attackbots	Wordpress brute-force	2019-10-17 20:36:35
166.62.92.37	attack	ThinkPHP, Drupal Remote Code Execution attempt	2019-09-05 21:30:10
166.62.92.37	attack	ECShop Remote Code Execution Vulnerability, PTR: ip-166-62-92-37.ip.secureserver.net.	2019-08-23 04:20:06
166.62.92.48	attack	C1,WP GET /wp-login.php	2019-08-22 22:21:59
166.62.92.48	attack	Wordpress Admin Login attack	2019-08-17 07:45:17
166.62.92.37	attackspambots	10 attempts against mh-pma-try-ban on pine.magehost.pro	2019-08-06 23:24:38

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 166.62.92.18
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17288
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;166.62.92.18.			IN	A

;; AUTHORITY SECTION:
.			2095	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071801 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Fri Jul 19 10:17:46 CST 2019
;; MSG SIZE  rcvd: 116

Host info

18.92.62.166.in-addr.arpa domain name pointer ip-166-62-92-18.ip.secureserver.net.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
18.92.62.166.in-addr.arpa	name = ip-166-62-92-18.ip.secureserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
185.234.216.220	attack	lfd: (smtpauth) Failed SMTP AUTH login from 185.234.216.220 (-): 5 in the last 3600 secs - Wed Jul 25 17:51:58 2018	2020-02-24 22:48:05
213.57.123.18	attack	[2020-02-24 08:22:55] NOTICE[1148] chan_sip.c: Registration from '"2222"' failed for '213.57.123.18:8232' - Wrong password [2020-02-24 08:22:55] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-02-24T08:22:55.171-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="2222",SessionID="0x7fd82c4c0778",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/213.57.123.18/8232",Challenge="254ee7f1",ReceivedChallenge="254ee7f1",ReceivedHash="bdad31e2bdaa4fc7f73fc32653d0a8a3" [2020-02-24 08:28:55] NOTICE[1148] chan_sip.c: Registration from '"9002"' failed for '213.57.123.18:5973' - Wrong password [2020-02-24 08:28:55] SECURITY[1163] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-02-24T08:28:55.855-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="9002",SessionID="0x7fd82c9bc688",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/213. ...	2020-02-24 22:53:18
107.189.10.174	attack	Too many connections or unauthorized access detected from Arctic banned ip	2020-02-24 22:20:54
49.86.96.87	attack	Brute force blocker - service: proftpd1, proftpd2 - aantal: 56 - Mon Jul 23 22:55:17 2018	2020-02-24 23:00:31
82.146.54.79	attack	lfd: (smtpauth) Failed SMTP AUTH login from 82.146.54.79 (RU/Russia/web4.ru): 5 in the last 3600 secs - Sun Jul 29 19:10:02 2018	2020-02-24 22:17:15
1.58.71.34	attack	Brute force blocker - service: proftpd1 - aantal: 128 - Thu Jul 26 18:05:15 2018	2020-02-24 22:36:58
112.115.240.192	attack	Brute force blocker - service: proftpd1 - aantal: 99 - Thu Jul 26 02:35:15 2018	2020-02-24 22:43:43
222.186.30.248	attack	Feb 24 15:48:26 MK-Soft-VM8 sshd[21918]: Failed password for root from 222.186.30.248 port 41219 ssh2 Feb 24 15:48:29 MK-Soft-VM8 sshd[21918]: Failed password for root from 222.186.30.248 port 41219 ssh2 ...	2020-02-24 22:51:30
149.56.254.116	attack	lfd: (smtpauth) Failed SMTP AUTH login from 149.56.254.116 (ip116.ip-149-56-254.net): 5 in the last 3600 secs - Sat Jul 28 21:15:06 2018	2020-02-24 22:24:10
61.187.144.88	attackbots	Brute force blocker - service: proftpd1 - aantal: 155 - Wed Jul 25 13:25:15 2018	2020-02-24 22:46:15
159.89.81.20	attack	DigitalOcean BotNet attack - 10s of requests to non-existent pages - :443/app-ads.txt - typically bursts of 8 requests per second - undefined, XSS attacks node-superagent/4.1.0	2020-02-24 22:34:56
49.89.255.12	attack	Brute force blocker - service: proftpd1, proftpd2 - aantal: 155 - Mon Jul 23 13:45:16 2018	2020-02-24 23:00:09
218.92.0.202	attackbotsspam	Feb 24 15:29:14 MK-Soft-Root1 sshd[22871]: Failed password for root from 218.92.0.202 port 38444 ssh2 Feb 24 15:29:17 MK-Soft-Root1 sshd[22871]: Failed password for root from 218.92.0.202 port 38444 ssh2 ...	2020-02-24 22:59:15
117.70.233.26	attackbots	Brute force blocker - service: proftpd1 - aantal: 76 - Sat Jul 28 05:20:14 2018	2020-02-24 22:29:21
13.64.149.219	attack	lfd: (smtpauth) Failed SMTP AUTH login from 13.64.149.219 (-): 5 in the last 3600 secs - Wed Jul 25 03:05:14 2018	2020-02-24 22:56:13

Recently Reported IPs

80.67.53.93	177.105.66.146	78.186.159.63	177.84.197.234
165.227.79.73	165.227.79.177	125.230.241.155	165.255.158.7
209.54.235.43	171.221.200.49	247.215.149.215	95.233.13.87
226.53.173.224	195.254.249.50	238.163.23.40	203.54.5.251
57.200.215.66	173.246.110.147	191.183.91.224	250.9.225.6