198.199.66.52 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States of America

Internet Service Provider: DigitalOcean LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	CMS (WordPress or Joomla) login attempt.	2020-08-14 15:17:40
attackspam	www.handydirektreparatur.de 198.199.66.52 [11/Aug/2020:14:14:04 +0200] "POST /wp-login.php HTTP/1.1" 200 6027 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" www.handydirektreparatur.de 198.199.66.52 [11/Aug/2020:14:14:05 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4081 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-11 20:55:08
attackbots	Aug 1 06:09:04 b-vps wordpress(gpfans.cz)[4417]: Authentication attempt for unknown user buchtic from 198.199.66.52 ...	2020-08-01 16:33:19
attackbots	Automatic report - Banned IP Access	2020-07-29 12:01:26
attackspambots	198.199.66.52 - - [18/Jun/2020:05:35:18 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 198.199.66.52 - - [18/Jun/2020:05:56:37 +0200] "POST /xmlrpc.php HTTP/1.1" 403 146 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-06-18 12:02:36
attack	Automatic report - Banned IP Access	2020-06-17 18:38:14
attackspambots	198.199.66.52 - - \[31/May/2020:10:00:51 +0200\] "POST /wp-login.php HTTP/1.0" 200 5932 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 198.199.66.52 - - \[31/May/2020:10:00:53 +0200\] "POST /wp-login.php HTTP/1.0" 200 5745 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 198.199.66.52 - - \[31/May/2020:10:00:58 +0200\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-05-31 16:42:05
attackbotsspam	198.199.66.52 - - [20/May/2020:09:49:56 +0200] "GET /wp-login.php HTTP/1.1" 200 6614 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 198.199.66.52 - - [20/May/2020:09:49:58 +0200] "POST /wp-login.php HTTP/1.1" 200 6865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 198.199.66.52 - - [20/May/2020:09:49:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-05-20 15:57:30
attackbotsspam	198.199.66.52 - - \[29/Apr/2020:05:59:21 +0200\] "POST /wp-login.php HTTP/1.0" 200 6384 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 198.199.66.52 - - \[29/Apr/2020:05:59:23 +0200\] "POST /wp-login.php HTTP/1.0" 200 6251 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 198.199.66.52 - - \[29/Apr/2020:05:59:34 +0200\] "POST /wp-login.php HTTP/1.0" 200 6247 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2020-04-29 12:26:35
attack	Automatic report - XMLRPC Attack	2020-03-08 20:31:20

Comments on same subnet:

IP	Type	Details	Datetime
198.199.66.165	attackbotsspam	Jun 17 22:08:30 ns1 sshd[18409]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.66.165 Jun 17 22:08:33 ns1 sshd[18409]: Failed password for invalid user steam from 198.199.66.165 port 35400 ssh2	2020-06-18 04:32:48
198.199.66.10	attack	(sshd) Failed SSH login from 198.199.66.10 (US/United States/-): 5 in the last 3600 secs	2020-06-17 21:51:55
198.199.66.10	attackbotsspam	Mar 4 13:40:25 ms-srv sshd[44321]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.199.66.10 Mar 4 13:40:28 ms-srv sshd[44321]: Failed password for invalid user ftpuser from 198.199.66.10 port 54872 ssh2	2020-03-10 06:57:47
198.199.66.69	attackspambots	DATE:2019-07-12_22:12:24, IP:198.199.66.69, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2019-07-13 06:05:43

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 198.199.66.52
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8135
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;198.199.66.52.			IN	A

;; AUTHORITY SECTION:
.			518	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020030800 1800 900 604800 86400

;; Query time: 99 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Mar 08 20:31:15 CST 2020
;; MSG SIZE  rcvd: 117

Host info

52.66.199.198.in-addr.arpa domain name pointer hosting.reddresssolutions.com.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
52.66.199.198.in-addr.arpa	name = hosting.reddresssolutions.com.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
118.193.35.33	attackspam	May 1 22:14:42 host sshd[42735]: Invalid user elisabetta from 118.193.35.33 port 37706 ...	2020-05-02 05:40:33
103.124.92.184	attack	May 1 23:39:31 meumeu sshd[31464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.124.92.184 May 1 23:39:33 meumeu sshd[31464]: Failed password for invalid user startup from 103.124.92.184 port 57902 ssh2 May 1 23:43:24 meumeu sshd[32036]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.124.92.184 ...	2020-05-02 05:48:30
128.199.227.246	attackbots	May 2 00:18:21 ift sshd\[56160\]: Invalid user sophie from 128.199.227.246May 2 00:18:23 ift sshd\[56160\]: Failed password for invalid user sophie from 128.199.227.246 port 50004 ssh2May 2 00:22:54 ift sshd\[56844\]: Invalid user vicky from 128.199.227.246May 2 00:22:56 ift sshd\[56844\]: Failed password for invalid user vicky from 128.199.227.246 port 55225 ssh2May 2 00:27:19 ift sshd\[57667\]: Invalid user gi from 128.199.227.246 ...	2020-05-02 05:27:26
68.183.48.172	attackspam	SSH Invalid Login	2020-05-02 05:47:56
45.55.88.16	attackspam	2020-05-02T06:29:35.611367vivaldi2.tree2.info sshd[9601]: Invalid user stephany from 45.55.88.16 2020-05-02T06:29:35.623300vivaldi2.tree2.info sshd[9601]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.55.88.16 2020-05-02T06:29:35.611367vivaldi2.tree2.info sshd[9601]: Invalid user stephany from 45.55.88.16 2020-05-02T06:29:38.213098vivaldi2.tree2.info sshd[9601]: Failed password for invalid user stephany from 45.55.88.16 port 46626 ssh2 2020-05-02T06:33:58.281839vivaldi2.tree2.info sshd[9869]: Invalid user ddy from 45.55.88.16 ...	2020-05-02 05:48:15
27.122.237.243	attackspambots	May 1 23:19:13 * sshd[21141]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.122.237.243 May 1 23:19:15 * sshd[21141]: Failed password for invalid user archive from 27.122.237.243 port 35286 ssh2	2020-05-02 05:38:54
109.252.255.162	attack	Sent Mail to address hacked/leaked/bought from crystalproductions.cz between 2011 and 2018	2020-05-02 05:42:32
148.66.134.85	attackspambots	May 1 22:05:44 srv-ubuntu-dev3 sshd[30273]: Invalid user dkc from 148.66.134.85 May 1 22:05:44 srv-ubuntu-dev3 sshd[30273]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.66.134.85 May 1 22:05:44 srv-ubuntu-dev3 sshd[30273]: Invalid user dkc from 148.66.134.85 May 1 22:05:46 srv-ubuntu-dev3 sshd[30273]: Failed password for invalid user dkc from 148.66.134.85 port 52150 ssh2 May 1 22:10:00 srv-ubuntu-dev3 sshd[31012]: Invalid user ts3server from 148.66.134.85 May 1 22:10:00 srv-ubuntu-dev3 sshd[31012]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.66.134.85 May 1 22:10:00 srv-ubuntu-dev3 sshd[31012]: Invalid user ts3server from 148.66.134.85 May 1 22:10:02 srv-ubuntu-dev3 sshd[31012]: Failed password for invalid user ts3server from 148.66.134.85 port 36192 ssh2 May 1 22:14:37 srv-ubuntu-dev3 sshd[31743]: Invalid user john from 148.66.134.85 ...	2020-05-02 05:43:54
165.22.51.14	attackspam	2020-05-01T15:15:39.015897linuxbox-skyline sshd[103192]: Invalid user test from 165.22.51.14 port 45012 ...	2020-05-02 05:52:01
211.169.234.55	attack	2020-05-01T16:57:52.9042991495-001 sshd[49284]: Failed password for invalid user rkb from 211.169.234.55 port 49500 ssh2 2020-05-01T17:00:28.9458051495-001 sshd[49392]: Invalid user brad from 211.169.234.55 port 60164 2020-05-01T17:00:28.9486561495-001 sshd[49392]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=211.169.234.55 2020-05-01T17:00:28.9458051495-001 sshd[49392]: Invalid user brad from 211.169.234.55 port 60164 2020-05-01T17:00:30.7049341495-001 sshd[49392]: Failed password for invalid user brad from 211.169.234.55 port 60164 ssh2 2020-05-01T17:03:02.5509281495-001 sshd[49557]: Invalid user lilian from 211.169.234.55 port 42596 ...	2020-05-02 05:57:22
168.197.31.14	attackspam	May 1 23:25:40 piServer sshd[23143]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.197.31.14 May 1 23:25:43 piServer sshd[23143]: Failed password for invalid user ubuntu from 168.197.31.14 port 35691 ssh2 May 1 23:26:24 piServer sshd[23235]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.197.31.14 ...	2020-05-02 05:30:24
61.181.80.253	attackbotsspam	Bruteforce detected by fail2ban	2020-05-02 05:29:53
212.237.34.156	attackbotsspam	$f2bV_matches	2020-05-02 05:37:21
49.12.113.223	attack	SpamScore above: 10.0	2020-05-02 05:41:29
71.189.47.10	attackspam	fail2ban -- 71.189.47.10 ...	2020-05-02 05:55:31

Recently Reported IPs

100.107.152.62	103.23.207.203	31.200.136.44	213.189.241.58
192.169.21.253	32.182.161.175	210.135.180.160	197.229.0.130
189.241.132.176	49.72.176.106	181.46.240.101	182.253.66.123
61.7.142.187	218.35.55.60	216.238.228.152	124.248.167.12
115.159.115.17	220.133.162.8	197.229.0.134	113.25.179.16