JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 166.249.54.96

166.249.54.96 was found in our database!

This IP was reported 46 times. Confidence of Abuse is 0%: ?

ISP	Verizon Business
Usage Type	Mobile ISP
ASN	AS6167
Domain Name	verizon.com
Country	🇺🇸 United States of America
City	Plymouth Meeting, Pennsylvania

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 166.249.54.96

Whois 166.249.54.96

IP Abuse Reports for 166.249.54.96:

This IP address has been reported a total of 46 times from 24 distinct sources. 166.249.54.96 was first reported on July 26th 2023, and the most recent report was 10 months ago.

Old Reports: The most recent abuse report for this IP address is from 10 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 Hippoline	2025-08-07 06:33:54 (10 months ago)	Aug 7 08:33:01 local wp(XXXX-A)[26229]: Authentication attempt for unknown user admin from 166.249. ... show more Aug 7 08:33:01 local wp(XXXX-A)[26229]: Authentication attempt for unknown user admin from 166.249.54.96 ... show less	Brute-Force Web App Attack
🇫🇷 Hippoline	2025-01-30 02:24:11 (1 year ago)	Jan 30 03:22:27 local wp(XXXX-A)[27578]: Authentication attempt for unknown user admin from 166.249. ... show more Jan 30 03:22:27 local wp(XXXX-A)[27578]: Authentication attempt for unknown user admin from 166.249.54.96 ... show less	Brute-Force Web App Attack
🇩🇪 CommanderRoot	2024-07-27 06:32:37 (1 year ago)	HTTP request flood	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2024-07-25 00:34:56 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 166.249.54.96 (96.sub-166-249-54.myvzw.com): 1 ... show more (mod_security) mod_security (id:240335) triggered by 166.249.54.96 (96.sub-166-249-54.myvzw.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 24 20:34:50.909397 2024] [security2:error] [pid 21384:tid 21384] [client 166.249.54.96:54557] [client 166.249.54.96] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 166.249.54.96 (+1 hits since last alert)\|www.vaghyst.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.vaghyst.com"] [uri "/xmlrpc.php"] [unique_id "ZqGdqjFXr0HxsVY5nGXhqgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 weblite	2024-07-24 23:36:27 (1 year ago)	WP_XMLRPC_ABUSE	Brute-Force Web App Attack
🇲🇹 Malta	2024-07-23 21:32:10 (1 year ago)	166.249.54.96 - - [23/Jul/2024:23:32:10 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 166.249.54.96 - - [23/Jul/2024:23:32:10 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-07-23 02:03:37 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 166.249.54.96 (96.sub-166-249-54.myvzw.com): 1 ... show more (mod_security) mod_security (id:240335) triggered by 166.249.54.96 (96.sub-166-249-54.myvzw.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 22:03:32.515816 2024] [security2:error] [pid 16149:tid 16149] [client 166.249.54.96:58398] [client 166.249.54.96] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 166.249.54.96 (+1 hits since last alert)\|www.ev-motion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.ev-motion.com"] [uri "/xmlrpc.php"] [unique_id "Zp8PdH1paeFyBWnnZg9QnAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-07-22 23:25:17 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 166.249.54.96 (96.sub-166-249-54.myvzw.com): 1 ... show more (mod_security) mod_security (id:240335) triggered by 166.249.54.96 (96.sub-166-249-54.myvzw.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 19:25:11.526622 2024] [security2:error] [pid 32683:tid 32683] [client 166.249.54.96:54718] [client 166.249.54.96] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 166.249.54.96 (+1 hits since last alert)\|www.casapapayasanmiguel.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.casapapayasanmiguel.com"] [uri "/xmlrpc.php"] [unique_id "Zp7qV3gua-lIPwFk4R9XvQAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 applemooz	2024-07-22 10:03:42 (1 year ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-07-22 05:08:23 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 166.249.54.96 (96.sub-166-249-54.myvzw.com): 1 ... show more (mod_security) mod_security (id:240335) triggered by 166.249.54.96 (96.sub-166-249-54.myvzw.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 22 01:08:17.923944 2024] [security2:error] [pid 31675:tid 31675] [client 166.249.54.96:54136] [client 166.249.54.96] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 166.249.54.96 (+1 hits since last alert)\|edgecomix.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "edgecomix.com"] [uri "/xmlrpc.php"] [unique_id "Zp3pQeOgnHdAWt7yHIJNbQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 BlueWire Hosting	2024-07-22 04:10:08 (1 year ago)	Probing Wordpress websites	Web App Attack
🇲🇹 Malta	2024-07-21 23:30:15 (1 year ago)	166.249.54.96 - - [22/Jul/2024:01:30:14 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 166.249.54.96 - - [22/Jul/2024:01:30:14 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2024-07-21 23:02:20 (1 year ago)	(mod_security) mod_security (id:240335) triggered by 166.249.54.96 (96.sub-166-249-54.myvzw.com): 1 ... show more (mod_security) mod_security (id:240335) triggered by 166.249.54.96 (96.sub-166-249-54.myvzw.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 21 19:02:15.565311 2024] [security2:error] [pid 21022:tid 21022] [client 166.249.54.96:51551] [client 166.249.54.96] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 166.249.54.96 (+1 hits since last alert)\|www.gellertdealers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.gellertdealers.com"] [uri "/xmlrpc.php"] [unique_id "Zp2Td7YjtFMtuMSkkm1EYwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 RLDD	2024-07-20 01:09:36 (1 year ago)	WP login attempts -mod	Brute-Force
🇲🇹 Malta	2024-07-19 09:39:05 (1 year ago)	166.249.54.96 - - [19/Jul/2024:11:39:05 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; ... show more 166.249.54.96 - - [19/Jul/2024:11:39:05 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.60 Safari/537.36" Brute-force password attempt show less	Hacking Brute-Force Web App Attack

Showing 1 to 15 of 46 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 223.109.252.186

🇨🇴 179.1.181.196

🇺🇸 98.97.175.47

🇩🇪 64.89.163.87

🇭🇰 45.142.154.44

🇨🇳 218.203.249.149

🇹🇼 198.235.24.31

🇺🇸 143.42.164.127

🇨🇦 142.118.109.127

🇨🇳 125.115.82.87

🇨🇳 121.199.160.207

🇨🇳 106.13.180.139

🇧🇪 104.155.30.19

🇷🇺 89.109.233.181

🇺🇸 70.164.34.238

🇺🇸 66.132.186.218

🇳🇱 45.148.10.152

🇩🇪 45.135.141.12

🇨🇳 43.248.108.224

🇬🇧 35.203.211.157