JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 192.42.116.66

192.42.116.66 was found in our database!

This IP was reported 300 times. Confidence of Abuse is 100%: ?

100%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	TOR EXIT AND MORE
Usage Type	Commercial
ASN	AS215125
Domain Name	cyberology.nl
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 192.42.116.66

Whois 192.42.116.66

IP Abuse Reports for 192.42.116.66:

This IP address has been reported a total of 300 times from 154 distinct sources. 192.42.116.66 was first reported on April 18th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 big-cloud.nl	2026-06-11 22:34:50 (1 hour ago)	Try to access /xmlrpc.php	Web App Attack
🇫🇷 SpaceHost-Server	2026-06-11 22:29:13 (1 hour ago)		Brute-Force Web App Attack
🇩🇪 licen777	2026-06-11 20:27:19 (3 hours ago)	Cowrie Honeypot: 5 unauthorised SSH/Telnet login attempts between 2026-06-11T20:27:18Z and 2026-06-1 ... show more Cowrie Honeypot: 5 unauthorised SSH/Telnet login attempts between 2026-06-11T20:27:18Z and 2026-06-11T20:27:19Z show less	Brute-Force SSH
🇮🇹 Inartis	2026-06-11 10:59:27 (13 hours ago)	192.42.116.66 - - [11/Jun/2026:12:59:26 +0200] "GET /xmlrpc.php HTTP/2.0" 403 282 "https://blog.aban ... show more 192.42.116.66 - - [11/Jun/2026:12:59:26 +0200] "GET /xmlrpc.php HTTP/2.0" 403 282 "https://blog.abano.it/xmlrpc.php" "com.tinyspeck.chatlyio/20.04.20 (iPhone; iOS 12.4; Scale/3.00)" ... show less	Brute-Force Bad Web Bot Web App Attack
🇷🇴 INTEQ	2026-06-11 08:14:40 (15 hours ago)	Web attack from 192.42.116.66	Web App Attack
🇺🇸 nodepile	2026-06-11 07:19:25 (16 hours ago)	Requests denied due to proxy/VPN risk (tenant=82 method=GET path=/headlights-projectors/mini-headlig ... show more Requests denied due to proxy/VPN risk (tenant=82 method=GET path=/headlights-projectors/mini-headlights.html ua='Mozilla/5.0 (iPhone; CPU iPhone OS 18_3 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Mobile/15E148 Safari/604.1') show less	Open Proxy VPN IP
🇨🇿 ddw	2026-06-11 06:57:37 (17 hours ago)	WordPress XMLRPC.PHP Access Attempt.	Hacking Web App Attack
🇯🇵 SentinalX by uzumaru	2026-06-11 06:43:56 (17 hours ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: d3azdm1q0gvo54.cloudfront.net:80 show less	Open Proxy Port Scan
🇸🇮 administrator	2026-06-10 22:21:09 (1 day ago)	2026-06-09 00:07:53,981 fail2ban.actions [1104]: NOTICE [error-bots] Ban 192.42.116.66 2026- ... show more 2026-06-09 00:07:53,981 fail2ban.actions [1104]: NOTICE [error-bots] Ban 192.42.116.66 2026-06-10 00:13:04,527 fail2ban.actions [1080]: NOTICE [apache-botsearch] Ban 192.42.116.66 2026-06-09 00:07:53,981 fail2ban.actions [1104]: NOTICE [error-bots] Ban 192.42.116.66 2026-06-10 00:13:04,527 fail2ban.actions [1080]: NOTICE [apache-botsearch] Ban 192.42.116.66 ... show less	Bad Web Bot Web Spam Email Spam Blog Spam Port Scan Brute-Force Web App Attack
🇺🇸 psh-ack	2026-06-10 21:36:24 (1 day ago)	Failed login attempt root/root via OpenSSH 9.9. Session gained access, executed recon: uname, getpro ... show more Failed login attempt root/root via OpenSSH 9.9. Session gained access, executed recon: uname, getprop, echo for system enumeration. Dropped executable 'apcid' to /var/tmp/apcid, /bin/apcid, /sbin/apcid, /usr/bin/apcid via cat redirection, chmod +x, exec /var/tmp/apcid. Ran killall -9 .f targeting process termination. LC_ALL=C prefix on all cmds to bypass locale. Attack pattern: weak default creds, OS enum, multi-path malware placement for persistence, process cleanup. No secondary payloads/lateral movement observed. Apcid botnet variant targeting IoT/embedded devices. Brute-force on weak creds. show less	Brute-Force SSH
🇯🇵 Short-legs-Spider	2026-06-10 20:28:00 (1 day ago)	Received: from 124.83.237.89 (HELO 124.83.237.248) (EHLO mtagw2011.mail.snz.ynwp.yahoo.co.jp) (192 ... show more Received: from 124.83.237.89 (HELO 124.83.237.248) (EHLO mtagw2011.mail.snz.ynwp.yahoo.co.jp) (192.42.116.66) by mta2106.mail.snz.ynwp.yahoo.co.jp with SMTP; Thu, 11 Jun 2026 05:28:37 +0900 Received: from by 167.172.27.39; Wed, 10 Jun 2026 18:20:32 -0200 From: "=?ISO-2022-JP?B?GyRCJG0kLyQ3GyhC?=" <[email protected]> Reply-To: "=?ISO-2022-JP?B?GyRCJGYkKxsoQg==?=" <[email protected]> To: [email protected] Subject: =?ISO-2022-JP?B?GyRCR0hKPyRHJDkbKEIuLi4bJEIkTyRGISkkSiRzJDgkYyRDJD8kKyROISkbKEI=?= Date: Wed, 10 Jun 2026 16:22:32 -0400 X-Mailer: MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--648345729758739241" show less	Email Spam
Anonymous	2026-06-10 20:17:12 (1 day ago)	192.42.116.66 - - [11/Jun/2026:04:17:12 +0800] "GET /xmlrpc.php HTTP/1.1" 405 42 "https://www.outfie ... show more 192.42.116.66 - - [11/Jun/2026:04:17:12 +0800] "GET /xmlrpc.php HTTP/1.1" 405 42 "https://www.outfieldasia.com/xmlrpc.php" "Mozilla/5.0 (Linux; arm_64; Android 7.0; MEIZU M6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 YaBrowser/20.3.4.98.00 SA/1 Mobile Safari/537.36" ... show less	Bad Web Bot Web App Attack
🇩🇪 sverson	2026-06-10 17:18:23 (1 day ago)	Automated report / Mutliple unauthorized attempts to access web resources	Hacking Web App Attack
🇲🇽 Centynova Corp.	2026-06-10 12:00:52 (1 day ago)	Blocked by threat detection service. Centynova Security	Port Scan Email Spam Brute-Force SSH
🇮🇩 securejdprop	2026-06-10 11:03:40 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor E ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Exit Node Traffic group 58). Ip 192.42.116.66 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-10 11:03:38.994729025 +0000 UTC show less	Hacking Web App Attack

Showing 1 to 15 of 300 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.63

🇬🇧 188.166.156.169

🇵🇰 103.57.224.219

🇨🇳 14.103.107.209

🇬🇧 217.154.45.93

🇩🇪 213.209.159.56

🇺🇸 195.184.76.165

🇬🇧 188.166.151.52

🇺🇸 172.253.210.28

🇺🇸 162.217.165.18

🇲🇽 148.216.108.54

🇺🇸 148.153.188.254

🇨🇳 120.48.28.60

🇺🇸 109.105.210.97

🇨🇳 101.206.107.245

🇳🇱 89.190.156.9

🇷🇴 80.94.92.171

🇳🇱 188.166.15.41

🇳🇱 188.166.14.8

🇫🇷 185.194.216.197