π«π·
tilellit.pro
2026-06-27 05:51:35
(1 day ago)
Fail2Ban banned 166.1.131.105 for security violations in jail wp-armour. Log: 2026/06/27 05:51:34 [e ...
show more
Fail2Ban banned 166.1.131.105 for security violations in jail wp-armour. Log: 2026/06/27 05:51:34 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 166.1.131.105 | Target: wplogin" , client: 166.1.131.105, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php"
...
show less
Web Spam
πΊπΈ
TPI-Abuse
2026-06-24 21:44:20
(4 days ago)
(mod_security) mod_security (id:225170) triggered by 166.1.131.105 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 166.1.131.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 17:44:13.782305 2026] [security2:error] [pid 29513:tid 29513] [client 166.1.131.105:53023] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||synergystudios.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "synergystudios.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ajxPrczDzr_eOhMZfo0_pQAAABw"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
π«π·
dynamix
2026-05-07 08:57:11
(1 month ago)
WordPress wp-login.php Brute Force Attack
Brute-Force
Web App Attack
π¬π§
noise.agency
2026-05-04 01:36:01
(1 month ago)
(wordpress) Failed wordpress login from 166.1.131.105 (US/United States/-)
Brute-Force
πΊπΈ
TPI-Abuse
2026-03-29 18:25:41
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 166.1.131.105 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 166.1.131.105 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 29 14:25:36.830987 2026] [security2:error] [pid 5251:tid 5251] [client 166.1.131.105:50957] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||biff0.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "biff0.com"] [uri "/wp-json/wp/v2/users"] [unique_id "acluoGW9z7YY5CcHDqQphQAAAAg"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
2k11.co.za
2026-03-28 12:33:38
(3 months ago)
166.1.131.105 - - [28/Mar/2026:08:33:26 -0400] "POST /xmlrpc.php HTTP/2.0" 200 135 "-" "Apache-HttpC ...
show more
166.1.131.105 - - [28/Mar/2026:08:33:26 -0400] "POST /xmlrpc.php HTTP/2.0" 200 135 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)"
166.1.131.105 - - [28/Mar/2026:08:33:28 -0400] "POST /xmlrpc.php HTTP/2.0" 200 207 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)"
166.1.131.105 - - [28/Mar/2026:08:33:37 -0400] "POST /xmlrpc.php HTTP/2.0" 200 135 "-" "Apache-HttpClient/4.5.13 (Java/11.0.30)"
...
show less
Brute-Force
ππΊ
bcsaba
2025-06-18 03:50:52
(1 year ago)
Joomla spam
166.1.131.105 - - [18/Jun/2025:05:50:44 +0200] "GET /index.php?option=com_easyblog&view= ...
show more
Joomla spam
166.1.131.105 - - [18/Jun/2025:05:50:44 +0200] "GET /index.php?option=com_easyblog&view=dashboard&layout=write HTTP/1.1" 404 789 "https://*REDACTED*" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 OPR/89.0.4447.51"
show less
Web App Attack
π¦πΊ
MAGIC
2025-06-08 00:02:31
(1 year ago)
VM1 Bad user agents ignoring web crawling rules. Draing bandwidth
DDoS Attack
Bad Web Bot
π¨πΏ
lp
2025-05-30 22:50:14
(1 year ago)
Unauthorized VPN login attempts: 2 attempts were recorded from 166.1.131.105
2025-05-31T00:04:13+02: ...
show more
Unauthorized VPN login attempts: 2 attempts were recorded from 166.1.131.105
2025-05-31T00:04:13+02:00 vpn Access-Reject 'eleonore' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
2025-05-31T00:17:15+02:00 vpn Access-Reject 'despisable' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
show less
Brute-Force
Web App Attack
πΈπͺ
OnTheEdge
2025-05-27 06:25:29
(1 year ago)
Password spraying. Multiple unauthorized login attempts
Hacking
Web App Attack
π¨πΏ
lp
2025-05-24 03:21:10
(1 year ago)
Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105
2025-05-24T04:12:05+02: ...
show more
Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105
2025-05-24T04:12:05+02:00 vpn Access-Reject 'supermysteries' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
show less
Brute-Force
Web App Attack
π¨πΏ
lp
2025-05-21 06:21:34
(1 year ago)
Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105
2025-05-21T07:36:19+02: ...
show more
Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105
2025-05-21T07:36:19+02:00 vpn Access-Reject 'dolly' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
show less
Brute-Force
Web App Attack
π΅π±
sefinek.net
2025-05-19 12:00:29
(1 year ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1. ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: MANAGED_CHALLENGE
Protocol: HTTP/1.1 (GET method)
Endpoint: /genshin-stella-mod
UA: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Port Scan
π¨πΏ
lp
2025-05-13 04:50:09
(1 year ago)
Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105
2025-05-13T06:28:59+02: ...
show more
Unauthorized VPN login attempts: 1 attempts were recorded from 166.1.131.105
2025-05-13T06:28:59+02:00 vpn Access-Reject 'accessory' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
show less
Brute-Force
Web App Attack
π¨πΏ
lp
2025-05-12 04:50:20
(1 year ago)
Unauthorized VPN login attempts: 2 attempts were recorded from 166.1.131.105
2025-05-12T06:42:02+02: ...
show more
Unauthorized VPN login attempts: 2 attempts were recorded from 166.1.131.105
2025-05-12T06:42:02+02:00 vpn Access-Reject 'cortez' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
2025-05-12T06:44:53+02:00 vpn Access-Reject 'prince' station: 166.1.131.105 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
show less
Brute-Force
Web App Attack