sefinek.net
2024-11-12 21:05:53
(2 weeks ago)
Blocked by UFW (TCP on port 80).
Source port: 16320
TTL: 108
Packet length: 52<br ... show more Blocked by UFW (TCP on port 80).
Source port: 16320
TTL: 108
Packet length: 52
TOS: 0x08
This report (for 66.115.181.151) was generated by:
https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less
Port Scan
Web App Attack
Holger
2024-11-12 19:52:02
(2 weeks ago)
URL probing: GET //xmlrpc.php?rsd
Web App Attack
Anonymous
2024-11-12 19:22:53
(2 weeks ago)
//wp-includes/wlwmanifest.xml
Web App Attack
cmbplf
2024-11-12 18:36:37
(2 weeks ago)
1.036 POST requests to */wp-login.php
Brute-Force
Bad Web Bot
TPI-Abuse
2024-11-12 17:36:00
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 66.115.181.151 (flmenus.com): 1 in the last 300 ... show more (mod_security) mod_security (id:225170) triggered by 66.115.181.151 (flmenus.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 12:35:56.056897 2024] [security2:error] [pid 25937:tid 25937] [client 66.115.181.151:16256] [client 66.115.181.151] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.brazilianbottom.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.brazilianbottom.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZzOR_MkW2esa5mWhj5j5IAAAABc"] show less
Brute-Force
Bad Web Bot
Web App Attack
Mario Silber
2024-11-12 16:51:19
(2 weeks ago)
(wordpress) Failed wordpress login from 66.115.181.151 (US/United States/flmenus.com)
Brute-Force
simpeg-adm.bandung.go.id
2024-11-12 16:31:46
(2 weeks ago)
66.115.181.151 - - [12/Nov/2024:16:31:40 +0000] "GET /leafmailer2.8.php HTTP/1.1" 404 194 "-" "Mozil ... show more 66.115.181.151 - - [12/Nov/2024:16:31:40 +0000] "GET /leafmailer2.8.php HTTP/1.1" 404 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36"
66.115.181.151 - - [12/Nov/2024:16:31:46 +0000] "GET /leaf.php HTTP/1.1" 404 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36"
66.115.181.151 - - [12/Nov/2024:16:31:46 +0000] "GET /leaf.php HTTP/1.1" 404 194 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36"
... show less
Web Spam
Brute-Force
Web App Attack
Savvii
2024-11-12 16:28:01
(2 weeks ago)
15 attempts against mh-modsecurity-ban on hostbilldev
Brute-Force
Web App Attack
Apache
2024-11-12 15:27:38
(2 weeks ago)
(mod_security) mod_security (id:210410) triggered by 66.115.181.151 (US/United States/flmenus.com): ... show more (mod_security) mod_security (id:210410) triggered by 66.115.181.151 (US/United States/flmenus.com): 5 in the last 300 secs show less
Brute-Force
Web App Attack
weils.net
2024-11-12 14:41:02
(2 weeks ago)
2024-11-12 22:41:02(GMT+8) - /wp-admin/leaf.php
Bad Web Bot
Pornomens
2024-11-12 13:46:39
(2 weeks ago)
66.115.181.151 - - [12/Nov/2024:14:46:37 +0100] "GET / HTTP/1.1" 403 473 "-" "Mozilla/5.0 (Windows N ... show more 66.115.181.151 - - [12/Nov/2024:14:46:37 +0100] "GET / HTTP/1.1" 403 473 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
66.115.181.151 - - [12/Nov/2024:14:46:38 +0100] "GET / HTTP/1.1" 403 472 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
66.115.181.151 - - [12/Nov/2024:14:46:38 +0100] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 403 472 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
... show less
Web App Attack
ⓔⓜⓙⓔⓔ
2024-11-12 12:41:12
(2 weeks ago)
WEB 🕸 Honeypot: scanning-probing //wp-includes/wlwmanifest.xml
Bad Web Bot
Web App Attack
someone
2024-11-12 11:52:56
(2 weeks ago)
*:443 66.115.181.151 - - [12/Nov/2024:12:52:55 +0100] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 4 ... show more *:443 66.115.181.151 - - [12/Nov/2024:12:52:55 +0100] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 12577 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" show less
Web App Attack
TPI-Abuse
2024-11-12 11:22:54
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 66.115.181.151 (flmenus.com): 1 in the last 300 ... show more (mod_security) mod_security (id:225170) triggered by 66.115.181.151 (flmenus.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 06:22:51.180888 2024] [security2:error] [pid 28690:tid 28690] [client 66.115.181.151:16216] [client 66.115.181.151] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||cosplayculture.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cosplayculture.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZzM6i42BckzBFC5uD_cYBwAAAAY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-11-12 11:01:25
(2 weeks ago)
(mod_security) mod_security (id:225170) triggered by 66.115.181.151 (flmenus.com): 1 in the last 300 ... show more (mod_security) mod_security (id:225170) triggered by 66.115.181.151 (flmenus.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 12 06:01:19.020564 2024] [security2:error] [pid 9389:tid 9389] [client 66.115.181.151:16304] [client 66.115.181.151] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.edmundtadros.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.edmundtadros.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZzM1fwMZj5eMXItj5RMsNQAAAAM"] show less
Brute-Force
Bad Web Bot
Web App Attack