RewriteEngine On RewriteCond %{HTTP_USER_AGENT} 2345Explorer [NC,OR] RewriteCond %{HTTP_USER_AGENT} 360Spider [NC,OR] RewriteCond %{HTTP_USER_AGENT} 5C98BA [NC,OR] RewriteCond %{HTTP_USER_AGENT} aiHitBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} aiohttp [NC,OR] RewriteCond %{HTTP_USER_AGENT} ALittle [NC,OR] RewriteCond %{HTTP_USER_AGENT} babbar-tech [NC,OR] RewriteCond %{HTTP_USER_AGENT} Barkrowler [NC,OR] RewriteCond %{HTTP_USER_AGENT} BLEXBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} Bytespider [NC,OR] RewriteCond %{HTTP_USER_AGENT} CATExplorador [NC,OR] RewriteCond %{HTTP_USER_AGENT} CensysInspect [NC,OR] RewriteCond %{HTTP_USER_AGENT} CheckMarkNetwork [NC,OR] RewriteCond %{HTTP_USER_AGENT} curl [NC,OR] RewriteCond %{HTTP_USER_AGENT} DataForSeoBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} Daum [NC,OR] RewriteCond %{HTTP_USER_AGENT} DotBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} edg/90 [NC,OR] RewriteCond %{HTTP_USER_AGENT} edge.crawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} evc-batch [NC,OR] RewriteCond %{HTTP_USER_AGENT} Expanse [NC,OR] RewriteCond %{HTTP_USER_AGENT} facebookexternalhit [NC,OR] RewriteCond %{HTTP_USER_AGENT} finbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} GRequests [NC,OR] RewriteCond %{HTTP_USER_AGENT} Go-http-client [NC,OR] RewriteCond %{HTTP_USER_AGENT} GoogleImageProxy [NC,OR] RewriteCond %{HTTP_USER_AGENT} HeadlessChrome [NC,OR] RewriteCond %{HTTP_USER_AGENT} HeyTapBrowser [NC,OR] RewriteCond %{HTTP_USER_AGENT} hrankbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} HUAWEILIO [NC,OR] RewriteCond %{HTTP_USER_AGENT} HubSpot [NC,OR] RewriteCond %{HTTP_USER_AGENT} Iceweasel [NC,OR] RewriteCond %{HTTP_USER_AGENT} ips-agent [NC,OR] RewriteCond %{HTTP_USER_AGENT} KomodiaBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ltx71 [NC,OR] RewriteCond %{HTTP_USER_AGENT} KTXN [NC,OR] RewriteCond %{HTTP_USER_AGENT} MaCoCu [NC,OR] RewriteCond %{HTTP_USER_AGENT} Maxthon [NC,OR] RewriteCond %{HTTP_USER_AGENT} MegaIndex [NC,OR] RewriteCond %{HTTP_USER_AGENT} MixrankBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} MJ12bot [NC,OR] RewriteCond %{HTTP_USER_AGENT} Mozlila [NC,OR] RewriteCond %{HTTP_USER_AGENT} netEstate [NC,OR] RewriteCond %{HTTP_USER_AGENT} NetcraftSurveyAgent [NC,OR] RewriteCond %{HTTP_USER_AGENT} NetSystemsResearch [NC,OR] RewriteCond %{HTTP_USER_AGENT} Nicecrawler [NC,OR] RewriteCond %{HTTP_USER_AGENT} node-fetch [NC,OR] RewriteCond %{HTTP_USER_AGENT} oBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} package [NC,OR] RewriteCond %{HTTP_USER_AGENT} panscient [NC,OR] RewriteCond %{HTTP_USER_AGENT} PetalBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} QQBrowser [NC,OR] RewriteCond %{HTTP_USER_AGENT} Photon [NC,OR] RewriteCond %{HTTP_USER_AGENT} Recon [NC,OR] RewriteCond %{HTTP_USER_AGENT} ScamadviserExternalHit [NC,OR] RewriteCond %{HTTP_USER_AGENT} SemrushBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} SEOkicks [NC,OR] RewriteCond %{HTTP_USER_AGENT} serpstatbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} SeznamBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} SiteLockSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} SM-G892A [NC,OR] RewriteCond %{HTTP_USER_AGENT} sogou [NC,OR] RewriteCond %{HTTP_USER_AGENT} T312461 [NC,OR] RewriteCond %{HTTP_USER_AGENT} ThinkBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} ThinkChaos [NC,OR] RewriteCond %{HTTP_USER_AGENT} Trident [NC,OR] RewriteCond %{HTTP_USER_AGENT} Twingly [NC,OR] RewriteCond %{HTTP_USER_AGENT} UBrowser [NC,OR] RewriteCond %{HTTP_USER_AGENT} UCWEB [NC,OR] RewriteCond %{HTTP_USER_AGENT} virustotal [NC,OR] RewriteCond %{HTTP_USER_AGENT} vuhuvBot [NC,OR] RewriteCond %{HTTP_USER_AGENT} VT [NC,OR] RewriteCond %{HTTP_USER_AGENT} webprosbot [NC,OR] RewriteCond %{HTTP_USER_AGENT} YisouSpider [NC,OR] RewriteCond %{HTTP_USER_AGENT} Zgrab [NC,OR] RewriteCond %{HTTP_USER_AGENT} ZoomInfoBot [NC] RewriteRule .* - [F,L] RewriteCond %{SERVER_NAME} ^(www\.)?amazonaws.com\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?adiaboreha.com\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?boardreader.com\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?colocrossing.com\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?contaboserver.net\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?m247.com\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?ipvanish.com\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?onyphe.net\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?secureserver.net\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?serverhs.org\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?sogou.com\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?your-server.de\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?sitelock.com\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?twingly.com\.$ [OR] RewriteCond %{SERVER_NAME} ^(www\.)?thiefdomain3\.example$ RewriteRule ^ - [F,L] RewriteCond %{HTTP_REFERER} anonymousfox\.co [NC,OR] RewriteCond %{HTTP_REFERER} binance\.com [NC,OR] RewriteCond %{HTTP_REFERER} google\.com\.hk [NC,OR] RewriteCond %{HTTP_REFERER} google\.com\.ua [NC,OR] RewriteCond %{HTTP_REFERER} googleusercontent\.com [NC,OR] RewriteCond %{HTTP_REFERER} semalt\.com [NC,OR] RewriteCond %{HTTP_REFERER} niagarapack\.com RewriteRule .* - [F,L] RewriteCond %{REQUEST_URI} ^(.*)//(.*)$ RewriteRule .* - [F,L] #RewriteCond %{HTTP_USER_AGENT} ^.Sogou web spider.*$ #RewriteRule ^(.*)$ https://bork.fastbk.com [R=301] RewriteCond %{HTTPS} !on RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] ErrorDocument 404 /404.html # # Order Deny,Allow # Deny from all # Allow from 71.94.224.185 # # To set your custom php.ini, add the following line to this file: # #SuPHP_ConfigPath /home/yourusername/path/to/php.ini # php_value mbstring.func_overload 4 # Required for PWSB support. Please do not uncomment this line. Require all granted Require not host 34.77.162 34.86.35 34.96.130 92.118.160 Require not host 163data adiaboreha amazonaws arcomputing azdigi babbar biriga bjtelecom businesslearningnetwork Require not host boardreader cdn77 client.your clientshostname cloudwaysapps colocrossing considerthis contabo Require not host ctinets darknet dataproviderbot datapacket digitalocean Require not host dnspure domaintools example fetcher googleusercontent greenhousedata hn.kd.ny.adsl hviv hostgator idealhosting internet-census itldc Require not host lankaemarketing41 m247 mbelichenko netsystems nipa.cloud onyphe probe quadranet quintex safeperky selectureship semanticsystems seokicks seostar serverhs Require not host seznam sitelock sogou spheral unknown twingly viettel vultr Require not host web-hosting webhosting webhostbox webmeup websitewelcome writingvideo Require not host your-server ztomy netcraft fbsv.net semrush okitup.net aachen twingly boardwalkhat ohris network-crm planetlab #censys Require not ip 192.35.168.0/23 162.142.125.0/24 74.120.14.0/24 167.248.133.0/24 #apnic australia 1.2.3.0 - 1.2.3.255 ip-175-158-49-231.cbn.net.id Require not ip 1.2.3 #1.2.202.135 tot Thailand 1.2.202.35.bc.googleusercontent.com Require not ip 1.2.202 #1.15.175.155 tencent cloud 1.12.0.0 - 1.15.255.255 Require not ip 1.14 1.15 #1.46.23.211 Thailand ISP 1.46.0.0 - 1.46.255.255 - 1.46.23.211 - - [26/Jul/2021:08:49:15 -0700] "GET /?utm=semalt.com HTTP/1.1" 301 243 "https://semalt.com-----google.com/?q=semalt" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" Require not ip 1.46 #1.52.126.150 fpt broadband hanoi Require not ip 1.52.126 #1.54.201.240 fixed line vietnam 1.54.192.0 - 1.54.207.255 Require not ip 1.54.201 #1.179.246.8 tot thailand ***1.179.128.0 - 1.179.255.255*** Require not ip 1.179.246 #china telecom 1.192.0.0 - 1.199.255.255 Require not ip 1.180 1.181 1.183 1.202 1.192 1.195 #2.56.59.106 legaconetworks netherlands ***2.56.58.0 - 2.56.59.255*** Require not ip 2.56.58 2.56.59 #2.57.171.26 vpn brazil 2.57.171.0 - 2.57.171.255 Require not ip 2.57.171 #2.57.122.24 pptechnology netherlands ***2.57.122.0 - 2.57.122.255*** Require not ip 2.57.122 #2.139.154.148 b2evo1 attack referred by webcache.googleusercontent.com telfonica spain 2.138.0.0 - 2.139.255.255 148.red-2-139-154.dynamicip.rima-tde.net Require not ip 2.139 #amazonaws singapore - 3.0.100.252 - - [12/Jul/2021:05:31:59 -0700] "GET /autodiscover/autodiscover.xml/sito/wp-includes/wlwmanifest.xml HTTP/1.1" 400 52 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" #a lot of other amazon, range 3.0.0.0 - 3.127.255.255 3.86.93.206 env 3.84.102.235 autodiscover wp attack 3.90.29.166 POST/.env 3.17.178.12 Require not ip 3.0.0.0/9 #3.136.2.34 amazonaws - range 3.128.0.0 - 3.255.255.255 Require not ip 3.128.0.0/9 #send.fcpi.net amazonaws 3.133.163.136 -- why not blocked by above? 3.128.0.0 - 3.255.255.255 Require not ip 3.128 3.129 3.130 3.131 3.132 3.133 3.134 3.135 3.136 3.137 3.138 3.139 3.140 3.143 #abuseipdb - 3.134.116.214 amazonaws colombus oh - ec2-3-134-116-214.us-east-2.compute.amazonaws.com - - [19/Jul/2021:11:25:43 -0700] "GET /403.html/website/wp-includes/wlwmanifest.xml HTTP/1.1" 403 1443 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" # Require not ip 3.134.116 #3.137.179.11 amazonaws columbus OH # Require not ip 3.137.179 #amazonaws columbus OH - 3.139.100.170 - - [13/Jul/2021:02:59:53 -0700] "POST /wp-includes/css/wp-config.php HTTP/1.1" 401 228 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" # Require not ip 3.139.100 #3.216.90.166 amazonaws ashburn va - ec2-3-216-90-166.compute-1.amazonaws.com - - [21/Jul/2021:17:06:59 -0700] "GET /.git/config HTTP/1.1" 403 1269 "-" "python-requests/2.18.4" Require not ip 3.216.90 #3.250.197.142 amazonaws ***3.128.0.0 - 3.255.255.255*** 3.239.4.115 git attack Require not ip 3.128.0.0/9 #3.250 #5.8.10.202 petersburg internet russia ***5.8.8.0 - 5.8.11.255*** Require not ip 5.8.10 #5.9.70.117 hetzner ***5.9.70.96 - 5.9.70.127*** #5.9.71.213 hertner search engine spider germany ***5.9.71.192 - 5.9.71.223*** static.213.71.9.5.clients.your-server.de MJ12bot #5.9.98.234 hetzner ***5.9.98.224 - 5.9.98.255*** #5.9.140.242 wp hetzner ***5.9.140.224 - 5.9.140.255*** #5.9.110.227 hetzner ***5.9.110.224 - 5.9.110.255*** #5.9.145.132 hetzner ***5.9.145.128 - 5.9.145.159*** #5.9.156.30 Hetzner ***5.9.156.0 - 5.9.156.31*** Require not ip 5.9.70.117 5.9.71.213 5.9.98.234 5.9.110.227 5.9.140.242 5.9.145.132 5.9.156.30 #5.34.178.190 itl lake charles louisiana green floyd orlando fl ***5.34.178.0 - 5.34.179.255*** Require not ip 5.34.178 5.34.179 #5.45.75.92 3nt netherlands ***5.45.72.0 - 5.45.75.255*** Require not ip 5.45.75 #5.62.43.240 uk avast 5.62.43.240 - 5.62.43.247 Require not ip 5.62.43.240 #5.77.61.60 mj12bot 5.77.32.0 - 5.77.63.255 Require not ip 5.77.61 #5.101.157.43 beget russia ***5.101.157.0 - 5.101.157.255*** Require not ip 5.101.157 #DON'T BAN 5.102.173.71 is mojeek, a new search engine that interests me #bork myloc germany ***5.104.104.0 - 5.104.111.255*** Require not ip 5.104.105 #5.133.213.103 internetvikings 5.133.192.0 - 5.133.223.255 lox13.sixharptail.com Require not ip 5.133.213 5.133.214 #5.180.50.145 digital energy london ***5.180.50.0 - 5.180.51.255*** Require not ip 5.180.50 5.180.51 #5.180.81.181 vpnhost germany ***5.180.80.0 - 5.180.81.255 5.180.35.100 Require not ip 5.180.80 5.180.81 #tokyo m247 5.181.235.71 - - [22/Jul/2021:04:45:06 -0700] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 301 247 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" #5.181.235.78 autodiscover troll Require not ip 5.181.235 #5.183.209.217 search_replace hack amarutu hong kong ***5.183.209.0 - 5.183.209.255*** Require not ip 5.183.209 #5.188.62.214 abuseipdb pinspb data center russia # Require not ip 5.188.62 #historically, lots of hacks from 5.188, from .9 through .211 Require not ip 5.188 #abuseip confirmed - st. petersburg russia Require not ip 5.189.239.157 #abuseipdb ovh france ip99.ip-5-196-220.eu - - [24/Jul/2021:06:52:04 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 5.196.220.96 - 5.196.220.111 Require not ip 5.196.0.0/16 #5.199.130.188 tor canada webtropia dusseldorf ***5.199.130.0 - 5.199.130.255*** Require not ip 5.199.130 #5.227.5.125 nnov.ru fixed line russia 5.227.0.0 - 5.227.123.255 Require not ip 5.227.5 #5.253.204.152 M247 luxemborg ***5.253.204.0 - 5.253.204.255*** Require not ip 5.253.204 #5.255.253.154 yandex # Require not ip 5.255.253.154 #5-255-174-141-kh.maxnet.ua - - [08/Jul/2021:05:41:58 -0700] "GET /xmlrpc.php HTTP/1.1" 301 242 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.141 Safari/537.36" Require not ip 5.255.174.141 #yandex but ... 5.255.231.72 - - [17/Jul/2021:09:06:10 -0700] "GET /.well-known/acme-challenge/?C=N;O=A HTTP/1.1" 401 228 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)" #5.255.231.181 Require not ip 5.255.231 #yandex but ... 5.255.253.129 - - [17/Jul/2021:12:05:53 -0700] "GET / HTTP/1.1" 401 228 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)" Require not ip 5.255.253 #8.21.11.106 cloudflare hong kong 8.0.0.0 - 8.127.255.255 Require not ip 8.0.0.0/9 8.21 #8.134.55.56 alicloud ***8.128.0.0 - 8.159.255.255*** 8.131.70.186 #8.142.31.111 abuseipdb Aliyun (alibaba) hosting China - 8.128.0.0 - 8.159.255.255 8.142.31.111 - - [25/Jul/2021:02:36:04 -0700] "GET /css/album.css HTTP/1.1" 301 245 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:48.0) Gecko/20100101 Firefox/48.0" Require not ip 8.142.31.0/24 8.131 8.141 8.142 #bork - abuseipdb - China Aliyun hosting - 8.162.77.34.bc.googleusercontent.com - - [16/Jul/2021:11:54:00 -0700] "GET / HTTP/1.1" 404 - "-" "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com" Require not ip 8.162.77 #8.210.118.34 alibaba 8.208.0.0 - 8.223.255.255 Require not ip 8.210 #12.125.158.14 at&t 12.0.0.0 - 12.255.255.255 #Require not ip 12.125.158.14 #13.58.168.69 amazonaws (was masquerading as googlebot 13.24.0.0 - 13.59.255.255 send.fcpi.net 13.51.64.166 Require not ip 13.24.0.0/13 13.32.0.0/12 13.56.0.0/14 13.48.0.0/13 13.58 #13.70.31.254 autodiscover microsoft ***13.64.0.0 - 13.107.255.255*** # Require not ip 13.104.0.0/14 13.96.0.0/13 13.64.0.0/11 #13.64.192.210 microsoft data center San Francisco #bork - 13.66.4.173 - - [09/Jul/2021:14:23:39 -0700] "GET / HTTP/1.1" 200 6137 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" #13.66.167.185 major wp attack microsoft ***13.64.0.0 - 13.107.255.255*** 13.89.24.32 13.74.146.7 13.66.37.42 13.78.230.92 #13.67.214.75 microsoft data center des moines ia - 13.67.214.75 - - [19/Jul/2021:14:07:38 -0700] "GET /xmlrpc.php?rsd HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" #13.67.225.238 - abuseipdb - microsoft data center des moine IA - 13.67.225.238 - - [15/Jul/2021:04:48:08 -0700] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 301 247 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" #bork - abuseipdb - microsoft Des Moines IA - 13.89.52.110 - - [13/Jul/2021:01:49:00 -0700] "GET / HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" #13.78.150.92 .env / POSTS Require not ip 13.104.0.0/14 13.96.0.0/13 13.64.0.0/11 13.64 13.66 13.67 13.89 #13.212.79.131 - - [08/Jul/2021:16:06:13 -0700] "GET /autodiscover/autodiscover.xml/wp-includes/wlwmanifest.xml HTTP/1.1" 400 52 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" Require not ip 13.212.79.131 #13.228.29.149 amazonaws ***13.200.0.0 - 13.239.255.255*** 13.212.156.26 Require not ip 13.208.0.0/12 13.224.0.0/12 13.200.0.0/13 #13.250.109.32 .git amazonaws singapore ***13.244.0.0 - 13.251.255.255*** Require not ip 13.248.0.0/14 13.244.0.0/14 #amazonaws mumbai india Require not ip 13.232.49 #14.37.105.35 admin kt.com korea 14.32.0.0 - 14.95.255.255 Require not ip 14.37 #14.186.158.242 vnpt vietnam 14.160.0.0 - 14.191.255.255 Require not ip 14.186 #chinaunicom Require not ip 14.205.124 #15.222.37.230 amazonaws ***15.220.0.0 - 15.223.255.255*** #ec2-15-222-37-230.ca-central-1.compute.amazonaws.com - - [21/Sep/2021:23:18:55 -0700] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 406 300 "-" "python-requests/2.24.0" Require not ip 15.220.0.0/14 15.222 #bork - abuseipdb - Amazon data center Hong Kong - 16.162.77.34.bc.googleusercontent.com - - [16/Jul/2021:02:28:34 -0700] "GET / HTTP/1.1" 404 - "-" "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com" [combined with 8.162.77 Require not ip 16.162.77 #amazonaws range ***18.32.0.0 - 18.255.255.255*** 18.222.249.110 - - [21/Jul/2021:12:58:45 -0700] "POST /wp-includes/css/wp-config.php HTTP/1.1" 401 228 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" #18.185.249.102 amazonaws Frankfurt Germany 18.32.0.0 - 18.255.255.255 18.237.129.243 18.237.44.172 18.236.240.232 18.205.36.100 18.181.235.225 #18.144.58.20 same range as above 18.237.105.120 18.237.157.110 18.134.134.125 wp-login 18.237.10.50 18.208.209.59 env 18.237.118.249 big wp attack #18.232.165.222 - - [12/Oct/2021:20:23:46 -0700] "GET / HTTP/2.0" 400 52 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.87 Safari/537.36 Edg/80.0.361.48" Require not ip 18.128.0.0/9 18.32.0.0/11 18.64.0.0/10 Require not ip 18.144 18.185 18.220 18.232 18.236 18.237 #bork - abuseipdb confirmed - microsoft germany #20.64.250.79 - amazonaws portland - [10/Jul/2021:09:29:45 -0700] "GET //xmlrpc.php?rsd HTTP/1.1" 301 235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" #microsoft data center ***20.33.0.0 - 20.128.255.255*** -- interesting that some in this range report as amazonaws, though 20.33.0.0 - 20.128.255.255 #bork - abuseipdb 20.84.100.48 - - [22/Jul/2021:06:57:20 -0700] "GET / HTTP/1.1" 200 13791 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" #20.97.186.106 - - [25/Jul/2021:15:35:19 -0700] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" #20.84.98.195 - - [02/Jul/2021:07:53:09 -0700] "GET /_profiler/phpinfo HTTP/1.1" 404 236 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" #20.85.120.250 - - [20/Jun/2021:09:09:06 -0700] "GET /wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" #attempt to retrieve .env 20.102.76.190 major wp attack 20.106.162.71 20.108.4.16 20.62.201.187 20.106.134.229 20.78.128.171 20.97.184.15 b2evo1 attack 20.38.168.9 wp attack #20.102.71.141 - - [30/Sep/2021:15:27:59 -0700] "GET /.env HTTP/1.1" 403 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" #20.37.42.104 wp attack Require not ip 20.48.0.0/12 20.64.0.0/10 20.36.0.0/14 20.34.0.0/15 20.33.0.0/16 20.128.0.0/16 20.40.0.0/13 Require not ip 20.52 20.55 20.64 20.80 20.84 20.85 20.97 20.98 20.102 #20.81.249.155 - microsoft data center Boydton VA - 20.81.249.155 - - [17/Jul/2021:02:32:33 -0700] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 301 259 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" Require not ip 20.81.249 #20.108.34.127 major wp attack ***20.33.0.0 - 20.128.255.255*** microsoft (should be blocked by above) 20.85.223.90 # Require not ip 20.108.34.127 #20.83.169.32 abuseipdb microsoft data center washington va 20.83.169.32 - - [20/Jul/2021:19:53:46 -0700] "GET /autodiscover/autodiscover.xml/wp-includes/wlwmanifest.xml HTTP/1.1" 400 52 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" Require not ip 20.83.169 #20.150.142.191 microsoft ***20.150.0.0 - 20.153.255.255*** Require not ip 20.150 20.151 20.152 20.153 #20.191.45.212 microsoft data center dublin - 20.180.0.0 - 20.191.255.255 20.185.66.66 Require not ip 20.180.0.0/14 20.184.0.0/13 #20.194.40.162 major attack microsoft ***20.192.0.0 - 20.255.255.255*** 20.199.72.228 autodiscover Require not ip 20.192.0.0/10 #20.194 20.199 #20.205.205.78 autodiscover/wp attack 20.192.0.0 - 20.255.255.255 Require not ip 20.205 #uibiquity los angeles (seattle) leaseweb 23.19.64.0 - 23.19.255.255 23.19.75.76 Require not ip 23.19.128.0/17 23.19.64.0/18 23.19.80 #23.20.146.218 amazonaws ***23.20.0.0 - 23.23.255.255*** Require not ip 23.20 23.21 23.22 23.23 #23.29.80.56 mobius internet fixed line nebrraska Require not ip 23.29.80.56 #23.29.122.205 hivelocity dallas ***23.29.112.0 - 23.29.127.255*** Require not ip 23.29.112.0/20 #23.80.156.186 leaseweb VA 23.80.0.0 - 23.83.63.255 Require not ip 23.80.0.0/15 23.83.0.0/18 23.82.0.0/16 #23.83.185.47 leaseweb ***23.83.128.0 - 23.83.207.255*** Require not ip 23.83.192.0/20 23.83.128.0/18 #23.88.61.151 Hetzner ***23.88.0.0 - 23.88.127.255*** 23.88.96.10 23.88.96.37 ` Require not ip 23.88.61 23.88.96 #23.90.160.146 zenlayer netherlands/diamond bar CA ***23.90.128.0 - 23.90.191.255*** Require not ip 23.90.160 #23.92.53.203 supremebytes Las Vegas 23.92.48.0 - 23.92.55.255 Require not ip 23.92.48.0/21 23.92.53 #23.95.9.175 virmach new york 23.94.0.0 - 23.95.255.255 - colocrossing #bork - 23.95.9.175 - - [09/Jul/2021:10:42:30 -0700] "GET / HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0" colorcrossing.com # Require not ip 23.95.9 #colocrossing buffalo ny #23.95.108.186 colocrossing data center atlanta # Require not ip 23.95.108 #23.95.219.93 colocrossing estonia 23.94.0.0 - 23.95.255.255 23.95.9.7 major attack 23.95.81.148 23.95.224.106 Require not ip 23.94 23.95 #23.102.176.138 microsoft san antonio tx 23.96.0.0 - 23.103.255.255 Require not ip 23.102 23.96.0.0/13 #23.105.110.194 leaseweb ***23.104.0.0 - 23.105.191.255*** 23.105.110.233 23.105.110.218 Require not ip 23.104 23.105 #23.106.20.236 leaseweb tried fastbk.com 23.106.0.0 - 23.106.31.255 Require not ip 23.106.20 #23.108.53.182 leaseweb miami fl 23.107.0.0 - 23.108.95.255 23.108.53.79 #23.110.166.65 leaseweb *** 23.110.0.0 - 23.110.255.255*** Require not ip 23.107 23.108.0.0/18 23.108.64.0/19 23.107.0.0/16 23.108.53 23.110 #bork - abuseipdb - emeraldonion data center seattle 23.129.64.156 - - [19/Jul/2021:12:57:23 -0700] "GET /config HTTP/1.1" 301 231 "https://www.fastbk.com/.git/config" "Go-http-client/1.1" with 185.191.124.152 and 185.220.101.216 and luxembourgtor2 Require not ip 23.129.64 #23.146.144.198 hop one 23.146.144.0 - 23.146.144.255 wp hack Require not ip 23.146.144 #23.146.241.19 volumedrive scranton PA *** Require not ip 23.146.241.19 #23.148.145.53 quick server hosting PA ***23.148.145.0 - 23.148.145.255*** Require not ip 23.148.145 #23.228.109.147 Jesse Lugo Sr amazon/groupon layerhost los angeles ***23.228.64.0 - 23.228.127.255*** Require not ip 23.228.64.0/18 #23.229.5.14 b2net servermania 23.229.0.0 - 23.229.127.255 23.229.69.201 Require not ip 23.229.0.0/17 #23.229.5.14 #23.236.48.117 google cloud 23.236.48.0 - 23.236.63.255 Require not ip 23.236.48.0/20 #23.236.48.117 #23.236.146.162 b2 net solutions 23.236.128.0 - 23.236.255.255 Require not ip 23.236.128.0/17 23.236.146 #b2net, many bad requests servermania Buffalo NY, NYC - clearly working together Require not ip 23.250.0.0/17 23.254.0.0/17 #24.79.154.110 shaw cable ontario canada s0106bc9b6813c42a.tb.shawcable.net - - [03/Aug/2021:03:24:44 -0700] "GET /DesktopModules/Admin/RadEditorProvider/DialogHandler.aspx HTTP/1.1" 301 289 "-" "python-requests/2.26.0" Require not ip 24.79.154.110 #abuseipdb - Mariott Inn NYC, NY - rrcs-24-97-201-131.nys.biz.rr.com - - [12/Jul/2021:14:12:39 -0700] "GET /.env HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" [note - retried with just IP] #24.97.201.131 - - [12/Jul/2021:14:12:39 -0700] "POST /.env HTTP/1.1" 301 239 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.63 Safari/537.31" Require not ip 24.97.201.131 #This is charter/rr, so I did not ban the entire range. But maybe I should. mail.gooroohosting.com - - [25/Jul/2021:01:02:09 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 24.199.222.227 #hyundai fixed line isp Korea 27.35.0.0 - 27.35.255.255 - a Hyundai user attacked my fake admin page. Not sure I want to block entire hyundai communications ISP, but for now ... Require not ip 27.35 #27.75.102.181 masquerading as localhost viettel vietnam 27.64.0.0 - 27.79.255.255 Require not ip 27.75 #27.115.124.70 chinaunicom 27.115.0.0 - 27.115.127.255 27.115.124.36 27.115.124.10 Require not ip 27.115.124 #27.221.75.35 chinaunicom ***27.192.0.0 - 27.223.255.255*** Require not ip 27.221 #27.254.63.73 csloxinfo thailand, wp-login 27.254.63.0 - 27.254.63.255 Require not ip 27.254.63 #31.31.205.163 domain parking, russia reg.ru 31.31.204.0 - 31.31.205.255 Require not ip 31.31.204 31.31.205 #this is the alleged "Expanse" ip backwards, because abuseipdb reports as 31.130.96.34.bc.googleusercontent.com and it is not getting blocked by my block list Require not ip 31.130.96.34 #31.135.109.120 fairline russia 31.135.96.0 - 31.135.127.255 Require not ip 31.135.109 #bork - 31.173.149.92 - abuseipdb - megafon.ru Volga Russia - 31.173.149.82 - - [15/Jul/2021:22:44:14 -0700] "GET /index.php HTTP/1.1" 404 8493 "https://bork.fastbk.com/" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0" Require not ip 31.173.149.82 #31.193.1.105 ukfast uk ***31.193.1.0 - 31.193.1.255*** Require not ip 31.193.1 #31.210.20.75 kiobi netherlands ***31.210.20.0 - 31.210.21.255*** Require not ip 31.210.20 31.210.21 #33.15.69.159 DoD network? Columbus OH MIL 33.0.0.0 - 33.255.255.255 single request to ridesbyscott - do I want to block this? static.33.15.69.159.clients.your-server.de - - [29/Jul/2021:04:17:09 -0700] "GET / HTTP/1.1" 200 7472 "http://ridesbyscott.com" "Mozilla/5.0 (X11; Linux i586; rv:31.0) Gecko/20100101 Firefox/73.0" #why wasn't blocked by block on clients.your-server.de? Why identified as clients.your-server.de, is this a fake hostname? Is it hetzner, and the ip is backwards? #google data center Oregon - 34.64.0.0 - 34.127.255.255 20.93.127.34.bc.googleusercontent.com - - [25/Jul/2021:02:20:59 -0700] "GET / HTTP/2.0" 403 1443 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0" #34.68.97.70 google data center council bluffs IA 70.97.68.34.bc.googleusercontent.com - - [20/Jul/2021:10:38:27 -0700] "GET /wp-login.php HTTP/1.1" 403 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #abuseipdb - google brussels - ip logged as Expanse and was a "503" response #google data center Mountain View CA - 34.64.0.0 - 34.127.255.255 #34.127.24.244 google cloud ***34.64.0.0 - 34.127.255.255*** #34.127.24.244 - - [25/Jul/2021:12:33:23 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #100% evil abuseipdb google Iowa 34.123.62.233 #34.71.71.95 - - [04/Jul/2021:06:49:46 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #34.71.95.46 - - [18/Jun/2021:17:48:47 -0700] "GET /wp/ HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-J111F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.90 Mobile Safari/537.36" #expanse 34.71.162 and 34.86, 34.96 34.69.115.90 wp attack #expanse - evil per abuseipdb, Hong Kong. Question, why are inquries seemingly getting through this block? Now I'm putting the individual IPs back. 34.84.114.55 #34.93.38.4 - - [05/Jul/2021:08:39:55 -0700] "GET /autodiscover/autodiscover.xml HTTP/1.1" 400 52 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" #34.87.189.18 wp attack 34.68.184.200 34.86.35.23 expanse ***34.64.0.0 - 34.127.255.255*** Require not ip 34.64.0.0/10 #34.64 34.68 34.69 34.71 34.77 34.79 34.84 34.86 34.93 34.96 34.107 34.127 34.140.218.206 #34.132.218.239 abuseipdb google data center council bluffs IA 34.128.0.0 - 34.191.255.255 Require not ip 34.128.0.0/10 34.132 34.145 #amazonaws 34.192.0.0 - 34.255.255.255 34.221.212.68 34.217.85.184 34.220.76.217 34.220.37.117 34.209.215.109 34.217.135.185 34.212.121.64 34.213.88.88 34.212.174.182 34.222.48.239 #34.255.87.160 amazonaws dublin 34.192.0.0 - 34.255.255.255 34.222.2.199 34.214.94.44 34.211.161.86 34.214.127.68 34.211.140.241 34.219.41.14 34.220.1.206 34.219.83.127 Require not ip 34.192.0.0/10 34.201 34.209 34.210 34.211 34.212 34.213 34.214 34.215 34.216 34.217 34.218 34.219 34.220 34.221 34.222 34.253 34.255 #35.80.32.134 amazonaws ***35.71.64.0 - 35.127.255.255*** 35.84.198.199 Require not ip 35.71.64.0/18 35.71.128.0/17 35.96.0.0/11 35.72.0.0/13 35.80.0.0/12 #35.80.32.134 #35.165.81.196 amazonaws 35.152.0.0 - 35.183.255.255 35.167.79.244 #amazonaws portland 35.152.0.0 - 35.183.255.255 35.166.43.179 35.165.160.87 35.166.115.176 #amazonaws data center portland #35.163.233.222 amazonaws data center portland Require not ip 35.160.0.0/12 35.176.0.0/13 35.152.0.0/13 #35.165.81.196 #35.188.112.169 googlecloud ***35.184.0.0 - 35.191.255.255*** Require not ip 35.184.0.0/13 #35.188.112.169 #35.198.201.101 googleusercontent google cloud 35.192.0.0 - 35.207.255.255 35.217.123.100 #35.226.227.107 google cloud ***35.208.0.0 - 35.247.255.255*** 35.162.236.239 #35.245.160.47 google data center washington dc 47.160.245.35.bc.googleusercontent.com - - [20/Jul/2021:18:02:31 -0700] "GET /403.html/wp-includes/wlwmanifest.xml HTTP/1.1" 403 1443 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" #35.226.227.107 wp attack 35.192.107.116 big wp 35.199.25.131 wp-login #35.239.190.166 multi-entry attack /sito/wp-includes/wlwmanifest.xml 10/12/21, 10:28 AM 425 error 403 GET HTTP/1.1 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36 Require not ip 35.192.0.0/12 35.240.0.0/13 35.208.0.0/12 35.224.0.0/12 #36.92.1.31 wp-login telkomnet indonesia ***36.64.0.0 - 36.95.255.255*** Require not ip 36.92 #36.99.136.129 chinanet ***36.99.0.0 - 36.99.255.255*** Require not ip 36.99 #36.110.147.104 china telcom chinanet 36.110.0.0 - 36.110.255.255 Require not ip 36.110 #chinaunicom Require not ip 36.249.204 #37.0.8.22 - legaconetworks netherlands ***37.0.8.0 - 37.0.11.255*** - bork 37.0.11.67 wp attack 37.0.11.88 37.0.11.162 37.0.8.34 37.0.10.48 37.0.8.66 37.0.11.93 #37.0.11.64 - - [14/Oct/2021:12:53:24 -0700] "GET /wp-admin/css/ HTTP/1.1" 403 1389 "binance.com" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" Require not ip 37.0.8 37.0.9 37.0.10 37.0.11 #37.18.90.101 1cloud data center Russia Require not ip 37.18.90 #37.19.223.228 datacamp uk ***37.19.223.0 - 37.19.223.255*** Require not ip 37.19.223 #37.20.8.203 rostelcom RU ***37.20.0.0 - 37.20.127.255*** Require not ip 37.20.8 #37.57.110.249 triolan ukraine 37.57.110.0 - 37.57.110.255 Require not ip 37.57.110 #37.112.105.97 fixed line russia, php hack attempt Require not ip 37.112.105.97 #37.120.193.232 - - [08/Jul/2021:11:53:07 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36" m247 belgrade 37.120.193.0 - 37.120.193.255 217.138.211.0 - 217.138.211.255 m247 brussels working together #181.214.206.232 - - [08/Jul/2021:11:53:37 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" Require not ip 37.120.193 #37.120.235.169 - - [12/Jul/2021:12:51:27 -0700] "POST /mail.php HTTP/1.0" 403 1269 "https://ridesbyscott.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.84 Safari/537.36" data center dublin ireland #37.120.235.164 m247 ireland 37.120.235.0 - 37.120.235.255 Require not ip 37.120.235 #37.120.244.59 m247 europe, constantly hacking 37.120.244.0 - 37.120.244.255 Require not ip 37.120.244 #37.156.145.140 wp-login asiatech iran 37.156.145.0 - 37.156.145.255 Require not ip 37.156.145 #37.187.91.7 ovh ***37.187.88.0 - 37.187.95.255*** #37.187.110.9 ovh ***37.187.96.0 - 37.187.127.255*** ns327266.ip-37-187-110.eu - - [02/Oct/2021:05:45:28 -0700] "GET /.well-known/security.txt HTTP/1.1" 500 - "-" "Go-http-client/1.1" Require not ip 37.187.91 37.187.110 #38.91.106.96 psinet washington dc cogento 38.0.0.0 - 38.255.255.255 38.91.106.96 - - [28/Jul/2021:11:41:49 -0700] "GET /.env HTTP/1.1" 500 289 "-" "Mozilla 5.0" 38.79.85.151 Require not ip 38 #39.101.168.207 alisoft china php login attempt ***39.96.0.0 - 39.108.255.255*** 39.103.194.111 39.107.236.213 Require not ip 39.101 39.103 39.107 #40.69.84.145 microsoft dublin 40.64.0.0 - 40.71.255.255 wp hack #40.71.119.131 microsoft ***40.64.0.0 - 40.71.255.255*** Require not ip 40.69.84 40.64.0.0/13 #40.73.1.50 bluecloud beijing ***40.72.0.0 - 40.73.255.255*** Require not ip 40.72 40.73 #40.122.175.146 wp hack #abuseipdb microsoft ***40.74.0.0 - 40.125.127.255*** 40.76.110.71 - - [23/Jul/2021:04:08:53 -0700] "GET /xmlrpc.php?rsd HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" #40.114.45.230 wp attack 40.82.208.253 #40.76.110.71 - - [03/Jul/2021:10:24:04 -0700] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" [microsoft data server, washington VA] #hrankbot but also 40.86.86.233 - - [20/Jul/2021:20:16:28 -0700] "GET /403.html/wp-includes/wlwmanifest.xml HTTP/1.1" 403 1269 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" #40.86.103.136 #abusipdb - Microsoft Virginia - 40.88.21.235 - - [08/Jul/2021:07:47:23 -0700] "GET / HTTP/1.1" 200 1120 "https://www.daltrey.org/" "Mozilla/5.0 (compatible; DuckDuckGo-Favicons-Bot/1.0; +http://duckduckgo.com)" # Require not ip 40.88.21.235 #40.113.195.43 - - [11/Jul/2021:03:36:39 -0700] "GET //wp2/wp-includes/wlwmanifest.xml HTTP/1.1" 301 259 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" Microsoft data center des moines IA #abuseipdb - microsoft data center washington va #40.119.52.57 microsoft data center san antonio tx 40.117.96.146 Require not ip 40.114 40.112.0.0/13 40.76.0.0/14 40.80.0.0/12 40.120.0.0/14 40.96.0.0/12 40.74.0.0/15 40.125.0.0/17 40.124.0.0/16 #41.185.64.75 1-grid south africa 41.185.0.0 - 41.185.255.255 wp-login tta12-cvps01monitor.hostserv.co.za Require not ip 41.185 #41.208.72.154 libya telcom 41.208.72.0 - 41.208.75.255 wp-login Require not ip 41.208.72 #41.231.36.25 tunisian internet ***41.224.0.0 - 41.231.255.255*** Require not ip 41.231 #42.83.147.35 cnnic china ***42.83.128.0 - 42.83.255.255*** Require not ip 42.83.147 #42.193.45.103 tencent 42.192.0.0 - 42.193.255.255 #42.194.204.97 tencent cloud china 42.194.128.0 - 42.194.255.255 42.193.23.161 Require not ip 42.192 42.193 42.194 #Require not ip 42.194 #fixed line Vietnam Require not ip 42.112.93.74 #42.193.16.135 tencent ***42.192.0.0 - 42.193.255.255*** Require not ip 42.192 42.193 #42.236.10.83 unicom china 42.224.0.0 - 42.239.255.255 hn.kd.ny.adsl /403.php Require not ip 42.236 #43.129.212.158 acevilleptel singapore ***43.128.0.0 - 43.135.255.255*** Require not ip 43.129 #43.224.157.86 ttnet isp india 43.224.156.0 - 43.224.159.255 Require not ip 43.224.157 #43.252.231.127 HongKong Virtual internal server company Limited ***43.252.231.0 - 43.252.231.255*** Require not ip 43.252.231 #43.255.113.232 .env xinwei cambodia ***43.255.112.1 - 43.255.115.255*** Require not ip 43.255.113 #44.233.249.172 amazonaws 44.192.0.0 - 44.255.255.255 Require not ip 44.233 44.192.0.0/10 #45.12.223.138 - abuseipdb - m247 data center Oslo - 45.12.223.138 - - [17/Jul/2021:08:00:00 -0700] "GET /assets/global/plugins/jquery-file-upload/server/php/index.php?secure=1 HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" Require not ip 45.12.223 #45.12.138.168 dedipath big anonymousfox attack 45.12.138.0 - 45.12.139.255 Require not ip 45.12.138 45.12.139 #abuseipdb - novoserve data center amsterdam - vm2140965.62ssd.had.wf - - [15/Jul/2021:20:47:33 -0700] "GET / HTTP/1.0" 200 7472 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" Require not ip 45.14.12 #45.14.71.23 xehost japan proton vpn ***45.14.71.0 - 45.14.71.255*** Require not ip 45.14.71 #jjxy.goldmanfun.com - - [08/Jul/2021:12:46:15 -0700] "GET /403.html HTTP/1.1" 403 1269 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" and 45.15.143.130 acloud data center - - [08/Jul/2021:12:46:37 -0700] "POST /wp-includes/css/wp-config.php HTTP/1.1" 403 1269 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" Require not ip 45.15.143 #45.32.101.121 hack attempt constant co/vultr 45.32.0.0 - 45.32.255.255*** 45.32.144.69 Require not ip 45.32 #45.57.163.186 B2 net buffalo ny 45.57.128.0 - 45.57.255.255 Require not ip 45.57.128.0/17 45.57.163 #45.61.146.100 - frantech.ca data center cheyenne wy 45.61.128.0 - 45.61.191.255 - 45.61.146.100 - - [10/Jul/2021:22:08:36 -0700] "POST / HTTP/1.1" 403 1269 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" Require not ip 45.61.128.0/18 #45.64.54.158 sun network hong kong ***45.64.54.128 - 45.64.54.159*** Require not ip 45.64.54.158 #45.72.67.15 b2net canada 45.72.0.0 - 45.72.127.255 45.72.48.130 Require not ip 45.72.0.0/17 #45.72.67 #bork - 45.76.190.7.vultr.com abuseipdb vultr singapore / whois constant company west palm beach FL 45.76.0.0 - 45.77.255.255 Require not ip 45.76.0.0/15 #45.79.236.53 linode australia ***45.79.0.0 - 45.79.255.255*** Require not ip 45.79 #45.82.71.196 zomro netherlands ***45.82.71.128 - 45.82.71.255*** Require not ip 45.82.71.196 #45.88.106.8 zomro netherlands 45.88.106.0 - 45.88.106.127 #45.88.106.197 zomro netherlands/seychelles 45.88.106.128 - 45.88.106.255 Require not ip 45.88.106 #45.86.241.2 aqua-jump romania ***45.86.240.0 - 45.86.241.255*** Require not ip 45.86.240 45.86.241 #45.90.248.199 ip royal London *** 45.90.248.0 - 45.90.248.255*** Require not ip 45.90.248 #45.90.222.152 ttl datacenter los angeles, TT1 Datacenter UG (haftungsbeschraenkt) ***45.90.222.0 - 45.90.223.255*** Require not ip 45.90.222 #45.90.250.106 iproyal london /lithuania ***45.90.248.0 - 45.90.251.255*** #45.90.250.106 /wp-includes/css/wp-config.php 10/11/21, 1:58 PM 282 error 503 POST HTTP/1.1 anonymousfox.co Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Require not ip 45.90.248 45.90.249 45.90.250 45.90.251 #45.93.80.28 admin llc russia / ru proline ***45.93.80.0 - 45.93.80.255*** Require not ip 45.93.80 #45.95.39.45 nexsign UK 45.95.36.0 - 45.95.39.255 Require not ip 45.95.39 #45.95.64.25 heficed netherlands ***45.95.64.0 - 45.95.65.255*** Require not ip 45.95.64 45.95.65 #abuseipdb vultr data center singapore - 45.77.242.162.vultr.com - - [19/Jul/2021:03:27:26 -0700] "GET /.env HTTP/1.1" 301 232 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" # Require not ip 45.77.242 #abuseipdb - Croatia - we.webbateapi.xyz - - [12/Jul/2021:03:39:11 -0700] "GET /owa/auth/logon.aspx?replaceCurrent=1&url=https%3a%2f%2ffastbk.com%2fowa%2f HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)" #45.95.171.132 - - [12/Jul/2021:03:39:13 -0700] "GET /owa/auth/logon.aspx?url=https%3a%2f%2fautodiscover.fastbk.com%2fowa%2f&reason=0 HTTP/1.1" 400 52 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2 (.NET CLR 3.5.30729)" Require not ip 45.95.171.132 #45.118.144.87 lvsoft vietnam ***45.118.144.0 - 45.118.147.255*** Require not ip 45.118.144 #45.119.83.250 lv solution vietnam ***45.119.80.0 - 45.119.83.255*** Require not ip 45.119.83 #45.119.213.225 deco.vn vietnam 5.119.212.0 - 45.119.215.255 Require not ip 45.119.213 #45.125.245.241 hostroyale india 45.125.245.0 - 45.125.245.255 Require not ip 45.125.245 #45.129.18.207 eonscope uk 45.129.18.0 - 45.129.18.255 45.129.18.213 Require not ip 45.129.18 #45.131.47.234 proline ru ***45.131.47.0 - 45.131.47.255*** Require not ip 45.131.47 #vanveen seattle (netherlands) 45.155.43.206 - - [23/Jul/2021:20:54:45 -0700] "GET /.env HTTP/1.1" 301 232 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" Require not ip 45.131.94 #45.131.100.203 rackspot india ***45.131.100.0 - 45.131.103.255*** Require not ip 45.131.100.203 #45.132.184.14 nettrafficsolutions sheridan wy ***45.132.184.0 - 45.132.184.255*** Require not ip 45.132.184 #45.134.24.250 inter.com.ru russia ru proline london 45.134.24.0 - 45.134.24.255 Require not ip 45.134.24 #45.135.184.37 .env legaworks netherlands 45.135.184.0 - 45.135.184.255 Require not ip 45.135.184 #45.129.18.61 eonscope data center boca raton FL eonscope UK 45.129.18.0 - 45.129.18.255*** 45.129.18.217 Require not ip 45.129.18 #bork - abuseipdb - legaconetworks.nl NYC, NY data center - 45.130.83.115 - - [15/Jul/2021:23:26:19 -0700] "GET / HTTP/1.1" 200 8496 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" Require not ip 45.130.83 #45.131.194.162 vpn seattle ***45.131.194.0 - 45.131.194.255*** Require not ip 45.131.194 #45.132.38.166 telnet russia ru proline ***45.132.38.0 - 45.132.38.255*** Require not ip 45.132.38 #45.133.31.216 informlink lithuania ***45.133.31.0 - 45.133.31.255*** Require not ip 45.133.31.216 #45.133.154.3 aqua-jump romania 45.133.154.0 - 45.133.155.255 Require not ip 45.133.154 #45.133.193.72 hostus iceland 45.133.192.0 - 45.133.193.255 Require not ip 45.133.192 45.133.193 #45.137.22.36 rootlayer netherlands ***45.137.20.0 - 45.137.23.255*** Require not ip 45.137.20 45.137.21 45.137.22 45.137.23 #45.139.110.161 ru net 45.139.110.0 - 45.139.111.255 Require not ip 45.139.110 45.139.111 #45.145.18.3 bitway isp romania Require not ip 45.145.18 #45.146.164.69 - - [08/Jul/2021:12:15:23 -0700] "GET /bkp/archive.zip HTTP/1.1" 401 228 "-" "Go-http-client/1.1" #45.146.164.50 mastercom russia / nicosia cyprus 45.146.164.0 - 45.146.165.255 45.146.164.50 - - [29/Jul/2021:03:45:51 -0700] "GET /.env.development.local HTTP/1.1" 200 11788 "-" "virustotal" #now also agent "VT" - using higher level skills than some, figured out fastbk.daltrey.org which is not supposed to be a public thing. #this is a hacking probe for urls tool - 45.146.164.50 - - [11/Jul/2021:09:53:58 -0700] "GET / HTTP/1.1" 406 300 "-" "httpx - Open-source project (github.com/projectdiscovery/httpx)" Require not ip 45.146.164 45.146.165 #45.151.248.24 veridyen turkey ***45.151.248.0 - 45.151.248.255*** Require not ip 45.151.248 #45.152.116.66 lir.am russia proline 45.152.116.0 - 45.152.116.255 Require not ip 45.152.116 #45.153.160.140 tor moneroj netherlands 5.153.160.0 - 45.153.160.255 Require not ip 45.153.160 #45.153.227.85 atlas germany / proline london 45.153.227.0 - 45.153.227.255 Require not ip 45.153.227 #45.155.43.206 dedipath los angeles 45.155.43.0 - 45.155.43.255 Require not ip 45.155.43 #45.159.22.62 - ixserv data center nuremburg Require not ip 45.159.22 #45.200.120.168 cloudinnovation data center Hong Kong Require not ip 45.200.120 #45.224.27.237 redeviaconnect brazil 45.224.27.192/26 ip45-224-27-237.redeviaconnect.net.br - - [18/Aug/2021:13:37:31 -0700] "GET /wp-admin HTTP/1.1" 301 233 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36" Require not ip 45.224.27.192/26 #45.224.27.237 #45.234.182.192 teran jorge luis isp argentina Require not ip 45.234.182 #46.4.59.231 hetzner ***46.4.59.192 - 46.4.59.255*** Require not ip 46.4.59 #46.4.105.254 blexbot hetzner germany 46.4.105.224 - 46.4.105.255 Require not ip 46.4.105.255 #46.8.23.42 net-art ukraine biterika group russia 46.8.22.0 - 46.8.23.255 Require not ip 46.8.22 46.8.23 #46.28.162.136 megavista isp spain ***46.28.162.0 - 46.28.162.255*** Require not ip 46.28.162 #46.30.59.96 wp-login got 200? mitwald germany ***46.30.56.0 - 46.30.59.255*** Require not ip 46.30.59 #46.33.33.1 odessatv ukraine 46.33.32.0 - 46.33.39.254 Require not ip 46.33.33 #46.101.9.216 digitalocean ***46.101.0.0 - 46.101.63.255*** Require not ip 46.101.9 #46.101.95.65 digitalocean ***46.101.80.0 - 46.101.95.255*** Require not ip 46.101.95 #46.175.152.0 - 46.175.153.255 Elitework Kirkland WA / special internet operations India Require not ip 46.175.152 46.175.153 #46.4.108.51 Hetzner germany 46.4.105.224 - 46.4.105.255 46.4.108.32 - 46.4.108.63' pot37.webmeup.com - - [27/Jul/2021:22:00:23 -0700] "GET /robots.txt HTTP/1.1" 406 300 "-" "Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/)" Require not ip 46.4.105.224 46.4.108 #46.33.33.77 odessa.tv ukraine ***46.33.32.0 - 46.33.39.254*** Require not ip 46.33.33 #abuseipdb - turkrdns data center Istanbul Turkey 46.45.185.186 - - [09/Jul/2021:10:25:36 -0700] "GET / HTTP/1.1" 500 289 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.84 Safari/537.36" Require not ip 46.45.185 #46.246.3.241 glesys data center sweden aka colohosting 46.246.3.0 - 46.246.3.255 part of twin attack on cypress exe file with 82.serverhs.org Require not ip 46.246.3 #46.101.28.212 digitalocean - 46.101.0.0 - 46.101.63.255 Require not ip 46.101.28 #46.101.80.192 digitalocean 46.101.80.0 - 46.101.95.255 Require not ip 46.101.80 46.101.95 #46.148.206.226 Russia 46.148.192.0 - 46.148.207.255 Require not ip 46.148.206 #46.150.244.209 - - [10/Jul/2021:05:26:29 -0700] "GET /rife/res1.htm HTTP/1.1" 404 236 "http://z-audi.ru/" "Re-re Studio (+http://vip0.ru/)" #46.150.244.209 46.150.246.118 #46.150.244.28 auction llc russia ***46.150.240.0 - 46.150.255.255*** Require not ip 46.150.244 46.150.246 #46.166.139.111 autodiscover/git attack tor/nforce netherlands 46.166.139.0 - 46.166.139.255 Require not ip 46.166.139 #46.232.251.191 netcup germany ***46.232.250.0 - 46.232.251.255*** Require not ip 46.232.250 46.232.251 #46.243.183.208 itglobal russia ***46.243.183.0 - 46.243.183.255*** 46.243.183.208 - - [17/Aug/2021:07:55:54 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 46.243.183.208 #bork - crawler-46-246-64-21.twingly.com - - [04/Jul/2021:16:46:54 -0700] "GET / HTTP/1.1" 200 234 "-" "Twingly Recon" Tried to access /git/archive.zip and /file/archive.zip! Require not ip 46.246.64.21 #46.246.122.112 xyzzy portlane sweden ***46.246.122.0 - 46.246.122.255*** Require not ip 46.246.122 #46.254.107.114 cityhost ukraine ***46.254.107.0 - 46.254.107.127*** Require not ip 46.254.107.114 #47.74.17.225 aliaba 47.74.0.0 - 47.87.255.255 Require not ip 47.74 #47.88.102.45 admin allicloud ***47.88.0.0 - 47.91.255.255*** Require not ip 47.88.0.0/14 #47.88.102.45 #47.114.4.136 wp-login alliyun china ***47.113.0.0 - 47.127.255.255*** Require not ip 47.114 #bork - 47.148.251.70 - - [12/Jul/2021:09:17:50 -0700] "GET / HTTP/2.0" 401 228 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 47.148.251.70 #47.242.188.12 - - [08/Jul/2021:20:05:14 -0700] "HEAD / HTTP/1.1" 200 - "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.85 Safari/537.36" Require not ip 47.242.188.12 #47.244.144.197 alibaba 47.235.0.0 - 47.246.255.255 47.244.166.23 wp-login Require not ip 47.236.0.0/14 47.244.0.0/15 47.235.0.0/16 47.246.0.0/16 47.240.0.0/14 47.244 #47.254.41.44 alicloud san mateo ca 47.250.0.0 - 47.254.255.255 Require not ip 47.250 47.251 47.252 47.253 47.254 #49.7.21.78 sogu web spider china telcom bjtel 49.7.0.0 - 49.7.255.255 49.7.20.122 Require not ip 49.7 #49.12.67.151 #49.12.76.237 Herzberg germany 49.12.0.0 - 49.13.255.255 static.237.76.12.49.clients.your-server.de - - [26/Jul/2021:21:37:40 -0700] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 406 300 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" Require not ip 49.12 49.13 #49.149.64.101 philippines long distance telephone company ***49.149.0.0 - 49.149.127.255*** (residential dsl) Require not ip 49.149.64 #49.234.47.214 tencent cloud ***49.232.0.0 - 49.235.255.255 Require not ip 49.234 #50.87.144.189 bork hostgator 50.87.0.0 - 50.87.255.255 Require not ip 50.87 #50.62.177.134 bork godaddy 50.62.0.0 - 50.63.255.255 Require not ip 50.62 50.63 #50.115.124.254 wp-login midphase/bluehost atlanta, hosting services, inc. UT ***50.115.112.0 - 50.115.127.255*** Require not ip 50.115.124 #I've denied a lot of sites from 51.xxx.xxx.xxx Tired of this. ovh london 51.89.228.0 - 51.89.231.255 51.89.230.56 51.15.247.214 51.158.118.231 51.158.109.3 51.15.235.211 51.158.68.35 #51.116.104.218 env/POST 51.13.72.147 #51.15.191.81 how does this get through the 51 block? online sas france and this is the probe.onyphe.net group 51.15.0.0 - 51.15.255.255 51.158.103.247 51.15.209.146 51.83.21.220 Require not ip 51 51. 51.15 51.158 #abusipdb - ovh.com England htm) 51.195.199.64 - 51.195.199.127 "ip5.ip-51-68-223.eu - - [11/Jul/2021:13:10:24 -0700] "GET /datamine/sub_cate.php?cate=electric+vehicles+%2F%2A%2A%2FAND%2F%2A%2A%2F6538%27%3D%276538%27%2F%2A%2A%2FUNION%2F%2A%2A%2FALL%2F%2A%2A%2FS # Require not ip 51.68.223.5 51.158.114.61 #abuseipdb - ovh.com France visage.ps - - [11/Jul/2021:14:22:01 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" # Require not ip 51.91.14.4 #bork - ns3174248.ip-51-210-34.eu - - [09/Jul/2021:22:07:59 -0700] "GET /config HTTP/1.1" 404 6136 "https://daltreynet.daltrey.org/.git/config" "Go-http-client/1.1" # Require not ip 51.210.34.150 #52.11.19.227 amazonaws portland abuseipdb Require not ip 52.11 #52.26.209.207 amazonaws 52.0.0.0 - 52.79.255.255 52.36.50.55 52.34.249.44 52.33.98.232 52.43.135.84 Require not ip 52.0.0.0/10 52.64.0.0/12 52.26 52.36 #amazon 52.26.238.4 52.0.0.0 - 52.79.255.255 ec2-52-33-198-19.us-west-2.compute.amazonaws.com 52.32.98.48 Require not ip 52.64.0.0/12 52.0.0.0/10 #amazonaws portland Require not ip 52.36.99 #amazonaws portland Require not ip 52.38.74 #52.43.242.162 amazonaws portland 52.0.0.0 - 52.79.255.255 52.26.165.79 Require not ip 52.0.0.0/10 52.64.0.0/12 52.43 #amazonaws Beijing Require not ip 52.80.209 #52.89.3.167 amazonaws portland 52.84.0.0 - 52.95.255.255 52.88.31.232 Require not ip 52.81 52.88 52.89 #52.128.203.220 hostz south dakota ***52.128.160.0 - 52.128.223.255*** Require not ip 52.128.192.0/19 52.128.160.0/19 #52.128.203.220 #abuseipdb - microsoft data center washington, VA - 52.142.40.107 - - [14/Jul/2021:18:34:49 -0700] "GET //xmlrpc.php?rsd HTTP/1.1" 301 235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" Require not ip 52.142.40.107 #52.160.90.9 microsoft data center sf ***52.145.0.0 - 52.191.255.255 ***52.152.170.230 52.190.57.2 wp 52.163.127.23 52.183.100.234 Require not ip 52.146.0.0/15 52.160.0.0/11 52.148.0.0/14 52.145.0.0/16 52.152.0.0/13 52.145 52.146 55.188 52.147 52.152 52.160 #52.214.37.17 amazonaws 52.192.0.0 - 52.223.191.255 Require not ip 52.222.0.0/16 52.223.0.0/17 52.220.0.0/15 52.223.128.0/18 52.192.0.0/12 52.216.0.0/14 52.208.0.0/13 52.214 #52.240.159.47 microsoft 52.224.0.0 - 52.255.255.255 52.230.87.89 Require not ip 52.230 52.240 #52.246.250.182 - - [10/Jul/2021:11:56:14 -0700] "GET / HTTP/1.1" 200 6137 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" Require not ip 52.246.250.182 #52.247.226.68 abuseipdb microsoft data center quincy wa Require not ip 52.247.226 #52.250.113.144 abuseipdb microsoft data center quincy washington - 52.250.113.144 - - [17/Jul/2021:20:43:12 -0700] "GET //cms/wp-includes/wlwmanifest.xml HTTP/1.1" 421 322 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36" Require not ip 52.250.113 #ovh data center Roubaix France aHref bot 54.36.148 54.36.148.152 #ip-54-36-149-88.a.ahrefs.com 54.36.148.45 54.36.148.245 Require not ip 54.36 #54.37.17.21 wp-login ovh london 54.37.16.0 - 54.37.19.255 Require not ip 54.37.17 #abuseipdb - Canada - ns555766.ip-54-39-17.net - - [11/Jul/2021:05:23:45 -0700] "GET / HTTP/1.1" 200 1120 "-" "python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-1160.31.1.el7.x86_64" Require not ip 54.39.17.10 #54.39.29.64 ovh montreal ***54.39.0.0 - 54.39.255.255*** Require not ip 54.39 #amazonaws 54.64.0.0 - 54.95.255.255 ec2-54-91-174-175.compute-1.amazonaws.com 54.69.51.13 54.80.126.99 54.84.101.21 #mega-attack: 54.80.126.99 - - [04/Oct/2021:07:35:20 -0700] "GET /?locale=cs HTTP/2.0" 200 12000 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6; rv:74.0) Gecko/20100101 Firefox/74.0" Require not ip 54.64.0.0/11 54.70 54.80 54.91 #54.212.67.77 amazonaws portland 54.186.153.145 54.185.82.174 54.200.20.218 #amazon ***54.144.0.0 - 54.221.255.255*** 54.202.102.99 54.202.148.11 54.188.38.228 54.214.183.228 54.188.148.42 54.213.33.53 54.202.126.173 54.189.230.128 54.201.100.23 54.189.106.65 54.191.128.50 #54.202.171.50 54.174.53.251 #54.213.39.100 - env 54.188.169.244 54.212.114.139 54.212.119.229 54.185.253.104 54.189.156.5 54.214.231.111 54.218.237.220 54.189.168.241 54.189.114.151 54.202.1.217 54.200.116.109 54.202.12.45 54.200.38.139 Require not ip 54.144.0.0/12 54.160.0.0/11 54.192.0.0/12 54.208.0.0/13 54.216.0.0/14 54.220.0.0/15 #54.189 #amazon Beijing #54.223.107.65 amazonaws china ***54.222.0.0 - 54.223.255.255*** #amazonaws ***54.224.0.0 - 54.255.255.255*** 54.242.22.49 git Require not ip 54.222 54.223 54.224.0.0/11 #58.20.199.13 chinaunicom ***58.20.199.8 - 58.20.199.15*** Require not ip 58.20.199.13 #58.48.227.14 chinanet ***58.48.0.0 - 58.55.255.255*** Require not ip 58.48 #58.53.128.88 china telecom china Require not ip 58.53.128 #58.186.123.137 fpt vietnam 58.186.112.0 - 58.186.127.255 Require not ip 58.186.123 #58.242.194.173 china unicom 58.242.192.0 - 58.242.223.255 Require not ip 58.242.194 #59.51.27.67 china telecom 59.51.0.0 - 59.51.127.255 Require not ip 59.51.27 #59.52.103.199 china telcom ***59.52.0.0 - 59.55.255.255*** 59.52.100.213 59.52.207.231 Require not ip 59.52 #59.175.144.14 GRequest 59.174.0.0 - 59.175.255.255 chinanet Require not ip 59.174 59.175 # 60.103.156.249 softbank japan 60.64.0.0 - 60.159.255.255 softbank060103156249.bbtec.net Require not ip 60.103 #61.7.183.125 - - [09/Jul/2021:05:44:02 -0700] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 301 247 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36" Require not ip 61.7.183.125 #61.19.35.42 cat-north thailand 61.19.32.0 - 61.19.35.255 Require not ip 61.19.35 #61.90.110.54 asianet thailand ppp-61-90-110-54.revip.asianet.co.th Require not ip 61.90.110.54 #61.109.81.172 broadbandnnet korea 61.109.0.0 - 61.109.127.255 Require not ip 61.109.81.172 #61.111.129.36 sejong telcom korea 61.111.112.0 - 61.111.191.255 Require not ip 61.111.129 #61.135.15.136 #61.135.15.155 chinaunicom Beijing 61.135.15.180 "200" on daltrey.net??? 61.135.0.0 - 61.135.255.255 61.135.15.171 61.135.15.156 61.135.15.139 61.135.15.197 61.135.15.177 61.135.15.189 61.135.15.146 Require not ip 61.135 #Reston, VA - coordinated with "intelligence" and "luminati" 64.137.41.141 - - [04/Jul/2021:17:49:40 -0700] "GET / HTTP/2.0" 200 234 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1" Require not ip 61.137.41.141 #61.244.70.248 abuseipdb hkbn isp hong kong 061244070248.ctinets.com - - [20/Jul/2021:09:09:30 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 61.244.70 #62.4.14.198 hurley.probe.onyphe.net 100% evil abuseipdb poneytelecom - france online sas/illiad france 62.4.14.192 - 62.4.14.207 Require not ip 62.4.14.198 #dedibox 62.4.16.0 - 62.4.31.255 Require not ip 62.4.16 62.4.17 62.4.18 62.4.19 62.4.20 62.4.21 62.4.22 62.4.23 62.4.24 62.4.25 62.4.26 62.4.27 62.4.28 62.4.29 62.4.30 62.4.31 #62.147.38.215 free france dialup c5850-a4-2-62-147-38-215.dial.proxad.net 62.147.0.0 - 62.147.78.255 dbflash attempt Require not ip 62.147.38.215 #62.210.88.24 online hosting france 62.210.0.0 - 62.210.127.255 62.210.209.245 # Require not ip 62.210.88 62.210.0.0/16 #iliad hosting france, hosts babbar crawler ***62.210.128.0 - 62.210.255.255*** note: between item above and this one, consists of all of 62.210, many hacking attempts from here. 62.210.10.77 62.210.5.253 #62.210.180.146 62.210.122.74 wp attack Require not ip 62.210 #63.33.207.225 amazonaws ***63.32.0.0 - 63.35.255.255 Require not ip 63.32.0.0/14 #63.141.242.46 expresswriters datashack 63.141.224.0 - 63.141.255.255 Require not ip 63.141.224.0/19 63.141.242 #abuseipdb - namecheap.inc. Atlanta - premium104.web-hosting.com - - [12/Jul/2021:09:11:05 -0700] "GET / HTTP/2.0" 401 228 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 63.250.38 #64.15.136.94 wp-login iweb canada ***64.15.128.0 - 64.15.159.255*** Require not ip 64.15.128.0/19 #64.21.98.41 abuseipdb net access corp. newark nj 64.21.0.0 - 64.21.191.255 Require not ip 64.21.0.0/17 64.21.128.0/18 64.21.98 #64.27.58.24 handy networks Trident user agent 64.27.48.0 - 64.27.63.255 Require not ip 64.27.48.0/20 #64.37.52.2 wp-login hostdime orlando ***64.37.48.0 - 64.37.63.255*** Require not ip 64.37.48.0/20 #64.27.58.24 #64.90.48.197 abuseipdb dreamhost brea ca 64.90.32.0 - 64.90.63.255 Require not ip 64.90.32.0/19 #64.62.252.163 - - [13/Jul/2021:02:54:26 -0700] "GET /robots.txt HTTP/1.1" 301 239 "-" "The Knowledge AI" Require not ip 64.62.252 #64.71.131.244 he.net e-ventures san francisco / fremont ca abuseipdb 64.71.128.0 - 64.71.191.255*** 64.71.131.243 Require not ip 64.71.131 64.71.128.0/18 #64.120.33.33 ubiquity/leaseweb VA 64.120.0.0 - 64.120.87.255 64.120.109.148 Require not ip 64.120.0.0/18 64.120.64.0/20 64.120.80.0/21 #64.120.33.33 #64.120.109.69 leaseweb 64.120.109.0 - 64.120.109.255 Require not ip 64.120.109 #64.135.127.37 host.net boca raton FL Require not ip 64.135.127 #64.137.108.75 - - [04/Jul/2021:17:44:40 -0700] "GET /home/ HTTP/2.0" 404 234 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1" Require not ip 64.137.108.75 #64.140.142.124 CloudVPN / nordvpn.com sentris Washington ***64.140.128.0 - 64.140.143.255*** Require not ip 64.140.128.0/20 #64.188.9.98 quadranet L.A. ***64.188.0.0 - 64.188.31.255*** Require not ip 64.188.0.0/19 #64.202.160.0 - 64.202.191.255 godaddy scottsdale az Require not ip 64.202.160 64.202.184 #64.225.54.97 NetcraftSurveyAgent digitalocean 64.225.0.0 - 64.225.127.255 64.225.4.65 64.225.3.93 wp 64.225.68.194 wp-login 64.225.17.255 64.225.25.130 Require not ip 64.225.0.0/17 #64.225.54 #64.227.88.155 wp-login digitalocean ***64.227.0.0 - 64.227.127.255*** 64.227.118.179 Require not ip 64.227.0.0/17 #64.227.88.155 #64.227.178.79 digitalocean india ***64.227.128.0 - 64.227.191.255*** Require not ip 64.227.128.0/18 #64.235.231.20 ihnetworks chatsworth ca / packetexchange McLean, VA ***64.235.224.0 - 64.235.255.255*** Require not ip 64.235.224.0/19 #abuseipdb - domaintools - search engine spider Seattle, WA - ipv4-64-246-165-50.greenhousedata.net - - [12/Jul/2021:16:04:08 -0700] "GET /robots.txt HTTP/1.0" 401 228 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:59.0) Gecko/20100101 Firefox/59.0" #64.246.165.180 Require not ip 64.246.165 #65.0.117.115 amazonaws india 65.0.0.0 - 65.3.255.255 Require not ip 65.0 65.1 65.2 65.3 #65.1.129.224 amazonaws mumbai Require not ip 65.1.129 #abuseipdb - Finland static.214.198.21.65.clients.your-server.de - - [11/Jul/2021:11:23:25 -0700] "GET /wp-includes HTTP/1.1" 301 239 "www.google.com" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36" Require not ip 65.21.198.214 #paloaltonetworks seattle WA aka centurylink monroe LA (probably Expanse) 65.128.0.0 - 65.159.255.255 65.155.30.101 Require not ip 65.128.0.0/11 65.154 65.155 #bork 65.21.255.118 Hetzner finland 65.21.0.0 - 65.21.255.255 Require not ip 65.21 #65.141.122.106 centurylink louisiana 65.128.0.0 - 65.159.255.255 not sure what 403'd this 65.141.122.106 - - [14/Aug/2021:13:50:43 -0700] "GET /images/pap2.gif HTTP/2.0" 403 - "https://webcache.googleusercontent.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:91.0) Gecko/20100101 Firefox/91.0" Require not ip 65.141.122.106 #66.102.6.114 google data center 66.102.0.0 - 66.102.15.255 Require not ip 66.102.0.0/20 66.102.6 #66.115.165.38 performiv san jose nationalnet marietta ga 66.115.128.0 - 66.115.191.255 Require not ip 66.115.165 66.115.173 #66.160.140.179 - - [20/Jul/2021:00:23:20 -0700] "GET /robots.txt HTTP/1.1" 200 254 "-" "The Knowledge AI" Require not ip 66.160.140 #bork 66.175.49.6 Cedant Davis CA 66.175.0.0 - 66.175.63.255 68.66.241.32.static.a2webhosting.com - - [28/Jul/2021:07:02:36 -0700] "GET /wp-admin/ HTTP/2.0" 301 234 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 66.175.0.0/18 66.175.49 #66.203.113.132 maxihost NY 66.203.112.0 - 66.203.113.255 Require not ip 66.203.112 66.203.113 #67.205.44.54 dreamhost brea ca ***67.205.0.0 - 67.205.63.255*** 67.205.61.254 Require not ip 67.205.0.0/18 #67.222.39.77 bluehost/unifiedlayer ***67.222.32.0 - 67.222.63.255*** Require not ip 67.222.39 #66.225.195.250 colocrossing 66.225.192.0 - 66.225.255.255 Require not ip 66.225.192.0/18 66.225.195 #66.230.230.230 candid hosting tor exit Placentia CA Neucom, Inc. Tampa FL - 66.230.192.0 - 66.230.239.255 Require not ip 66.230.224.0/20 66.230.192.0/19 #66.230.230 #66.231.185.79 mixrankbot atlanticmetro 66.231.176.0 - 66.231.191.255 Require not ip 66.231.185 #66.240.236.119 carinet 66.240.192.0 - 66.240.255.255 census6.shodan.io Require not ip 66.240.192.0/18 66.240.236 #66.246.224.11 net access corporation ***66.246.0.0 - 66.246.255.255*** #66.246.224.11 - - [13/Oct/2021:03:04:56 -0700] "GET /?c=n;o=a HTTP/1.1" 403 424 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" Require not ip 66.246 #google bot but ... 66.249.73.114 - - [17/Jul/2021:20:53:25 -0700] "GET /.well-known/acme-challenge/ HTTP/1.1" 401 228 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" Require not ip 66.249.73 #67.20.112.24 /old hostmonster / unifiedlayer Provo UT 67.20.64.0 - 67.20.127.255 Require not ip 67.20.64.0/18 67.20.112.24 #67.203.6.241 colocation 67.203.0.0 - 67.203.63.255 Require not ip 67.203.0.0/18 #67.205.0.152 dreamhost brea ca ***67.205.0.0 - 67.205.63.255*** Require not ip 67.205.0.0/18 #coloacation los angeles 67.227.32.131 Require not ip 67.227.0.0/17 #abuseipdb - dreamhost webhosting, Brea, CA 67.205.0.0 - 67.205.63.255 - ps620922.dreamhostps.com - - [12/Jul/2021:11:37:11 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 67.205.0.0/18 #fake admin 68.66.241.32 a2hosting webhosting.com Ann Arbor MI 68.66.212.0 - 68.66.255.255 68.66.232.155 Require not ip 68.66.216.0/21 68.66.224.0/19 68.66.212.0/22 68.66.212 68.66.241 #fixed cox ip out of Carlsbad??? 68.107.8.219 - - [08/Oct/2021:09:16:04 -0700] "GET /apple-touch-icon.png HTTP/1.1" 403 1348 "-" "Safari/16611.2.7.1.4 CFNetwork/1240.0.4 Darwin/20.5.0" Require not ip 68.107.8.219 #greenhousedata - lunavi cheyenne wyoming 68.168.240.0 - 68.168.255.255 ipv4-64-246-165-50.greenhousedata.net - - [12/Jul/2021:16:04:08 -0700] "GET /robots.txt HTTP/1.0" 401 228 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:59.0) Gecko/20100101 Firefox/59.0" Require not ip 68.168.245 68.168.240.0/20 #68.183.68.148 digitalocean data center frankfurt 68.183.0.0 - 68.183.255.255 abuseipdb 68.183.68.148 - - [18/Jul/2021:20:28:27 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #68.183.10.57 Require not ip 68.183 #69.16.145.208 strongvpn - highwinds - 244.158.200.192.as13926.net - - [21/Jul/2021:10:34:39 -0700] "GET /b2evo1/blog7.php?tempskin=_rss2 HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Rv:50.0) Gecko/20100101 Firefox/50.0" Require not ip 69.16.128.0/18 #69.30.225.98 - - [08/Jul/2021:06:24:23 -0700] "GET //wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 503 282 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" Require not ip 69.30.225.98 #69.36.160.153 westhost.com west-datacenter.net range not provided in whois! prov153.west-datacenter.net - - [27/Jul/2021:19:21:58 -0700] "POST /mail.php HTTP/1.1" 404 236 "https://ridesbyscott.com/" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" Require not ip 69.36.160 #69.49.229.201 wp attack endurance international Massachusetts ***69.49.224.0 - 69.49.255.255*** Require not ip 69.49.229 #69.4.94.107 B2 net solutions servermania buffalo 69.4.80.0 - 69.4.95.255 69.4.90.18 Require not ip 69.4.80.0/20 69.4.90 69.4.94 #69.58.5.170 servermania 69.58.0.0 - 69.58.15.255 Require not ip 69.58.0.0/20 #69.58.5.170 #69.84.113.41 Atlantic broadband fixed line ip Require not ip 69.84.113.41 #69.160.160.61 intellium nicecrawler 69.160.160.0 - 69.160.160.255 69.160.160.50 Require not ip 69.160.160 #69.163.216.124 dreamhost ***69.163.128.0 - 69.163.255.255*** Require not ip 69.163.128.0/17 #69.163.216.124 #70.32.26.247 wp attack a2 hosting mi ***70.32.16.0 - 70.32.31.255*** Require not ip 70.32.16.0/20 #70.40.217.66 bork unifiedlayer Utah bluehost 0.40.192.0 - 70.40.223.255 Require not ip 70.40.192.0/19 #70.186.230.2 cox/abuseipdb Require not ip 70.186.230.2 #71.6.158.166 nija.census.shodan.io carinet san diego/henderson nv 71.6.128.0 - 71.6.255.255 Require not ip 71.6.158 #71.42.252.18 spectrum san antonio tx rrcs-71-42-252-18.sw.biz.rr.com - - [02/Aug/2021:06:32:58 -0700] "GET /rsc/fbn_screenshot.png HTTP/2.0" 200 48436 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36" Require not ip 71.42.252.18 #72.13.46.6 verisign VA ***72.13.32.0 - 72.13.63.255*** Require not ip 72.13.32.0/19 #amazon - may be the ip that checked my abuse complaint! 72-21-196-66.amazon.com - - [22/Jul/2021:12:15:55 -0700] "GET / HTTP/2.0" 200 1192 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0" Require not ip 72.21.192.0/19 #72.34.34.150 wp-login IHNetworks California ***72.34.32.0 - 72.34.63.255*** Require not ip 72.34.32.0/19 #72.34.34.150 #abuseipdb - verizon rahway NJ - 72.79.45.44 - - [12/Jul/2021:10:19:30 -0700] "GET / HTTP/1.1" 401 228 "-" "panscient.com" (corporate data marketing scum) Require not ip 72.79.45.44 #72.167.42.45 godaddy scottsdale AZ 72.167.0.0 - 72.167.255.255 72.167.225.115 Require not ip 72.167 #72.200.103.220 cox AZ ***72.192.0.0 - 72.223.255.255*** Require not ip 72.200.103.220 #74.81.52.85 curl perfect international los angeles ***74.81.32.0 - 74.81.63.255*** Require not ip 74.81.32.0/19 #74.81.52.85 #74.84.128.125 hopone internet Tukwila WA 74.84.128.0 - 74.84.159.255 washington.securityspace.com Require not ip 74.84.128.0/19 74.84.128 #74.91.0.42 atlanticmetro NYC 74.91.0.0 - 74.91.15.255 Require not ip 74.91.0.0/20 74.91.0.42 #74.119.146.38 totalserversolutions atlanta ga ***74.119.144.0 - 74.119.147.255*** Require not ip 74.119.144.0/22 #74.208.103.228 wp-login wp.convergence.us ianos chesterbrook pa 74.208.0.0 - 74.208.255.255 74.208.136.178 wp-login Require not ip 74.208 #74.64.248.172 admin fixed line charter 74.64.0.0 - 74.79.255.255 Require not ip 74.64.248.172 #75.102.27.91 colocrossing 75.102.0.0 - 75.102.63.255 Require not ip 75.102.0.0/18 #75.102.27.91 #75.119.129.90 abuseipdb contabo data center munich Require not ip 75.119.129 #dreamhost brea ca - ps593887.dreamhostps.com - - [22/Jul/2021:13:15:01 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #75.119.218.13 Require not ip 75.119.192.0/19 #abuseip evil, databasebydesignllc data center Philadelphia PA - 76.72.172.166 - - [07/Jul/2021:12:14:44 -0700] "GET / HTTP/2.0" 206 1713 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" #76.72.172.165 Require not ip 76.72.172 #76.171.186.68 spectrum carlsbad ca cpe-76-171-186-68.socal.res.rr.com - - [02/Aug/2021:13:47:02 -0700] "GET /favicon.ico HTTP/2.0" 200 4286 "-" "Safari/16611.2.7.1.4 CFNetwork/1240.0.4 Darwin/20.5.0" Require not ip 76.171.186.68 #kapersky russia 77.74.177.114 Require not ip 77.74.176 77.74.177 77.74.178 77.74.179 #seznambot 77.75.76.162 Require not ip 77.75.76 Require not ip 77.75.78 #77.81.139.246 env M247 dublin 77.81.139.128 - 77.81.139.255 Require not ip 77.81.139.246 #77.81.142.121 m247 data center mexico city working with this one unn-138-199-29-42.datapacket.com Require not ip 77.81.142 #77.90.159.75 ipmen presidio holdings sheridan wy ***77.90.158.0 - 77.90.159.255*** Require not ip 77.90.158 77.90.159 #77.90.171.197 ipmen russia ***77.90.167.0 - 77.90.172.255*** 77.90.171.40 Require not ip 77.90.171 #abuseipdb - snel data center netherlands - 77.95.229.45 - - [10/Jul/2021:19:06:47 -0700] "GET /.env HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" Require not ip 77.95.229 #77.111.247.90 hern labs sweden 77.111.244.0 - 77.111.244.255 77.111.247.0 - 77.111.247.255 - - [08/Jul/2021:08:32:44 -0700] "GET /assets/ckfinder/core/connector/php/connector.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.3945.117 Safari/537.36" #77.111.247.189 77.111.247.250 which is opera sweden, trying to hack, so using the opera vpn for bad. 77.111.247.160 77.111.247.5 bork 77.111.247.81 bork 77.111.244.37 77.111.247.49 wp 77.111.247.224 ep #77.111.247.169 77.111.247.189 77.111.247.147 77.111.247.67 77.111.247.41 77.111.244.37 77.111.247.43 77.111.247.196 77.111.247.73 77.111.247.71 77.111.247.13 77.111.247.242 77.111.247.31 #77.111.247.191 - - [30/Sep/2021:23:41:50 -0700] "GET /license.txt HTTP/1.1" 403 - "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.3945.117 Safari/537.36" Require not ip 77.111.244 77.111.247 #77.239.102.25 reach internet uk wp-login 77.239.96.0 - 77.239.103.255 Require not ip 77.239.102 #77.243.27.72 wp-login A1 serbia ***77.243.24.0 - 77.243.27.255*** Require not ip 77.243.27.72 #77.247.127.153 1337 netherlands ***77.247.127.128 - 77.247.127.159*** Require not ip 77.247.127.153 #77.247.178.183 POST nforce netherlands ***77.247.178.0 - 77.247.178.255*** Require not ip 77.247.178 #77.247.181.163 tor nforce netherlands zweibelfreunde germany 77.247.181.160 - 77.247.181.175 politkovskaja.torservers.net - - [17/Aug/2021:15:19:57 -0700] "GET /.git/config HTTP/1.1" 500 - "-" "Go-http-client/1.1" Require not ip 77.247.181.163 77.247.181.165 #78.46.90.120 hetzner germany 78.46.64.0 - 78.46.95.255 Require not ip 78.46.90 #78.46.161.81 hetzner germany 78.46.161.64 - 78.46.161.95 Require not ip 78.46.161.81 #78.46.178.141 hetzner 78.46.178.136 - 78.46.178.143 Require not ip 78.46.178.141 #78.47.58.219 hetzner ***78.47.58.216 - 78.47.58.223*** Require not ip 78.47.58.219 #78.85.223.138 udm broadband russia ***78.85.192.0 - 78.85.223.255*** Require not ip 78.85.223 #78.129.165.8 iomart.com uk aihitbot ***78.129.128.0 - 78.129.255.255*** ***78.129.165.0 - 78.129.165.255*** Require not ip 78.129.128 78.129.129 78.129.165 #78.131.88.172 wp-login digifiber hungary ***78.131.88.0 - 78.131.88.255*** Require not ip 78.131.88 #78.142.244.185 cloudhosting thailand 78.142.244.0 - 78.142.247.255 Require not ip 78.142.244 #78.157.36.98 tehran - s203.mehost.co - - [21/Jul/2021:20:44:33 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 78.157.36.0/24 #78.157.40.153 dade tehran 78.157.32.0 - 78.157.63.255 Require not ip 78.157.36 78.157.40 #78.182.138.165 turktelcom turkey 78.182.0.0 - 78.182.255.255 Require not ip 78.182 #79.55.33.188 telcomitalia ***79.55.0.0 - 79.55.127.255*** host-79-55-33-188.retail.telecomitalia.it - - [22/Sep/2021:04:57:54 -0700] "GET /xmlrpc.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" Require not ip 79.55.33 #79.98.24.16 lithuania ***79.98.24.0 - 79.98.31.255*** Require not ip 79.98.24 #79.51.57.116 telcomitalia 79.51.0.0 - 79.51.127.255 not sure on this one # Require not ip 79.51.57.116 #79.101.44.3 excalibur Servia 79.101.44.0 - 79.101.44.255 Require not ip 79.101.44 #79.104.209.206 vimpelcom russi ***79.104.209.0 - 79.104.209.255*** Require not ip 79.104.209 #79.110.28.0 - 79.110.28.255 fine group nj Require not ip 79.110.28 #79.110.52.54 M247 netherlands ***79.110.52.0 - 79.110.52.255*** Require not ip 79.110.52 #79.127.84.254 post attempts fixed line Iran Require not ip 79.127.84.254 #79.152.104.36 telefonica de espana 36.red-79-152-104.dynamicip.rima-tde.net - - [02/Aug/2021:09:53:05 -0700] "GET /favicon.ico HTTP/2.0" 200 4286 "https://daltrey.org/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.1.2 Safari/605.1.15" #79.154.197.40 ***79.152.0.0 - 79.155.255.255*** Require not ip 79.152.104 79.154.197 #79.173.188.13 isp luminet england, probing for robots.txt without identifying itself as a bot, looking for sitemap, favicon from second ip Require not ip 79.173.188.12 79.173.188.13 #79.209.38.139 deutsche telekom germany ***79.192.0.0 - 79.244.191.255*** 79.209.33.10 Require not ip 79.209.33 79.209.38 #abuseipdb - 34sp data center Manchester England - 80.82.113.57 - - [10/Jul/2021:14:31:11 -0700] "GET /autodiscover/autodiscover.xml HTTP/1.1" 406 300 "http://autodiscover.ridesbyscott.com/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 80.82.113 #80.241.141.109 flamenetworks italy ***80.241.140.0 - 80.241.143.255*** Require not ip 80.241.141 #80.255.7.124 .env POST core-backbone germany 80.255.0.0 - 80.255.15.255 Require not ip 80.255.7 #81.17.18.198 privatelayer zurich 81.17.16.0 - 81.17.31.255 viseln-ces-107.visitartisticsplaces.com - - [31/Jul/2021:14:29:04 -0700] "GET /linux/cypress.html HTTP/1.0" 200 53406 "http://daltrey.org/linux/cypress.html" "Mozilla/5.0 (Windows NT 6.1; rv:59.0) Gecko/20100101 Firefox/59.0,gzip(gfe)" Require not ip 81.17.18 #81.19.214.5 hydra UK ***81.19.208.0 - 81.19.223.255*** Require not ip 81.19.214 #81.51.19.229 orange france 81.51.16.0 - 81.51.23.255 Require not ip 81.51.19 #81.69.254.180 thinkbot tencent cloud china 81.68.0.0 - 81.71.255.255 Require not ip 81.68 81.69 81.70 81.71 #81.92.218.157 wp-login eden.dnshostnetwork.com serverdroid london ***81.92.218.144 - 81.92.218.159*** Require not ip 81.92.218.157 #81.162.119.138 yaltatv-net ukraine 81.162.96.0 - 81.162.127.255 Require not ip 81.162.119 #strato germany Require not ip 81.169.250.0/24 #abuseipdb - Umea Sweden ISP - h-81-170-128-52.a258.priv.bahnhof.se - - [12/Jul/2021:13:10:30 -0700] "GET /EVware/ HTTP/1.1" 401 228 "-" "nu.marginalia.wmsa.edge-crawler" Require not ip 81.170.128.52 #81.209.177.145 bardoline eunetworks netestate germany 81.209.177.0 - 81.209.178.127 Require not ip 81.209.177 #82.65.100.133 free france 82.65.82.0 - 82.65.255.255 Require not ip 82.65.100 #82.102.25.149 m247 singapore ***82.102.25.0 - 82.102.25.255*** Require not ip 82.102.25 #82.155.66.15 wp attack PT Comunicacoes S.A. portugal ***82.155.0.0 - 82.155.127.255*** Require not ip 82.155.66 #82.165.82.153 bork ionos germany ***82.165.64.0 - 82.165.127.255*** 82.165.81.118 Require not ip 82.165.81 82.165.82 #82.165.185.18 php big anonymousfox ionos germany 82.165.0.0 - 82.165.255.255 Require not ip 82.165 #abuseipdb kazahkistan - 82.200.247.240 - - [22/Jul/2021:12:20:14 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 82.200.247.0/24 #82.207.175.52 obone/hostserve germany ***82.207.172.0 - 82.207.175.255*** Require not ip 82.207.175 #83.96.255.253 abuseipdb resource.cloud netherlands Require not ip 83.96.255 #83.145.36.70 netping sizeit sweden 83.145.36.0 - 83.145.36.255 Require not ip 83.145.36 #83.171.253.206 blockchainnetworksolutions london ***83.171.252.0 - 83.171.253.255*** Require not ip 83.171.252 83.171.253 #83.229.75.113 cloudweb management kamatera uk 83.229.75.0 - 83.229.75.255 Require not ip 83.229.75 #84.17.49.129 datacamp germany 84.17.48.0 - 84.17.49.255 Require not ip 84.17.48 84.17.49 #84.22.149.56 igraservice russia ***84.22.136.0 - 84.22.159.255*** 84.22.149.125 84.22.151.19 84.22.148.245 84.22.149.70 84.22.149.227 84.22.150.41 84.22.150.94 84.22.151.209 84.22.151.15 Require not ip 84.22.148 84.22.149 84.22.150 84.22.151 #84.38.132.237 dataclub netherlands ***84.38.132.0 - 84.38.132.255*** Require not ip 84.38.132 #84.247.48.27 m247 mail.php ***84.247.48.0 - 84.247.48.255*** Require not ip 84.247.48 #84.252.71.128 bork ru proline ***84.252.70.0 - 84.252.71.255*** Require not ip 84.252.70 84.252.71 #85.14.243.50 amlzaya webtropia germany 85.14.243.0 - 85.14.243.255 almzaya.com - - [16/Aug/2021:13:01:02 -0700] "GET /app/etc/local.xml HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0" Require not ip 85.14.243 #85.128.142.241 nazwhapl webhosting poland 85.128.142.0 - 85.128.142.255 Require not ip 85.128.142 #85.202.194.42 traffictransitsolutions sheridan wy ***85.202.194.0 - 85.202.194.255*** Require not ip 85.202.194 #85.203.51.210 - abuseipdb - data center netherlands Require not ip 85.203.51 #85.206.165.172 ist London / bacloud canada lithuania 85.206.165.160 - 85.206.165.175 Require not ip 85.206.165.162 85.206.165.172 #semrush, mountain view, ca Require not ip 85.208.98 #85.208.104.205 acloud germany digital energy london ***85.208.104.0 - 85.208.105.255*** Require not ip 85.208.104 85.208.105 #85.202.195.149 traffictransitsolutions estonia / sheridan WY ***85.202.195.0 - 85.202.195.255*** Require not ip 85.202.195 #85.203.44.191 express telecity amsterdam ***85.203.44.0 - 85.203.44.255*** Require not ip 85.203.44 #85.215.227.209 strato VA/ionos germany ***85.215.224.0 - 85.215.239.255*** #ip85-215-226-193.pbiaas.com - - [10/Oct/2021:16:08:21 -0700] "GET /.env HTTP/1.1" 301 231 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" Require not ip 85.215.226 85.215.227 #85.236.156.161 planethoster france ***85.236.156.0 - 85.236.157.255*** Require not ip 85.236.156 85.236.157 #netuity poland 85.237.192.0 - 85.237.223.255 Require not ip 85.237.192 85.237.193 85.237.194 Require not ip 85.237.195 85.237.196 85.237.197 85.237.192 85.237.198 85.237.199 85.237.200 85.237.201 85.237.202 85.237.202 85.237.203 85.237.204 85.237.205 85.237.206 Require not ip 85.237.207 85.237.208 85.237.209 85.237.210 85.237.211 85.237.212 85.237.213 85.237.214 85.237.215 85.237.216 85.237.217 85.237.218 85.237.219 85.237.219 Require not ip 85.237.220 85.237.221 85.237.222 85.237.223 #85.254.72.27 SIA Latnet Latvia ***85.254.72.0 - 85.254.72.255*** Require not ip 85.254.72 #86.62.59.171 special internet operations/Eliteworks Atlanta ***86.62.58.0 - 86.62.59.255*** Require not ip 86.62.58 86.62.59 #86.111.51.117 fixed ip austria not sure actual hack, looking at cypress pages # Require not ip 86.111.51.117 #87.118.110.27 abuseipdb keyweb data center tor germany with 104.244.76.13 and 193.218.118.116 Require not ip 87.118.110 #87.247.244.117 wp-login godaddy eu ***87.247.240.0 - 87.247.247.255*** Require not ip 87.247.244 #88.99.215.210 hetzner ***88.99.215.192 - 88.99.215.255*** #88.198.36.15 hetzner germany 88.198.32.0 - 88.198.63.255 ***88.198.64.0 - 88.198.67.255*** #88.198.67.172 wp-login hetzner germany Require not ip 88.99.215.210 88.198.36 88.198.67 #88.150.241.101 iomart uk ***88.150.240.0 - 88.150.241.255*** Require not ip 88.150.240 88.150.241 #88.153.198.181 cyprus/coordinated with other fixed lines vodaphone germany/unitymedia (france) ***88.153.128.0 - 88.153.255.255*** Require not ip 88.153.198 #88.214.26.34 fcloud seychelles 88.214.26.0 - 88.214.26.255 Require not ip 88.214.26 #88.214.43.19 cornel.trillyn.co.uk /.env 10/12/21, 5:39 AM 231 301 GET HTTP/1.1 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36 #netmax turkey ***not sure abuseipdb got this one right. # Require not ip 88.214.43.19 #89.19.33.235 lovtel germany / leasetoipmen russia *** 89.19.32.0 - 89.19.33.255*** Require not ip 89.19.32 89.19.33 #bork - abuseip - Italy - Aruba shared hosting - host228-105-46-89.serverdedicati.aruba.it - - [16/Jul/2021:14:31:41 -0700] "GET /wp-admin/ HTTP/1.1" 301 232 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" #89.46.106.140 bork aruba ***89.46.106.0 - 89.46.106.255*** #89.46.110.159 aruba italy ***89.46.104.0 - 89.46.111.255*** Require not ip 89.46.105 89.46.106 89.46.110 #89.46.114.35 m247 los angeles ***89.46.114.0 - 89.46.114.127*** Require not ip 89.46.114.35 #89.163.242.195 myloc germany ***89.163.128.0 - 89.163.255.255*** Require not ip 89.163.242 #89.169.59.234 trivon fixed line russia 89.169.32.0 - 89.169.63.255 Require not ip 89.169.59 #89.184.92.230 mirohost ukraine ***89.184.88.0 - 89.184.95.255*** vs2938.mirohost.net Require not ip 89.184.92.230 #89.187.179.58 datacamp cdn77 89.187.176.0 - 89.187.179.255 89.187.177.51 Require not ip 89.187.177 89.187.179 #89.245.82.203 versatel germany fixed line, coordinated dbflash.exe with several other fixed line accounts ***89.245.64.0 - 89.245.127.255*** Require not ip 89.245.82 #91.206.200.82 deltax ukraine ***91.206.200.0 - 91.206.201.255*** Require not ip 91.206.200 91.206.201 #89.208.29.202 ti.ru/dinet russia 89.208.29.0 - 89.208.29.255 Require not ip 89.208.29 #89.223.93.84 simplecloud russia ***89.223.88.0 - 89.223.95.255*** sports.earacheevince.com - - [17/Aug/2021:07:16:24 -0700] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" Require not ip 89.223.93 #89.245.93.148 dbflash.exe versatel germany ***89.245.64.0 - 89.245.127.255*** Require not ip 89.245.93 #89.248.173.145 incrediserve netherlands / ipvolume seychelles ***89.248.173.0 - 89.248.173.255*** Require not ip 89.248.173 #89.249.73.211 M247 Brussels 89.249.73.97 - 89.249.73.255 Require not ip 89.249.73.211 #89.252.159.226 netinternet turkey ***89.252.159.0 - 89.252.159.255*** Require not ip 89.252.159 #90.37.165.91 cyprus retrieval orange france ***90.37.165.0 - 90.37.165.255*** Require not ip 90.37.165 #91.58.222.27 cyprus.html deutsche telekom ***91.32.0.0 - 91.63.255.255*** Require not ip 91.58.222 #91.76.218.235 mts.ru russia ***91.76.0.0 - 91.77.255.255*** 91.76.253.26 Require not ip 91.76 91.77 #91.132.253.124 SAS nexylan france ***91.132.253.0 - 91.132.253.255*** Require not ip 91.132.253 #91.170.51.199 online sas france 91.160.0.0 - 91.175.255.255 Require not ip 91.170 #91.188.229.235 ru proline 91.188.229.0 - 91.188.229.255 Require not ip 91.188.229 #91.192.164.15 wp-login zetohosting poland ***91.192.164.0 - 91.192.167.255*** Require not ip 91.192.164 #abusipdb - meric Turkey - heap.macmojave.com - - [11/Jul/2021:09:09:28 -0700] "GET /.env HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" Require not ip 91.194.55.194 #91.199.112.169 atx network russia ***91.199.112.0 - 91.199.112.255*** Require not ip 91.199.112 #91.194.91.202 contabo 91.194.91.0 - 91.194.91.255 # 91.205.174.96 contabo germany 91.205.174.0 - 91.205.175.255 91.205.175.35 Require not ip 91.194.91 91.205.174 91.205.175 #91.204.46.232 netcup germany ***91.204.46.0 - 91.204.47.255*** Require not ip 91.204.46 91.204.46 #91.207.60.35 xserver ukraine 91.207.60.0 - 91.207.61.255 Require not ip 91.207.60 91.207.61 #91-207-219-72.broadband.ipmcenter.ru - - [08/Jul/2021:06:09:21 -0700] "GET /index.php?option=com_users&view=registration HTTP/1.1" 301 276 "-" "Opera/9.80 (Windows NT 6.0); U; en) Presto/2.7.62 Version/11.00" Require not ip 91.207.219.72 #91.209.51.6 fixed ip ukraine Require not ip 91.209.51 #91.238.165.145 enixltd uk 91.238.164.0 - 91.238.165.255 vps.huxleydigital.co.uk wp-login Require not ip 91.238.164 91.238.165 #91.241.19.182 ru redbytes russia ***91.241.19.0 - 91.241.19.255*** 91.241.19.243 Require not ip 91.241.19 #91.219.212.198 m247 los angeles 91.219.212.0 - 91.219.212.255 Require not ip 91.219.212 #91.219.236.5 wp serverastra budapest 91.219.236.0 - 91.219.239.255 441061389-dedicated.serverastra.com Require not ip 91.219.236 #91.222.236.97 fitz data center london - 91.222.236.0 - 91.222.236.255 Require not ip 91.222.236 #abuseipdb - domengood.ru data center Samara Russia - 1709.domengood.ru - - [16/Jul/2021:18:40:44 -0700] "HEAD / HTTP/1.1" 200 - "-" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB5; MRA 5.2 (build 02415); BTRS122153; MRSPUTNIK 2, 0, 1, 31 SW; RadioClicker LITE; RadioClicker http://radioclicker.com; MRSPUTNIK 2, 0, 1, 31 HW; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; OfficeLiveConnector.1.5; OfficeLivePatch.1.3; .NET4.0C)" Require not ip 91.227.68 #admin hack idhosting data center poland Require not ip 91.231.140 #91.250.242.12 romania vpn 91.250.242.0 - 91.250.242.255 Require not ip 91.250.242 #92.51.148.174 sinsline france ***92.51.144.0 - 92.51.151.255*** Require not ip 92.51.148 #92.118.160.9 netsystems research 92.118.160.0 - 92.118.161.255 92.118.160.57 autodiscover 92.118.160.37 92.118.160.13 92.118.160.17 autodiscover 92.118.160.61 #netsystemsresearch, but also cgi attacks from this block, evil in abuseipdb 92.118.160.45 autodiscover attack piggy-backed on netsystemresearch Require not ip 92.118.160 92.118.161 #92.119.35.69 heficed london ***92.119.35.0 - 92.119.35.255*** 92.119.35.210 Require not ip 92.119.35 #92.119.162.34 mosnet russia / ru proline ***92.119.162.0 - 92.119.162.255*** Require not ip 92.119.162 #92.204.136.183 hosteurope warrenton VA / Godaddy 92.204.128.0 - 92.204.143.255 Require not ip 92.204.136 #92.204.175.89 hosteurope france cyberghost romania ***92.204.175.80 - 92.204.175.95*** Require not ip 92.204.175.89 #92.246.84.133 tor exit xsserver germany ***92.246.84.128 - 92.246.84.159*** Require not ip 92.246.84.133 #93.113.111.153 wp-login nimbus cloud hosting uk 93.113.111.0 - 93.113.111.255 Require not ip 93.113.111 #93.113.224.118 wp-login afranet iran ***93.113.224.0 - 93.113.239.255*** Require not ip 93.113.224 #93.114.234.242 nimbus uk 93.114.234.0 - 93.114.234.255 Require not ip 93.114.234 #93.119.227.91 toplevelhosting romania ***93.119.227.0 - 93.119.227.127*** 93.119.227.19 Require not ip 93.119.227.91 93.119.227.19 #93.124.48.162 rosetelcom ip looking at fastbk.com? russia 93.124.8.0 - 93.124.63.255 Require not ip 93.124.48 #93.124.97.226 rostelcom looking at fastbk.com 93.124.64.0 - 93.124.127.255 Require not ip 93.124.97.226 #93.158.66.18 git attack fruitkings sweden yellowstone entertainment 93.158.66.0 - 93.158.66.127 Require not ip 93.158.66.18 #93.158.90.156 abuseipdb availo data center sweden 93.158.64.0 - 93.158.127.255 93.158.90.153 93.158.90.141 93.158.90.144 93.158.90.168 internetvikings 93.158.91.251 93.158.91.241 93.158.91.239 #93.158.91.249 93.158.91.235 93.158.91.252 93.158.91.254 93.158.91.201 Require not ip 93.158.90 93.158.91 93.158.92 #93.159.230.89 abuseipdb - kaspersky labs *** 93.159.230.0 - 93.159.231.255*** Russia - 93.159.230.28 - - [08/Jul/2021:07:45:22 -0700] "GET / HTTP/1.1" 200 1120 "http://daltrey.org" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" Require not ip 93.159.230 93.159.231 #93.170.171.101 pronet ukraine 93.170.170.0 - 93.170.171.255 Require not ip 93.170.170 93.170.171 #93.180.221.132 horizon iraq (part of an attack mostly via ukraine) 93.180.216.0 - 93.180.223.255 Require not ip 93.180.221 #94.102.49.193 cloud.census.shodan.io incrediserve seychelles 94.102.49.0 - 94.102.49.255 Require not ip 94.102.49 #94.130.112.184 hetzner ***94.130.0.0 - 94.130.255.255*** #94.130.167.79 hetzner ***94.130.167.64 - 94.130.167.127*** p161n1 #94.130.219.238 hetzner germany 94.130.219.192 - 94.130.219.255 #94.130.131.80 hetzner germany 94.130.131.64 - 94.130.131.127 Require not ip 94.130 #94.140.115.133 git tor / yourserver latvia 94.140.114.0 - 94.140.115.255 Require not ip 94.140.115 94.140.115 #94.158.36.183 lds fixed line isp ukraine 94.158.32.0 - 94.158.39.255 Require not ip 94.158.23 94.158.36 #94.176.174.183 inhostroyale cleardocks israel ***94.176.172.0 - 94.176.175.255*** Require not ip 94.176.172 94.176.174 #94.230.208.148 tor exit nine internet switzerland 94.230.208.144 - 94.230.208.151 tor3e3.digitale-gesellschaft.ch Require not ip 94.230.208.148 #94.237.68.202 upcloud finland/singapore ***94.237.64.0 - 94.237.71.255*** Require not ip 94.237.68 #95.79.84.116 ertelcom russia 95.79.80.0 - 95.79.87.255 dynamicip-95-79-84-116.pppoe.nn.ertelecom.ru Require not ip 95.79.84 #95.79.181.4 retelcom ru ***95.79.176.0 - 95.79.183.255*** Require not ip 95.79.181 #95.111.235.41 contabo ***95.111.224.0 - 95.111.239.255*** Require not ip 95.111.235 #95.128.129.22 fast ireland ***95.128.129.0 - 95.128.129.255*** Require not ip 95.128.129 #95.152.62.218 rostelecom russia ***95.152.8.0 - 95.152.63.255*** Require not ip 95.152.62 #95.158.49.167 best.net ukraine ***95.158.48.0 - 95.158.55.255*** Require not ip 95.158.49 #95.163.255.172 ztomy data center germany - fetcher16-23.go.mail.ru - - [18/Jul/2021:07:58:56 -0700] "GET / HTTP/1.1" 406 300 "-" "Mozilla/5.0 (compatible; Linux x86_64; Mail.RU_Bot/2.0; +http://go.mail.ru/help/robots)" Require not ip 95.163.255 #sh.cz data center - maybe this one: unn-212-102-57-22.cdn77.com - - [17/Jul/2021:06:00:53 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" Require not ip 95.168.203 #95.170.155.106 aventel russia fixed line ***95.170.152.0 - 95.170.155.255*** Require not ip 95.170.155.106 #95.179.151.41 vultr/constant company netherlands ***95.179.150.0 - 95.179.151.255*** 95.179.130.74 ***95.179.130.0 - 95.179.131.255*** #***95.179.206.0 - 95.179.207.255***95.179.206.203.vultr.com - - [30/Sep/2021:15:13:33 -0700] "GET /403.php HTTP/1.1" 406 300 "http://daltrey.net/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #95.179.165.240 constant co/vultr ***95.179.164.0 - 95.179.165.255*** Require not ip 95.179.130 95.179.131 95.179.150 95.179.151 95.179.164 95.179.165 151 95.179.206 95.179.207 #95.181.151.112 quarta.ru newark nj finegroup us 95.181.151.0 - 95.181.151.255 #95.181.152.71 qwarta ru 95.181.152.0 - 95.181.152.255 Require not ip 95.181.151 95.181.152 #95.181.238.12 m247 data center bahamas Require not ip 95.181.238 #95.215.145.128 vem san jose 95.215.144.0 - 95.215.147.255 Require not ip 95.215.144 95.215.145 95.215.146 95.215.147 #95.217.78.164 Hetzner Finland 95.216.0.0 - 95.217.255.255 95.217.227.167 95.217.215.66 seekport crawler #95.216.34.149 OPTIONS and GET requests with no referrer and no user-agent 10/16/2021 Require not ip 95.216 95.217 #96.8.113.204 colocrossing 96.8.112.0 - 96.8.127.255 Require not ip 96.8.112.0/20 96.8.113 #96.126.120.226 linode philadelphia pa ***96.126.96.0 - 96.126.127.255*** Require not ip 96.126.96.0/19 #96.126.120.226 #98.118.42.121 verizon fios Require not ip 98.118.42.121 #98.142.96.66 hostdime orlando 98.142.96.0 - 98.142.111.255 Require not ip 98.142.96.0/20 98.142.96 #amazonaws 99.83.64.0 - 99.84.255.255 Require not ip 99.83.64.0/18 99.83.128.0/17 99.84.0.0/16 99.83.153 99.84 #100.20.64.211 amazonaws portland 100.20.0.0 - 100.31.255.255 100.21.218.158 Require not ip 100.20.0.0/14 100.24.0.0/13 100.20 #101.42.118.107 tencent china ***101.42.0.0 - 101.43.255.255*** Require not ip 101.42 101.43 #101.128.118.201 .env /POST CBN-ID indonesia ***101.128.64.0 - 101.128.127.255*** Require not ip 101.128.118 #101.128.127.162 .env / POST CBN Jakarta Indonesia 101.128.64.0 - 101.128.127.255 Require not ip 101.128.127 #china telcom Require not ip 101.224.155 #102-129-128-97.quadranthosting.com - - [04/Jul/2021:17:44:40 -0700] "GET / HTTP/2.0" 200 234 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1" Require not ip 102.129.128.97 #102.185.152.135 vodaphone Egypt 102.184.0.0 - 102.187.255.255 Require not ip 102.185 #103.1.212.251 gls australia big scanning attack 103.1.212.0 - 103.1.212.255 Require not ip 103.1.212 #103.28.49.63 netlogistics / dreamscape australia - 103.28.48.0 - 103.28.51.254 server-1r-r91.ipv4.syd02.ds.network - - [24/Jul/2021:02:52:41 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 103.28.48 103.28.49 103.28.50 103.28.51 #103.52.144.138 klickserver indonesia ***103.52.144.0 - 103.52.147.255*** Require not ip 103.52.144 #abuseipdb nhanoi vietnam 103.57.208.0 - 103.57.211.255 Require not ip 103.57.208 103.57.209 103.57.210 103.57.211 #103.58.58.66 National Informatics Centre Services data center India 103.58.56.0 - 103.58.59.255 (not sure if this is correct hacker - bork - host103-58-58-66.adriinfocom.in) Require not ip 103.58.56 103.58.57 103.58.58 103.58.59 #103.75.184.188 inetsoft hanoi 103.75.184.0 - 103.75.187.255 Require not ip 103.75.184 #103.80.82.33 jsn.net indonesia 103.80.80.0 - 103.80.83.255 Require not ip 103.80.80 103.80.81 103.80.82 103.80.83 #103.82.21.18 cloudfly vietnam ***103.82.20.0 - 103.82.23.255*** Require not ip 103.82.21 #103.85.22.195 wp attack 7e Hong Kong 103.85.20.0 - 103.85.23.255 Require not ip 103.85.20 103.85.21 103.85.22 103.85.23 #103.88.219.25 Metro telecommunications India 103.88.216.0 - 103.88.219.255 node-103-88-219-25.alliancebroadband.in - - [31/Jul/2021:23:20:41 -0700] "GET /wp-login.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" Require not ip 103.88.219 #103.90.235.91 wp attack hostdime webpanda vietnam ***103.90.232.0 - 103.90.235.255*** Require not ip 103.90.235 #103.91.54.98 srl Bangladesh ***103.91.54.0 - 103.91.54.255*** Require not ip 103.91.54 #103.107.198.231 autodiscover gsl singapore / australia 103.107.198.0 - 103.107.198.255 Require not ip 103.107.198 #103.109.209.136 wp-login politeknik indonesia ***103.109.209.0 - 103.109.209.255*** Require not ip 103.109.209 #103.114.106.38 vietserver hanoi ***103.114.104.0 - 103.114.107.255*** 103.114.107.98 Require not ip 103.114.106 103.114.107 #103.124.93.236 sm4s vietnam ***103.124.92.0 - 103.124.95.255*** Require not ip 103.124.93 #103.127.30.241 microhost india abuseipdb 103.127.28.0 - 103.127.31.255 Require not ip 103.127.28 103.127.29 103.127.30 103.127.31 #103.129.176.145 247hosting weipucomtw taiwan 103.129.176.0 - 103.129.179.255 103.129.176.145 - - [28/Jul/2021:22:25:49 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 103.129.176 #malaysia 103.133.132.0 - 103.133.133.255 Require not ip 103.133.132 103.133.133 #103.138.116.50 wp-login iweka indonesia 103.138.116.0 - 103.138.117.255 Require not ip 103.138.116 103.138.117 #103.146.202.150 PT Siber indonesia ***103.146.202.0 - 103.146.203.255*** Require not ip 103.146.202 103.146.203 #103.147.184.237 vietserver vietnam ***103.147.184.0 - 103.147.185.255*** Require not ip 103.147.184 #103.148.156.231 wp-login nsteve india 103.148.156.0 - 103.148.157.255 Require not ip 103.148.156 103.148.157 #103.200.31.148 cloudie hong kong ***103.200.31.0 - 103.200.31.255*** Require not ip 103.200.31 #103.206.115.94 sree sai services india ***103.206.112.0 - 103.206.115.255*** Require not ip 103.206.115 #103.211.219.226 pdro1 india 103.211.219.0 - 103.211.219.255 Require not ip 103.211.219 #abuseipdb - Asdigi.com - Vietnam - 103.221.220.99 - - [12/Jul/2021:09:21:11 -0700] "GET / HTTP/1.1" 401 228 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 103.221.220 #103.229.126.170 wp attack cloudie hong kong 103.229.126.0 - 103.229.126.255 Require not ip 103.229.126 #103.243.24.72 hlvps hong kong ***103.243.24.0 - 103.243.24.255*** Require not ip 103.243.24 #axgn data center singapore Require not ip 103.253.25 #cloudflare SF CA - no-mans-land.m247.com - - [13/Jul/2021:04:02:35 -0700] "GET /linux/ HTTP/1.0" 200 64382 "https://daltrey.org/linux/" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36 Edg/90.0.818.46" dedic1492.hidehost.net - - [21/Jul/2021:08:13:01 -0700] "GET /b2evo1/blog1.php HTTP/1.0" 404 236 "https://daltrey.org/b2evo1/blog1.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4099.2 Safari/537.36" cloudfare range 104.16.0.0 - 104.31.255.255 104.22.63.80 (hack from ukraine unless fake hostname vds-638713.hosted-by-itldc.com #vds-638713.hosted-by-itldc.com 104.21.71.99 server.centytoys.com Require not ip 104.16 104.17 104.18 104.19 104.20 104.21 104.22 104.23 104.24 104.25 104.26 104.27 104.28 104.29 104.30 104.31 Require not ip 104.16.0.0/12 #microsoft mfst 104.40.0.0 - 104.47.255.255 Require not ip 104.40.0.0/13 #104.131.102.65 wp attack digital ocean ***104.131.0.0 - 104.131.255.255*** Require not ip 104.131 #104.144.129.78 servermania b2net svcs 104.144.0.0 - 104.144.255.255 Require not ip 104.144 #104.156.199.252 micfo florida ***104.156.192.0 - 104.156.223.255*** Require not ip 104.156.192.0/19 #104.160.43.196 it7net los angeles ***104.160.32.0 - 104.160.47.255*** Require not ip 104.160.32.0/20 #104.164.41.224 egihosting santa clara ca 104.164.0.0 - 104.165.255.255 Require not ip 104.164 104.165 #104.168.213.217 hostwinds chicago/seattle ***104.168.128.0 - 104.168.255.255*** Require not ip 104.168.128.0/17 #104.196.15.222 google cloud zoombot 104.196.0.0 - 104.199.255.255 Require not ip 104.196.0.0/14 104.196 #104.207.141.3 vultr illinois / constant co fl 104.207.128.0 - 104.207.159.255 Require not ip 104.207.128.0/19 104.207.141 #quadranet Tarzana - 104.129.56.139 - - [21/Jul/2021:06:57:07 -0700] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" Require not ip 104.129.0.0/18 #104.131.167.46 digitalocean ***104.131.0.0 - 104.131.255.255*** Require not ip 104.131 #104.143.89.111 web2objects virginia ***104.143.80.0 - 104.143.95.255*** Require not ip 104.143.80.0/20 #104.156.194.6 mcfo charleston SC 104.156.192.0 - 104.156.223.255 Require not ip 104.156.194 #104.161.21.118 - - [09/Jul/2021:05:26:47 -0700] "GET /wordpress/ HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:63.0) Gecko/20100101 Firefox/63.0" Require not ip 104.161.21.118 #104.168.100.180 colocrossing Atlanta 104.168.0.0 - 104.168.127.255 Require not ip 104.168.0.0/17 104.168.100 #104.196.144.247 google cloud ***104.196.0.0 - 104.199.255.255*** Require not ip 104.196.0.0/14 #abuseipdb - microsoft data center washington VA - 104.211.46.133 - - [13/Jul/2021:10:17:53 -0700] "GET /.env HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" Require not ip 104.211.46 #104.211.58.247 twingly/microsoft ***104.208.0.0 - 104.215.255.255** 104.209.223.87 Require not ip 104.208.0.0/13 #104.244.72.180 buyvm luxembourg /frantech cheyenne WY ponynet ***104.244.72.0 - 104.244.79.255*** Require not ip 104.244.72.0/21 #104.227.77.237 B2 net solutions 104.227.0.0 - 104.227.255.255 Require not ip 104.227 #digitalocean 104.236.45.171 Require not ip 104.236.0.0/16 #104.238.182.23 autodiscover vultr san jose ca constant co miami beach 104.238.128.0 - 104.238.191.255 autodiscover Require not ip 104.238.128.0/18 #104.238.182.23 #104.244.76.13 abuseipdb frantech luxemborg data center tor Require not ip 104.244.76 #104.244.77.73 ponynet frantech solutions 104.244.72.0 - 104.244.79.255 Require not ip 104.244.72.0/21 #104.244.158.126 securityframe north carolina owned-networks miami fl 104.244.152.0 - 104.244.159.255 104-244-158-126.rdns.owned-networks.net Require not ip 104.244.158 #digitalocean - North Bergen, NJ 104.248.0.0 - 104.248.255.255 - 104.248.234.14 - - [13/Jul/2021:02:25:40 -0700] "GET /robots.txt HTTP/1.1" 401 228 "-" "Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://www.majestic12.co.uk/bot.php?+)" #104.248.120.146 wp-login 104.248.155.25 wp-login 104.248.42.100 wp-login Require not ip 104.248 #104.251.86.105 braveway alabama 104.251.80.0 - 104.251.95.255 Require not ip 104.251.86 #bork abuseipdb isp morocco Require not ip 105.158.187.125 #106.11.155.61 shenmaspider China 106.11.0.0 - 106.11.255.255 Require not ip 106.11 #alibaba - 106.14.41.203 - - [22/Jul/2021:00:13:43 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 106.14.41.0/24 #106.52.240.60 thinkbot Tencent Cloud 106.52.0.0 - 106.54.255.255 #106.55.250.60 massive 22 min attack on pinkbunnybinky this is tencent cloud, china - 106.55.0.0 - 106.55.255.255 106.55.150.83 php attack 106.55.36.107 autodiscover Require not ip 106.52 106.53 106.54 106.55 #106.75.22.46 ucloud beijing 106.75.0.0 - 106.75.255.255 Require not ip 106.75 #china telcom Require not ip 106.118.200 #106.122.206.155 chinanet ***106.120.0.0 - 106.127.255.255*** #china telcom 106.120.0.0 - 106.127.255.255 106.125.148.5 106.125.148.10 Require not ip 106.122 106.125 #107.77.245.2 att mobile Require not ip 107.77.245.2 #abuseipdb bestit Kansas City MO #107.150.46.53 - - [09/Jul/2021:08:14:33 -0700] "GET //wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" # Require not ip 107.150.46.53 # working together! Kansas City 142.54.181.60 - - [08/Jul/2021:05:30:03 -0700] "GET //wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 503 282 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" #Kansas City 107.150.59.242 - - [08/Jul/2021:05:33:42 -0700] "GET //wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 200 11819 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" # Require not ip 107.150.59.242 Require not ip 107.150.32.0/19 #107.152.43.154 servercheap tor exit wp attack ***107.152.32.0 - 107.152.47.255*** Require not ip 107.152.32.0/20 #107.152.43.154 #107.152.243.51 b2netsolutions 107.152.128.0 - 107.152.255.255 Require not ip 107.152.128.0/17 107.152.243 #107.161.176.122 HostDime FL ***107.161.176.0 - 107.161.191.255*** Require not ip 107.161.176.0/20 #107.172.228.17 colocrossing ***107.172.0.0 - 107.175.255.255*** 107.174.150.140 107.174.233.228 107.175.149.137 #107.173.202.142 colocrossing buffalo 107.172.0.0 - 107.175.255.255 107-173-202-142-host.colocrossing.com - - [27/Jul/2021:23:13:07 -0700] "GET /linux/cypress.html HTTP/1.0" 301 246 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 6.1; rv:57.0) Gecko/20100101 Firefox/B8A7" #107-175-197-170-host.colocrossing.com - - [16/Jul/2021:08:36:57 -0700] "HEAD /wordpress HTTP/1.1" 301 - "http://ridesbyscott.com/wordpress" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" #107.175.79.156 snooping search colocrossing 107.172.0.0 - 107.175.255.255 107.174.226.150 107.175.79.177 Require not ip 107.172 107.173 107.174 107.175 #107.178.113.171 wp-login ioflood phoenix ***107.178.64.0 - 107.178.127.255*** Require not ip 107.178.64.0/18 #google cloud 107.178.192.0 - 107.178.255.255 107.178.194.46 - - [24/Jul/2021:23:12:16 -0700] "HEAD / HTTP/1.1" 401 - "-" "AppEngine-Google; (+http://code.google.com/appengine; appid: s~virustotalcloud)" Require not ip 107.178.194.46 107.178.192.0/18 #107.180.88.41 godaddy scottsdale az 107.180.0.0 - 107.180.127.255 wplogin attack Require not ip 107.180.0.0/17 107.180.88 #107.181.155.172 synltd washington dc / london 107.181.152.0 - 107.181.155.255 Require not ip 107.181.155 #107.181.177.226 totalserversolutions canada performiv GA 107.181.160.0 - 107.181.191.255 226.177.181.107.wiredns.net Require not ip 107.181.160.0/19 107.181.177 #107.189.8.65 tor exit #bork - abuseipdb - frantech.ca datacenter Cheyenne Wyoming - lux2.tor-exit-node.net - - [15/Jul/2021:22:45:08 -0700] "GET / HTTP/1.1" 200 8496 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0" [working with onion.xor.sc tor-exit-3.zbau.f3netze.de] Require not ip 107.189.8 #107.190.135.50 hostdime ***107.190.128.0 - 107.190.143.255*** Require not ip 107.190.128.0/20 #107.190.135.50 #108.62.187.81 ubiquity manassas VA leaseweb 108.62.0.0 - 108.62.255.255 108.62.69.242 108.62.69.45 108.62.69.195 Require not ip 108.62 #bork 108.167.132.58 hostgator/websitewelcome 108.167.128.0 - 108.167.191.255 br328.hostgator.com.br - - [28/Jul/2021:18:36:35 -0700] "GET /wp-admin/ HTTP/1.1" 301 234 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 108.167.128.0/18 108.167.132 #108.170.5.218 securedservers phoenix ***108.170.0.0 - 108.170.63.255*** Require not ip 108.170.0.0/18 #108.174.50.140 colocrossing buffalo ny 108.174.48.0 - 108.174.63.255 Require not ip 108.174.48.0/20 108.174.50 #108.177.213.153 leaseweb 108.177.128.0 - 108.177.255.255 108.177.213.244 Require not ip 108.177.213 #108.179.192.120 bork hostmonster 108.179.192.0 - 108.179.255.255 Require not ip 108.179.192.0/18 #108.179.192.120 #abuseipdb - websitewelcome.com - Provo Utah - br692.hostgator.com.br - - [12/Jul/2021:09:14:27 -0700] "GET / HTTP/2.0" 401 228 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 108.179.193 #bork - ip-109-42-114-138.web.vodafone.de - - [11/Jul/2021:05:30:33 -0700] "GET /phpinfo().html HTTP/2.0" 401 228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" Require not ip 109.42.114.138 #tor applied privacy austria, abuseipdb 109.70.100.0 - 109.70.100.64 109.70.100.20 109.70.100.25 Require not ip 109.70.100.0/24 109.70.100.20 #109.191.198.125 is74.ru russia ***109.191.128.0 - 109.191.255.255*** Require not ip 109.191.198 #109.219.30.12 orange france 109.219.24.0 - 109.219.31.255 Require not ip 109.219.30 #109.228.40.29 fasthost uk 109.228.40.0 - 109.228.40.255 git attack Require not ip 109.228.40 #109.228.59.45 fasthosts uk ***109.228.44.0 - 109.228.59.255*** Require not ip 109.228.59 #109.234.160.153 wp-login o2switch france 109.234.160.0 - 109.234.160.255 Require not ip 109.234.160 #109.237.103.9 interlan.ru russia ***109.237.100.0 - 109.237.103.255*** Require not ip 109.237.103 #109.248.149.12 dataclub ***109.248.147.0 - 109.248.149.255*** Require not ip 109.248.149 #110.4.45.63 wp-login mschosting malaysia 110.4.40.0 - 110.4.47.255 Require not ip 110.4.45 #110.8.3.170 skbroadband korea Require not ip 110.8.3 #110.169.175.211 true internet thailand ***110.169.128.0 - 110.169.255.255*** Require not ip 110.169.175 #abuseipdb 110.173.132.17 - hostopia Australia - 110.173.132.0 - 110.173.135.255 - - [22/Jul/2021:14:33:49 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 110.173.132 110.173.133 110.173.134 110.173.135 #Bytespider 110.249.201.116 Require not ip 110.249.201 110.249.202 #111.92.89.230 asianet india ***111.92.0.0 - 111.92.127.255*** Require not ip 111.92.89 #111.93.89.230 tata india ***111.93.0.0 - 111.93.255.255*** Require not ip 111.93 #fake admin hostgator india 111.118.215.1 - 111.118.215.255 #bork md-in-34.webhostbox.net - - [28/Jul/2021:07:118.255.21.65:05 -0700] "GET /wp-admin/ HTTP/2.0" 301 234 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 111.118.215 #chinaunicom chinanet chinatelcom ***111.172.0.0 - 111.175.255.255*** Require not ip 111.162.222 111.172 111.173 111.174 111.175 Require not ip 111.192 111.193 111.194 111.195 111.196 111.197 111.198 111.199 111.200 111.201 111.202 111.203 111.204 111.205 111.206 111.207 #Bytespider 111.225.149.170 Require not ip 111.225.149 #tencent cloud beijing 111.229.0.0 - 111.229.255.255 #111.231.206.201 bork wp-login tencent cloud ***111.230.0.0 - 111.231.255.255*** Require not ip 111.229 111.231 #121.118.43.178 nttplala japan 8 ***121.112.0.0 - 121.119.255.255*** Require not ip 121.118 #112.207.110.133 wp-login dsl pldt philippines ***112.207.0.0 - 112.207.127.255*** Require not ip 112.207.110.133 #112.199.122.34 eastern telcom philippines ***112.199.0.0 - 112.199.127.255*** Require not ip 112.199.122 #112.213.89.134 wp-login superdata.vn vietnam 112.213.80.0 - 112.213.95.255 112.213.89.3 wp-login Require not ip 112.213.89 #abuseipdb - 113.31.114.242 - ucloud data center shanghai china Require not ip 113.31.114 #113.35.251.98 arteria data center Tokyo 113.32.0.0 - 113.39.255.255 Require not ip 113.35 113.26 113.37 113.38 113.39 #113.222.177.238 chinatelcom 113.220.0.0 - 113.223.255.255 Require not ip 113.220 113.221 113.222 113.223 #113.244.137.239 chinatelcom 113.240.0.0 - 113.247.255.255 Require not ip 113.244 #114.7.206.227 indostat internetbackbone/mobile operator indonesia ***114.0.0.0 - 114.15.255.255*** Require not ip 114.7.206 #chinatelecom Require not ip 114.85.80 #petalbot Require not ip 114.119 #114.132.255.173 tencentcloud 114.132.0.0 - 114.132.255.255 Require not ip 114.132 #114.243.134.122 chinaunicom ***114.240.0.0 - 114.255.255.255*** Require not ip 114.243 #114.248.47.212 chinatelcom chinaunicom ***114.240.0.0 - 114.255.255.255*** Require not ip 114.248 #114.132.41.72 tencent cloud ***114.132.0.0 - 114.132.255.255*** Require not ip 114.132 #115.56.106.193 long time harasser hn.kd.ny.adsl chinaunicom 115.48.0.0 - 115.63.255.255 Require not ip 115.48 115.56 #115.84.182.6 viettel vietnam ***115.84.182.0 - 115.84.182.31*** Require not ip 115.84.182.6 #116.9.31.170 chinanet/chinatelcom ***116.8.0.0 - 116.11.255.255*** 116.9.31.19 116.9.31.14 116.9.31.105 116.9.31.153 116.9.31.35 116.9.31.74 116.9.31.160 Require not ip 116.9 #116.105.216.2 viettel vietnam 116.96.0.0 - 116.111.255.255 Require not ip 116.105 #116.110.70.168 viettel Hanoi 116.96.0.0 - 116.111.255.255 n168070110116.imsbiz.com - - [29/Jul/2021:15:59:12 -0700] "GET /wp-login.php Require not ip 116.110 #116.179.32.156 chinaunicom 116.128.0.0 - 116.191.255.255 116.179.32.17 Require not ip 116.179 #116.193.190.198 idcloud indonesia ***116.193.190.0 - 116.193.191.255*** Require not ip 116.193.190 #116.203.193.157 hetzner germany 116.202.0.0 - 116.203.255.255 116.202.36.28 Require not ip 116.202 116.203 #116.255.173.135 zengzhaou china 116.255.128.0 - 116.255.191.255 116.255.173.135 - - [01/Aug/2021:09:46:49 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 116.255.173 #ucloudnet Beijing 117.50.90.31 wp-login Require not ip 117.50 #117.89.70.50 chinanet ***117.80.0.0 - 117.95.255.255*** Require not ip 117.89 #117.95.181.249 chinatelcom chinanet 117.80.0.0 - 117.95.255.255 117.95.167.106 Require not ip 117.95 #chinamobileltd Require not ip 117.183.170 #117.197.233.86 bbmultiplay india ***117.197.128.0 - 117.197.255.255*** Require not ip 117.197.233 #118.26.36.169 major attack ucloud hong kong 118.26.36.0 - 118.26.39.255 Require not ip 118.26.36 118.26.37 118.26.38 118.26.39 #118.184.177.16 sogou bitcomm china 118.184.176.0 - 118.184.183.255 Require not ip 118.184.177 #bork china telcom, but this is actually a hertzner ip backwards so didn't actually attack 118.255.21.65 Require not ip 118.255.21.65 #119.8.50.99 ecs-119-8-50-99.compute.hwclouds-dns.com Huawei Hong Kong ***119.8.32.0 - 119.8.63.255*** 119.8.50.99 - - [18/Aug/2021:00:18:37 -0700] "GET /%20https://sp.yimg.com/ib/th?id=OIP.R6Fgd0GKsI-YSyWwexvcZgDsEs&pid=15.1&rs=1&c=1&qlt=95&w=87&h=111 HTTP/1.1" 403 - "-" "Python/3.7 aiohttp/3.7.4.post0" #119.8.242.91 huawei cloud ***119.8.242.0 - 119.8.243.255*** Require not ip 119.8.50 119.8.242 119.8.243 #119.18.52.177 wp-login websitedns.in mangalore 119.18.48.0 - 119.18.56.255 Require not ip 119.18.52 #119.29.17.199 tencent cloud ***119.28.0.0 - 119.29.255.255*** 119.29.90.49 #119.29.17.199 /phpmyadmin/ 10/11/21, 1:22 PM 0 error 403 GET HTTP/1.1 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36 Require not ip 119.28 119.29 #119.91.87.45 huabei china tencent cloud ***119.91.0.0 - 119.91.255.255*** #119.91.129.52 - - [23/Sep/2021:04:02:49 -0700] "GET /phpmyadmin/ HTTP/1.1" 403 - "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" Require not ip 119.91 #119.96.223.59 wp chinanet ***119.96.0.0 - 119.103.255.255*** Require not ip 119.96 #119.91.114.144 Huabei oil tencent cloud china ***119.91.0.0 - 119.91.255.255*** Require not ip 119.91 #120.26.4.177 aliyun china alisoft 120.24.0.0 - 120.27.255.255 Require not ip 120.26 #china telecom Require not ip 120.36.224 #120.235.138.34 masquerading as googlebot chinamobileltd ***120.192.0.0 - 120.255.255.255*** Require not ip 120.235 #chinamobileltd Require not ip 120.243.136 #bork 121.5.103.58 tencent cloud china 121.4.0.0 - 121.5.255.255 121.5.113.11 121.5.147.119 121.5.219.20 121.5.109.55 121.5.219.20 Require not ip 121.4 121.5 #121.29.188.44 chinaunicom 121.28.0.0 - 121.29.255.255 121.29.188.238 Require not ip 121.28 121.29 #121.36.11.131 Huawei cloud service 121.36.0.0 - 121.36.255.255 ecs-121-36-11-131.compute.hwclouds-dns.com admin login Require not ip 121.36.11.131 #121.89.226.93 aliyun china ***121.89.0.0 - 121.89.255.255*** Require not ip 121.89 #121.196.193.162 alisoft china ***121.196.0.0 - 121.199.255.255*** Require not ip 121.196 #121.226.149.181 chinanet china telcom 121.224.0.0 - 121.239.255.255 Require not ip 121.226 #121.143.203.10 korea telcom admin 121.128.0.0 - 121.159.255.255 Require not ip 121.143 #122.15.156.179 reliance infocom/vodafone india ***122.15.144.0 - 122.15.184.255** Require not ip 122.15.156 #122.116.248.74 china chungwa telecom taiwan 122.116.0.0 - 122.117.255.255 122-116-248-74.hinet-ip.hinet.net - - [24/Jul/2021:04:19:31 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 122.116 122.117 #122.155.196.54 CAT thailand big scan attack 122.155.192.0 - 122.155.223.255 Require not ip 122.155.196 #123.56.228.164 aliysoft china ***123.56.0.0 - 123.57.255.255*** Require not ip 123.56 123.57 #123.58.209.89 ucloud china major attack 123.58.192.0 - 123.58.223.255 123.58.210.246 major attack 123.58.209.115 major attack Require not ip 123.58.209 123.58.210 #china telecom chinaunicom beijing 123.112.0.0 - 123.127.255.255 123.125.67.148 123.121.164.52 #123.161.192.222 chinaunicom 123.160.0.0 - 123.163.255.255 123.149.77.231 Require not ip 123.121 123.125 123.149 123.161 123.174.189 #124.122.63.52 asianet thailand ***124.122.0.0 - 124.122.127.255*** 124.126.78.164 Require not ip 124.122 #124.126.78.193 #124.126.78.176 Ritel China (china telcom) 124.126.0.0 - 124.127.255.255 124.126.78.161 124.126.78.182 182.78.126.124.broad.bjtelecom.net bork - 124.126.78.132 124.126.78.172 124.126.78.158 Require not ip 124.126 124.127 #china telecom Require not ip 124.135.192 #124.158.11.209 cmctelecom Hanoi 124.158.0.0 - 124.158.15.255 124.158.11.209 - - [28/Jul/2021:12:20:52 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 124.158.10 124.158.11 #abuseipdb - Beijing teletron fixed line isp Require not ip 124.206.180 #124.228.76.34 chinatelcom 124.228.0.0 - 124.231.255.255 Require not ip 124.228 #125.64.94.212 long attack chinanet ***125.64.0.0 - 125.71.255.255*** Require not ip 125.64 #china telecom Require not ip 125.76.175 #125.235.4.59 viettel vietnam adsl.viettel.vn - - [02/Aug/2021:12:23:10 -0700] "GET /linux/cypress.html HTTP/1.1" 200 53406 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.69 Freeu/61.0.3163.69 MRCHROME SOC Safari/537.36" Require not ip 125.235.4 #128.1.248.34 zenlayer diamond bar ca 128.1.0.0 - 128.1.255.255 Require not ip 128.1 #zenlayer diamond bar ca 128.14.141.42 Require not ip 128.14 #128.199.56.61 digitalocean amsterdam major wp attack 128.199.0.0 - 128.199.255.255*** 128.199.98.203 major 128.199.255.245 128.199.85.207 major Require not ip 128.199 #130.61.75.255 oracle cloud germany ***130.61.0.0 - 130.61.255.255*** Require not ip 130.61 #130.255.166.235 internet vikings sweden ***130.255.166.192 - 130.255.166.255*** Require not ip 130.255.166.235 #131.108.48.231 pronet brazil ***131.108.48.0/22*** Require not ip 131.108.48.0/22 #131.153.46.186 securedservers singapore ***131.153.0.0 - 131.153.247.255*** Require not ip 131.153.0.0/17 131.153.192.0/19 131.153.224.0/20 131.153.240.0/21 131.153.128.0/18 #university in Bonn Germany -polecat.cs.uni-bonn.de - - [12/Jul/2021:22:48:26 -0700] "GET / HTTP/1.1" 403 1443 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36" Require not ip 131.220.6 #132.145.9.189 oracle london ***132.145.0.0 - 132.145.255.255*** Require not ip 132.145 #bork - godaddy Ashburn VA - ip-132-148-182-32.ip.secureserver.net - - [12/Jul/2021:09:21:08 -0700] "GET / HTTP/2.0" 401 228 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 132.148.182 #132.226.199.12 oracle ***132.226.0.0 - 132.226.255.255*** #132.226.113.226 - - [30/Sep/2021:15:56:49 -0700] "GET /wp-includes/css/modules.php HTTP/1.1" 403 - "-" "python-requests/2.26.0" Require not ip 132.226 #133.167.92.28 sakura japan ***133.167.92.0/24*** Require not ip 133.167.92.0/24 #134.119.180.98 abuseipdb - velia data center strasbourg Require not ip 134.119.180 #134.122.28.82 digitalocean 134.122.0.0 - 134.122.127.255 134.122.41.107 134.122.1.201 Require not ip 134.122.0.0/17 134.122.28 #134.122.93.99 - digitalocean germany 134.122.0.0 - 134.122.127.255 134.122.93.99 - - [28/Jul/2021:02:21:21 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #134.122.4.104 Require not ip 134.122.93.99 134.122.0.0/17 #134.209.34.237 adbuseipdb digitalocean clifton nj 134.209.69.115 big attack Require not ip 134.209.34 Require not ip 134.209.0.0/16 #134.119.234.32 - domainfactory.de data center strasbourg - crawler.seokicks.de - - [17/Jul/2021:06:18:56 -0700] "GET / HTTP/1.1" 200 1713 "http://www.fastbk.com/" "Mozilla/5.0 (compatible; SEOkicks; +https://www.seokicks.de/robot.html)" Require not ip 134.119.234 #136.143.176.44 zohoc california ***136.143.160.0 - 136.143.191.255*** Require not ip 136.143.176 #136.144.33.182 panq LA/netherlands ***136.144.33.0 - 136.144.33.255*** 136.144.35.8 panq netherlands ***136.144.35.0 - 136.144.35.255*** Require not ip 136.144.33 136.144.35 #136.144.41.106 abuseipdb legaconetworks netherlands 136.144.41.235 (autodiscover) 136.144.41.193 Require not ip 136.144.41 #135.148.59.35 ovh reston, VA ***135.148.0.0 - 135.148.255.255*** Require not ip 135.148 #134.175.228.189 ThinkBot Tencent 134.175.0.0 - 134.175.255.255 autodiscover Require not ip 134.175 #135.181.42.89 hetzner finland ***135.181.0.0 - 135.181.255.255*** 135.181.42.188 135.181.42.128 Require not ip 135.181 #135.125.246.110 OVH germany ***135.125.244.0 - 135.125.247.255*** Require not ip 135.125.246 #136.143.177.43 zoho california 136.143.160.0 - 136.143.191.255 Require not ip 136.143.160.0/19 #136.143.177.43 #136.144.130.214 transip netherlands ***136.144.130.0 - 136.144.130.255*** Require not ip 136.144.130 #136.243.17.161 hetzner ***136.243.17.128 - 136.243.17.191*** Require not ip 136.243.17.161 #136.243.56.51 hetzner ***136.243.56.0 - 136.243.56.63*** Require not ip 136.243.56.51 #136.243.92.92 hetzner ***136.243.92.64 - 136.243.92.127*** Require not ip 136.243.92.92 #136.243.93.113 Hetzner Germany 136.243.93.64 - 136.243.93.127 - - [25/Jul/2021:11:07:21 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 136.243.93.64 136.243.93.113 #136.244.118.211 vultr france the constant company west palm beach fl 136.244.64.0 - 136.244.127.255 Require not ip 136.244.118 #137.116.248.174 microsoft data center 137.116.0.0 - 137.116.255.255 137.117.45.97 big wp microsoft ***137.117.0.0 - 137.117.255.255*** Require not ip 137.116 137.117 #137.184.60.142 wp attack digitalocean ***137.184.0.0 - 137.184.255.25*** Require not ip 137.184 #internet observatory - researchscan36.comsys.rwth-aachen.de - - [09/Jul/2021:07:00:12 -0700] "GET / HTTP/2.0" 200 1077 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:84.0) Gecko/20100101 Firefox/84.0" #137.226.113.44 Require not ip 137.226 #138.59.7.163 salucionesfavorables NJ *** Require not ip 138.59.6.0/23 #138.68.160.178 digitalocean 138.68.0.0 - 138.68.255.255 scanner22.about.spyse.com 138.68.159.32 Require not ip 138.68 #138.91.112.110 wp attack unifiedlayer provo utah ***138.91.0.0 - 138.91.255.255*** Require not ip 138.91 #138.122.195.234 milivmillicon.com Huntington WV and/or NY - 138.122.195.0/24 Require not ip 138.122.195.0/24 #138.128.176.138 hostdime ***138.128.160.0 - 138.128.191.255*** Require not ip 138.128.160.0/19 #138.201.36.87 hetzner germany 138.201.36.64 - 138.201.36.127 Require not ip 138.201.36.87 #abuseipdb - servermania data center atlanta ga b2netsolutions 138.128.0.0 - 138.128.127.255 Require not ip 138.128.0.0/17 138.128.118 #138.197.213.147 digitalocean data center santa clara #138.197.67.22 NetcraftSurveyAgent/digitalocean 138.197.0.0 - 138.197.255.255 138.197.170.223 bork Require not ip 138.197 #138.199.59.211 - datacamp poland (with unn-212-102-57-22.cdn77.com) 138.199.29.42 unn-138-199-29-42.datapacket.com datacamp uk bork wp attack 138.199.18.62 Require not ip 138.199 #138.201.67.172 seokicks hetzner germany 138.201.67.128 - 138.201.67.191 Require not ip 138.201.67 #planetlab / internet observatory 138.246.253.0 - 138.246.253.255 138.246.253.24 autodiscover, binance referral Require not ip 138.246.253 138.246.254 #whitelisted as global internet observatory, lots of reports abuseipdb; also shows up as planetlab24.gino-research.net.in.tum.de 138.246.253.0 - 138.246.253.255 # Require not ip 138.246.253 #digitalocean India strikes again! 139.59.25.246 - - [10/Jul/2021:14:29:07 -0700] "GET /autodiscover/autodiscover.xml HTTP/1.1" 406 300 "http://autodiscover.daltrey.org/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" I think all of 139. is a hotbed of evil. #139.155.16.233 - - [02/Aug/2021:19:53:49 -0700] "GET / HTTP/1.1" 404 - "-" "Mozilla/5.0 (compatible; ThinkBot/0.3.0; +In_the_test_phase,_if_the_spider_brings_you_trouble,_please_add_our_IP_to_the_blacklist._Thank_you.)" #139.155.172.190 major attack 139.162.45.164 = li1458-164.members.linode.com 139.59.238.128 big attack 139.59.122.121 wp attack #linode singapore/galloway NJ ***139.162.0.0 - 139.162.255.255*** 139.59.113.53 Require not ip 139 139. #139.155.16.233 #china telecom Require not ip 140.75.169 #140.99.99.91 epicup data center Scottsdale AZ 140.99.0.0 - 140.99.255.255 Require not ip 140.99 #china telecom Require not ip 140.250.41 #141.94.65.157 ovh france 141.94.64.0 - 141.94.65.255 Require not ip 141.94.64 141.94.65 #141.94.149.97 ovh france ***141.94.149.96 - 141.94.149.127*** Require not ip 141.94.149.97 #141.164.49.163 vultr korea ***141.164.0.0 - 141.164.127.255*** Require not ip 141.164.49 #141.178.46.78 root1 japan 141.177.0.0 - 141.178.255.255 this was a reverse of a hetzner ip # Require not ip 141.177 141.178 #ovh data center Quebec Require not ip 142.4.215 #142.11.222.7 hostwinds seattle ***142.11.192.0 - 142.11.255.255*** Require not ip 142.11.192.0/18 #142.44.138.126 ovh canada 142.44.128.0 - 142.44.255.255 Require not ip 142.44.128.0/17 142.44.138 #abuseipdb ovh data center quebec 142.44.198.219 - - [16/Jul/2021:19:21:36 -0700] "GET /wp-content/uploads/upload_index.php?auth=f02pz3831W0DTtLgq26L HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko" Require not ip 142.44.198 #abuseipdb katos kansas city mo 142.54.177.4 Require not ip 142.54.160.0/19 142.54.177 # working together! Kansas City 142.54.181.60 - - [08/Jul/2021:05:30:03 -0700] "GET //wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 503 282 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" #Kansas City 107.150.59.242 - - [08/Jul/2021:05:33:42 -0700] "GET //wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 200 11819 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4 AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" # Require not ip 142.54.181.60 #142.93.214.65 digitalocean India - # Require not ip 142.93.214 #142.93.218.96 digitalocean 142.93.0.0 - 142.93.255.255 Require not ip 142.93 #142.93.231.26 - - [12/Jul/2021:20:45:27 -0700] "GET / HTTP/1.1" 401 228 "-" "ScamadviserExternalHit/1.0" digitalocean Netherlands Require not ip 142.93.231 #143.0.209.156 baydenet brazil ***143.0.208.0/22*** 143.0.209.156.ajnet.net.br - - [26/Sep/2021:17:22:45 -0700] "GET /xmlrpc.php HTTP/1.1" 500 - "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" Require not ip 143.0.208.0/22 #143.178.90.21 b2evo1 attack tmobile netherlands 143.178.0.0 - 143.178.255.255 21-90-178-143.ftth.glasoperator.nl - - [17/Aug/2021:02:01:05 -0700] "GET /favicon.ico HTTP/2.0" 200 4286 "https://daltrey.org/b2evo1/blog1.php/yikes-anonymousfox" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0" Require not ip 143.178.90.21 #143.198.38.245 digitalocean toronto 143.198.8.88 143.198.6.86 143.198.8.77 143.198.174.223 wp-login 143.198.137.138 wp Require not ip 143.198 #143.198.41.203 digitalocean toronto # Require not ip 143.198.41 #143.198.187.58 digital ocean data center NYC # Require not ip 143.198.187 #143.244.40.228 datacamp london ***143.244.40.0 - 143.244.40.255*** Require not ip 143.244.40 #143.244.34.155 datacamp ***143.244.34.0 - 143.244.35.255*** Require not ip 143.244.34 143.244.35 #digitalocean 143.244.128.0 - 143.244.255.255 multiple attacks 143.244.145.77 - - [09/Jul/2021:11:25:51 -0700] "GET /robots.txt HTTP/1.1" 200 254 "-" "Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.93 Safari/537.36" #143.244.188.129 143.244.186.99 wp attack Require not ip 143.244.128.0/17 #143.244.128 143.244.145 143.244.188 #144.76.3.131 hetzner data center germany 144.76.168.111 ***144.76.168.96 - 144.76.168.127*** #144.76.162.206 hetzner germany 144.76.162.192 - 144.76.162.223 Require not ip 144.76.3 144.76.168.111 144.76.162.206 #bork - 144.86.173.137 - - [20/Jul/2021:04:02:37 -0700] "GET / HTTP/1.1" 406 300 "-" "Expanse, a Palo Alto Networks company, searches across the global IPv4 space multiple times per day to identify customers' presences on the Internet. If you would like to be excluded from our scans, please send IP addresses/domains to: scaninfo@paloaltonetworks.com" #bork - expanse 144.86.173.79 144.86.173.149 144.86.173.154 144.86.173.95 144.86.173.12 144.86.173.93 Require not ip 144.86.173 #144.91.74.201 contabo germany ***144.91.64.0 - 144.91.95.255*** 144.91.104.243 contabo germany wp attack ***144.91.96.0 - 144.91.127.255*** server.falcon-resller.com 144.91.97.162 Require not ip 144.91.74 144.91.75 144.91.97 144.91.104 #144.76.102.243 hetzner ***144.76.102.224 - 144.76.102.255*** Require not ip 144.76.102.243 #144.91.105.135 contabo ***144.91.96.0 - 144.91.127.255*** #144.91.105.135 quickavenue.com /wp-login.php 10/11/21, 10:23 AM 300 error 406 GET HTTP/1.1 Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0 Require not ip 144.91.105 #144.172.118.4 dataideas wy ***144.172.64.0 - 144.172.127.255*** Require not ip 144.172.64.0/18 #bork - 80.ip-144-217-80.net - - [09/Jul/2021:22:07:52 -0700] "GET /config HTTP/1.1" 404 6136 "https://www.daltreynet.daltrey.org/.git/config" "Go-http-client/1.1" # Require not ip 144.217.80.80 #crawl-144-217-135-230.dataproviderbot.com - - [11/Jul/2021:17:13:15 -0700] "GET / HTTP/1.1" 200 7472 "-" "Mozilla/5.0 (Linux; Android 5.1.1; SM-G925F Build/LMY47X) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.94 Mobile Safari/537.36" dataprovidebot data center Montreal Quebec #ovh Montreal 144.217.0.0 - 144.217.255.255 144.217.100.232 owa-auth # Require not ip 144.217.137.32 Require not ip 144.217 #145.131.25.253 argeweb / KPN Amsio Netherlands 145.131.16.0 - 145.131.31.255 Require not ip 145.131.16 145.131.17 145.131.25 #146.70.38.41 M247 argentina 146.70.38.0 - 146.70.38.255 Require not ip 146.70.38 #146.148.125.231 google cloud ***146.148.0.0 - 146.148.127.255*** Require not ip 146.148.0.0/17 #bork 147.135.71.175 OVH weston VA 147.135.0.0 - 147.135.127.255 ns105920.ip-147-135-71.us multiple hack attempts #147.135.137.126 ovh france 147.135.136.0 - 147.135.139.255 Require not ip 147.135.0.0/17 147.135.137 #147.135.71 #147.182.234.243 digitalocean 147.182.128.0 - 147.182.255.255 Require not ip 147.182.128.0/17 147.182.234 #148.66.146.16 bork godaddy 148.66.128.0 - 148.66.159.255 Require not ip 148.66.146 #abuseipdb godaddy data center singapore - ip-148-72-207-220.ip.secureserver.net - - [19/Jul/2021:07:57:06 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #148.72.211.177 godaddy ***148.72.0.0 - 148.72.255.255*** Require not ip 148.72 #148.251.50.77 hetnzer germany 148.251.50.64 - 148.251.50.95 Require not ip 148.251.50.77 #148.251.64.115 hetzner ***148.251.64.96 - 148.251.64.127*** Require not ip 148.251.64.115 #149.3.170.98 abuiseipdb ipconnect seychelles 149.3.170.98 - - [19/Jul/2021:08:55:31 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 149.3.170 #149.28.133.31 vultr singapore / constant co w palm beach fl/ wp attack 149.28.8.0 - 149.28.255.255 Require not ip 149.28.8.0/21 149.28.16.0/20 149.28.128.0/17 149.28.32.0/19 149.28.64.0/18 149.28.133 #bork - 149.28.159.157 abuseipdb vultr data center singapore - 149.28.159.157.vultr.com - - [18/Jul/2021:23:44:33 -0700] "GET / HTTP/1.1" 200 11710 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" #149.28.135.136 autodiscover attack constant co 149.28.8.0 - 149.28.255.255 Require not ip 149.28.128.0/17 149.28.64.0/18 149.28.16.0/20 149.28.32.0/19 149.28.8.0/21 149.28.159 #149.56.150.206 dataprovider data center Montreal Require not ip 149.56.150 #149.62.43.254 digital telco UK ***149.62.40.0 - 149.62.43.255*** Require not ip 149.62.43 #149.202.180.22 OVH France 149.202.0.0 - 149.202.255.255 Require not ip 149.202 #149.255.58.67 wp-login thundercloud UK ***149.255.58.0 - 149.255.58.255*** Require not ip 149.255.58 #149.255.60.44 unlimited web hosting uk ***149.255.60.0 - 149.255.60.255*** Require not ip 149.255.60 #v150-95-110-113.a00d.g.han1.static.cnode.io - - [07/Oct/2021:11:37:50 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #150.95.110.113 runsystem.net vietnam ***150.95.104.0 - 150.95.111.255*** Require not ip 150.95.110 #bork abuseipdb - v150-95-176-38.a0d9.g.tyo1.static.cnode.io - - [12/Jul/2021:08:20:41 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [150.95.176.38 GMO Internet gmo.jp Tokyo] Require not ip 150.95.176.38 #150.136.213.184 oracle cloud -- can't find in whois for range, but is part of the entire 150.xx.xx.xx 150.136.86.35 150.136.226.42 wp Require not ip 150.136 #150.230.32.48 oracle san jose ***150.0.0.0 - 150.255.255.255*** block not accurate Require not ip 150.230.32 #151.80.195.102 OVH ***151.80.195.96 - 151.80.195.111*** Require not ip 151.80.195.102 #ipvanish / fastly content delivery network san francisco 151.101.0.0 - 151.101.255.255 Require not ip 151.101 #151.106.8.36 pb trap abuseip cyberghost romania 151.106.8.32 - 151.106.8.47 Require not ip 151.106.8.36 #bork hostinger international/hosting24 charlotte NC and Cyprus - 151.106.96.0 - 151.106.111.255 151.106.108.136 - - [24/Jul/2021:18:27:27 -0700] "GET /credentials HTTP/1.1" 404 236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36"vult Require not ip 151.106.96.0/20 #151.138.13.148 - - [08/Jul/2021:20:05:15 -0700] "GET / HTTP/1.1" 200 1713 "http://ecology.uga.edu" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Gecko/20100101 Firefox superpagesbot2.0" Require not ip 151.138.13.148 #151.248.4.20 internetvikings sweden internetbolaget 151.248.4.0 - 151.248.4.63 Require not ip 151.248.4 #152.32.239.174 ucloud hong kong 152.32.128.0 - 152.32.255.255 big attack Require not ip 152.32.239 #152.70.185.115 reports as oracle germany, but links back to unifiedlayer 152.70.0.0 - 152.70.255.255 Require not ip 152.70 #152.89.131.53 - special internet operations srl data center washington dc - 152.89.131.53 - - [17/Jul/2021:06:37:20 -0700] "GET / HTTP/1.1" 200 1713 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" Require not ip 152.89.131 #152.44.107.249 sprious lincoln nebraska ***152.44.96.0 - 152.44.111.255*** Require not ip 152.44.96.0/20 #153.203.161.12 fixed line japan ***153.128.0.0 - 153.253.255.255*** Require not ip 153.203.161 #154.0.55.205 homeusers gabon 154.0.48.0 - 154.0.63.255 ??? # Require not ip 154.0.55.205 #154.3.40.172 exe freedomtech Ontario Canada 154.3.0.0 - 154.3.255.255 154.3.96.247 #154.6.17.146 logicweb NYC/PSInet Washington DC ***154.6.0.0 - 154.6.255.255*** 154.6.16.84 154.6.17.129 #154.13.1.102 freedomtech germany psinet washington dc 154.13.0.0 - 154.13.255.255 154.13.48.35 #154.178.32.180 admin tedata egypt 54.178.0.0 - 154.178.255.255 Require not ip 154.3 154.6 154.13 154.178 #154.16.30.111 heficed south africa ***154.16.30.0 - 154.16.30.255*** #154.16.94.64 heficed ***154.16.94.0 - 154.16.94.255*** Require not ip 154.16.30 154.16.94 ###154.50.136.33 psi net washington dc ***154.50.0.0 - 154.50.255.255*** Require not ip 154.50 #156.67.218.117 hostinger cyprus ***156.67.216.0 - 156.67.219.255*** Require not ip 156.67.218 #156.146.37.94 datacamp nyc ***156.146.36.0 - 156.146.37.255*** #156.146.35.3 unn-156-146-35-3.cdn77.com - - [02/Oct/2021:20:57:58 -0700] "POST /mail.php HTTP/1.0" 404 - "https://ridesbyscott.com/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36" #156.146.35.32 datacamp japan / london ***156.146.34.0 - 156.146.35.255*** #156.146.35.50 unn-156-146-35-50.cdn77.com - - [09/Oct/2021:05:48:47 -0700] "POST /mail.php HTTP/1.0" 404 - "https://ridesbyscott.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36" Require not ip 156.146.34 156.146.35 156.146.36 156.146.37 #156.146.50.171 datacamp ukraine ***156.146.50.0 - 156.146.50.255*** #156.146.56.108 abuiseipdb datacamp data center Singapore unn-156-146-56-108.cdn77.com - - [20/Jul/2021:00:10:45 -0700] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 301 247 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" #156.146.56.120 Require not ip 156.146.50 156.146.56 #156.67.218.117 hostinger cyprus ***156.67.216.0 - 156.67.219.255*** Require not ip 156.67.218 #156.251.136.4 cloudinovation L.A./Seychelles ***156.251.136.0 - 156.251.136.255** Require not ip 156.251.136 #157.56.165.117 microsoft 157.54.0.0 - 157.60.255.255 157.55.39.160 Require not ip 157.56 157.54.0.0/15 157.56.0.0/14 157.60.0.0/16 #ninja-crawler58.webmeup.com 157.90.177.217 hetzner germany 157.90.0.0 - 157.90.255.255 157.90.177.214 157.90.181.149 #bork - 157.90.216.210 - abuseipdb - data center hetzner guzenhausen germany - static.210.216.90.157.clients.your-server.de - - [15/Jul/2021:07:20:14 -0700] "GET / HTTP/1.1" 200 8496 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" Require not ip 157.90 #157.157.100.30 iminn iceland ***157.157.100.0 - 157.157.100.127*** Require not ip 157.157.100.30 #digitalocean 157.230.0.0 - 157.230.255.255 digitalocean NYC 157.245.0.0 - 157.245.255.255 157.245.242.17 big wp 157.245.152.79 big wp 157.245.0.0 - 157.245.255.255 autodiscover #157.230.2.68 157.245.60.94 wp attack 157.245.48.241 wp attack 52.147.195.244 wp attack 157.245.65.227 157.245.154.81 157.245.55.124 wp 157.245.153.95 wp #abuseipdb digitalocean santa clara ca 157.230.164.216 - - [19/Jul/2021:09:16:34 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #157.245.155.224 - - [15/Sep/2021:10:07:16 -0700] "GET /autodiscover/autodiscover.xml HTTP/1.1" 400 52 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" #157.245.155.181 - - [16/Sep/2021:23:23:52 -0700] "GET /autodiscover/autodiscover.xml HTTP/1.1" 400 52 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" Require not ip 157.230 157.245 #158.69.170.60 Sovh Montreal abuseipdb 158.69.0.0 - 158.69.255.255 ip60.ip-158-69-170.net - - [28/Jul/2021:17:57:54 -0700] "GET /wp-content/themes/workreap/style.css HTTP/1.1" 301 236 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36" #158.69.241.227 Require not ip 158.69 #158.58.187.51 wp-login hostnegar iran ***158.58.187.0 - 158.58.187.255*** Require not ip 158.58.187 #158.115.236.243 Braveway los angeles ***158.115.224.0 - 158.115.255.255*** Require not ip 158.115.224.0/19 #158.115.236.243 #158.175.74.76 softlayer dallas tx 158.175.0.0 - 158.175.255.255 Require not ip 158.175 #158.222.11.202 interconnects us ***158.222.0.0 - 158.222.15.255** Require not ip 158.222.11 #159.65.0.156 abuseipdb digitalocean data center singapore 159.65.190.32 #159.65.173.31 digitalocean 159.65.0.0 - 159.65.255.255 159.65.165.89 159.65.169.119 #159.65.166.219 NetcraftSurveyAgent 159.65.0.0 - 159.65.255.255 159.65.191.242 159.65.173.17 wp-login 159.65.219.238 wp-login Require not ip 159.65 #159.69.15.33 hetzner germany - 159.69.0.0 - 159.69.255.255 Require not ip 159.69 #159.75.9.197 major wp attack tencent china 159.75.0.0 - 159.75.255.255 159.75.71.179 159.75.25.179 Require not ip 159.75 #159.89.2.220 - - [09/Jul/2021:09:55:18 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #159.89.87.244 - - [02/Oct/2021:01:46:13 -0700] "GET /.env HTTP/1.1" 503 282 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" #159.89.187.128 digitalocean/NetcraftSurveyAgent 159.89.0.0 - 159.89.255.255 159.89.205.174 wp attack 159.89.44.247 159.89.189.216 #159.89.189.216 - - [06/Oct/2021:11:01:28 -0700] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 403 1338 "https://bit.ly/2TOp8jp" "be aware this a vulnerable scanner from me if you see this maybe your host was vuln or hacked !!! if this UA help you buy me a coffe with btc to bc1qxfxmv06dwse3u5k5ugmg3ljh6246880x60ftlq" Require not ip 159.89 #159.203.37.43 digitalocean 159.203.0.0 - 159.203.255.255 159.203.32.123 159.203.169.202 159.203.93.47 netcraftsurveyagent Require not ip 159.203 #159.192.230.232 cat bangkok ***159.192.128.0 - 159.192.255.255*** Require not ip 159.192.230 #160.16.141.232 sakura net japan 160.16.0.0 - 160.16.255.255 tk2-406-44478.vs.sakura.ne.jp Require not ip 160.16 #160.114.55.186 uszged hungary ***160.114.0.0 - 160.114.255.255*** Require not ip 160.114 #160.202.82.70 quickpacket los angeles/charlotte ***160.202.64.0 - 160.202.127.255*** Require not ip 160.202.82 #161.0.1.78 lacibanetsociety 161.0.0.0/20 Require not ip 161.0.0.0/20 161.0.1 #161.35.154.24 digitalocean 161.35.0.0 - 161.35.255.255 161.35.138.166 Require not ip 161.35 #161.82.181.237 abuseipdb fixed isp Thailand symphony isp Require not ip 161.82.181 #161.97.157.176 wp-login cantabo germany ***161.97.128.0 - 161.97.159.255*** 161.97.129.109 161.97.128.124 Require not ip 161.97.128 161.97.129 161.97.157 #161.97.171.234 contabo germany 161.97.160.0 - 161.97.175.255 srv1.thmxpress.com wp-login Require not ip 161.97.171 #164.90.138.228 digitalocean 164.90.128.0 - 164.90.255.255 164.90.135.215 164.90.143.80 Require not ip 164.90.128.0/17 164.90.138 #161.97.154.167 contabo germany 161.97.128.0 - 161.97.159.255 Require not ip 161.97.154 #fake admin 162.0.209.161 namecheap 162.0.208.0 - 162.0.223.255 162.0.209.162 Require not ip 162.0.208.0/20 162.0.209 #162.55.185.13 hetzner data center germany 162.55.0.0 - 162.55.255.255 162.55.51.202 static.60.175.55.162.clients.your-server.de massive anonymousfox attempt Require not ip 162.55 #162.142.125.41 censys.io ann arbor mi ***162.142.125.0 - 162.142.125.255*** 162.142.125.193 Require not ip 162.142.125 #can't resolve, so below ip is unifiedlayer.com 162.144.0.0 - 162.144.255.255 162-241-149-137.unifiedlayer.com - - [11/Jul/2021:14:37:46 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 162.144 #162.214.0.216 unifiedlayer provo UT 162.214.0.0 - 162.215.255.255 bh-500-webhost.angohost.ao - - [28/Jul/2021:10:31:36 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #162.214.193.48 162.214.231.52 #162.214.150.93 vps-5556559.apaserver.com.br - - [16/Aug/2021:06:12:38 -0700] "GET /wp-login.php HTTP/1.1" 403 - "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 162.214 162.215 #162.221.207.99 big attack esecuredata canada 162.221.200.0 - 162.221.207.255 mail3.instantpot.com (but abuseip resolves to ovh canada 192.99.9.125 ?) Require not ip 162.221.207 #162.223.88.131 coloup delaware ***162.223.88.0 - 162.223.95.255*** Require not ip 162.223.88.0/21 #162.241.218.196 - - [09/Jul/2021:04:02:38 -0700] "GET /wp-admin/ HTTP/2.0" 401 228 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" #162.241.24.167 bluehost/unifiedlayer Provo UT 162.240.0.0 - 162.241.255.255 box5885.bluehost.com - - [28/Jul/2021:17:53:33 -0700] "GET /wordpress/wp-admin/ HTTP/1.1" 301 236 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 162.240 162.241 #162.243.8.129 digitalocean 162.243.0.0 - 162.243.255.255 Require not ip 162.243 #162.247.74.206 tor calyx.com Brooklyn NY 162.247.72.0 - 162.247.75.255 Require not ip 162.247.72 162.247.73 162.247.74 162.247.75 #163.44.192.49 runsystem vietnam ***163.44.192.0 - 163.44.195.255*** Require not ip 163.44.192 #163.172.45.18 online.net france 63.172.0.0 - 163.172.255.255 server14.onesolutions.es 163.172.39.65 #163.172.148.199 online sas france 163.172.0.0 - 163.172.255.255 163.172.180.25 [200 37163] Require not ip 163.172 #164.68.110.108 contabo ***164.68.96.0 - 164.68.111.255*** Require not ip 164.68.110 #ovh france range 164.132.0.0 - 164.132.255.255 164.132.38.166 wp-login Require not ip 164.132 #165.22.51.155 digitalocean data center singapore #165.22.147.65 abuseipdb digitalocean santa clara #165.22.202.112 digitalocean 165.22.0.0 - 165.22.255.255 165.22.78.79 165.22.62.146 big autodiscover attack 165.22.35.41 #digitalocean data server singapore - 165.22.242.53 - - [17/Jul/2021:04:56:18 -0700] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 301 259 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" Require not ip 165.22 #165.227.49.243 digitalocean santa clara 165.227.210.162 165.227.235.201 165.227.103.115 165.227.191.233 #digitalocean - germany - nyc - 165.227.0.0 - 165.227.255.255 165.227.131.69 - - [22/Jul/2021:12:26:35 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 165.227 #165.231.37.91 snooping search fibergrid london 165.231.0.0 - 165.231.255.255 165.231.168.87 Require not ip 165.231 #165.232.176.78 digitalocean 165.232.32.0 - 165.232.191.255 .env 165.232.150.83 Require not ip 165.232.128.0/18 165.232.64.0/18 165.232.32.0/19 165.232.176 #166.62.122.244 secureserver.net godaddy scottsdale az 166.62.0.0 - 166.62.127.255 Require not ip 166.62.0.0/17 166.62.122 #167.71.85.37 NetcraftSurveyAgent digitalocean 167.71.0.0 - 167.71.255.255 167.71.202.3 167.71.173.53 wp attack 167.71.69.173 167.71.164.209 #167.71.207.126 - - [13/Oct/2021:18:53:46 -0700] "GET /autodiscover/autodiscover.xml HTTP/1.1" 400 52 "-" "python-requests/2.26.0" Require not ip 167.71 #167.86.69.51 contabo germany ***167.86.68.0 - 167.86.71.255*** Require not ip 167.86.69 #167.86.124.222 contabo germany ***167.86.96.0 - 167.86.127.255*** Require not ip 167.86.124 #167.94.138.115 honorhealth phoenix / censys ann arbor mi ***167.94.138.0 - 167.94.138.255** 167.94.138.115 167.94.138.59 Require not ip 167.94.138 # Require not ip 165.227.49 #abuseipdb - digitalocean data center clifton nj 167.99.0.0 - 167.99.255.255 167.99.120.2 167.99.76.13 wp-login 167.99.70.89 wp Require not ip 167.99 #167.99.214.242 abuseipdb digitalocean data center amsterdam Require not ip 167.99.214 #167.114.156.52 - ovh data center quebec - ns512853.ip-167-114-156.net - - [17/Jul/2021:08:18:56 -0700] "GET / HTTP/1.1" 200 1713 "-" "8LEGS" #167.114.173.115 ovh canada ***167.114.0.0 - 167.114.255.255*** Require not ip 167.114 #167.172.115.176 wp-login digitalocean 167.172.0.0 - 167.172.255.255 Require not ip 167.172 #167.248.133.125 censys.io ***167.248.133.0 - 167.248.133.255*** #167.248.133.41 Require not ip 167.248.133 #168.91.64.23 #168.91.66.229 ultiro NY ***168.91.64.0 - 168.91.127.255 Require not ip 168.91.64.0/18 #168.119.56.42 wp-login hetzner ***168.119.0.0 - 168.119.255.255*** Require not ip 168.119 #box5182.bluehost.com - - [10/Jul/2021:05:44:33 -0700] "GET /wp-admin/ HTTP/2.0" 301 232 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" -- launched from 162.241: 218.16; 224.119; 244.61 #Hack attempts from too many ips at "intelligence network inc." in Ashburn VA Require not ip 168.151 #168.158.203.233 sprint mobile Require not ip 168.158.203.233 #169.44.182.99 softlayer seattle 169.44.0.0 - 169.44.255.255 Require not ip 169.44 #169.62.94.215 softlayer seattle 169.53.0.0 - 169.63.255.255 Require not ip 169.62 #170.210.156.52 red buenos aires ***170.210.0.0/16*** Require not ip 170.210.0.0/16 #171.4.239.143 fixed line India 171.4.0.0 - 171.6.255.255 mx-ll-171.4.239-143.dynamic.3bb.in.th - - [27/Jul/2021:18:35:55 -0700] "GET /?utm=semalt.com HTTP/1.1" 301 243 "https://semalt.com-----google.com/?q=semalt" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" Require not ip 171.4.239.143 #171.8.173.238 chinanet ***171.8.0.0 - 171.15.255.255*** Require not ip 171.8 #171.13.14.7 pb trap chinatelcom chinanet henan telcom 171.8.0.0 - 171.15.255.255 171.13.14.83 171.13.14.25 Require not ip 171.13 #171.100.139.164 asianet thailand trunet 171.100.128.0 - 171.100.255.255 Require not ip 171.100.139 #China 171.106.194.39 - - [12/Jul/2021:23:26:12 -0700] "GET /robots.txt HTTP/1.1" 200 320 "-" "Mozilla/5.0(Linux;Android 5.1.1;OPPO A33 Build/LMY47V;wv) AppleWebKit/537.36(KHTML,link Gecko) Version/4.0 Chrome/42.0.2311.138 Mobile Safari/537.36 Mb2345Browser/9.0" Require not ip 171.106.194 #china telecom 171.104.0.0 - 171.111.255.255 Require not ip 171.109.216 171.109.217 #171.224.177.98 viettel vietnam 171.224.0.0 - 171.255.255.255 Require not ip 171.224 #172.67.16.210 wny isn't blocking M247? cloudfare 172.64.0.0 - 172.71.255.255 snooping search 172.245.68.172 172.67.174.5 wp hack vircities.com Require not ip 172.64.0.0/13 172.67 #172.245.68 #172.70.1.139 - cloudfare Require not ip 172.70.1 #172.81.131.125 bork datawagon NY 172.81.128.0 - 172.81.135.255 Require not ip 172.81.128.0/21 #172.83.43.139 totalserversolutions los angeles / performiv GA ***172.83.40.0 - 172.83.47.255*** #172.83.43.139 - - [09/Oct/2021:10:25:40 -0700] "POST /mail.php HTTP/1.1" 404 - "https://ridesbyscott.com/" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" Require not ip 172.83.40.0/21 #172.96.94.102 sprious nebraska ***172.96.80.0 - 172.96.95.255** Require not ip 172.96.94 #172.81.131.125 #172.98.93.227 mail.php totalserversolutions performativ NY 172.98.64.0 - 172.98.95.255 Require not ip 172.98.64.0/19 172.98.93 #172.102.129.58 hostbang charleston SC ***172.102.128.0 - 172.102.143.255*** 172.102.129.88 172.102.128.80 172.102.129.55 Require not ip 172.102.128 172.102.129 #abuseipdb - linode.com hosting, Frankfurt Germany li1811-130.members.linode.com - - [12/Jul/2021:09:44:48 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 172.104.235 #linode India - 172.105.50.138 - - [12/Jul/2021:23:07:11 -0700] "POST //wp1//wp-admin/admin-ajax.php HTTP/1.1" 403 1443 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" Require not ip 172.105.50 #charter compton ca Require not ip 172.118.41.153 #172.241.83.234 leaseweb va 172.241.72.0 - 172.241.83.255 172.241.83.136 Require not ip 172.241.80.0/22 172.241.72.0/21 172.241.83 #172.241.90.159 leaseweb ***172.241.88.0 - 172.241.215.255*** Require not ip 172.241.88.0/21 172.241.192.0/20 172.241.208.0/21 172.241.96.0/19 172.241.128.0/18 #172.241.238.184 leaseweb 172.241.224.0 - 172.241.247.255 Require not ip 172.241.224.0/20 172.241.240.0/21 172.241.238 #bork - 172-245-208-151-host.colocrossing.com - - [18/Jul/2021:18:05:08 -0700] "GET / HTTP/1.1" 200 11710 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" 172-245-208-151-host.colocrossing.com - - [18/Jul/2021:18:05:07 -0700] "GET /blog/ HTTP/1.1" 301 232 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" Require not ip 172.245 #173.209.57.149 bork gtcomm canada ***173.209.32.0 - 173.209.63.255*** Require not ip 173.209.32.0/19 #173.209.57.149 #173.211.76.87 colocation data center las vegas 173.211.0.0 - 173.211.127.255 173.211.77.15 Require not ip 173.211.0.0/17 173.211.76 173.211.77 #173.212.213.212 contabo germany 173.212.192.0 - 173.212.223.255 Require not ip 173.212.213 #173.212.219.49 contabo germany 173.212.192.0 - 173.212.223.255 Require not ip 173.212.219 #dreamhost brea ca 173.236.128.0 - 173.236.255.255 173.236.139.221 REQUIRE not ip 173.236.128.0/17 #173.249.24.126 contabo germany 173.249.0.0 - 173.249.31.255 wp-login Require not ip 173.249.24 #bork - 173.245.211.29 - bandcon Singapore - 173-245-211-29.ipvanish.com - - [13/Jul/2021:17:12:31 -0700] "GET / HTTP/1.1" 200 8496 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36" # Require not ip 173.245.211 #cantabo data center germany 173.249.32.0 - 173.249.63.255 Require not ip 173.249.44.0/23 #just2018.justhost.com unifiedlayer Provo UT 173.254.0.0 - 173.254.127.255 - - [10/Jul/2021:05:48:50 -0700] "GET /wp-admin/ HTTP/2.0" 301 232 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 173.254.0.0/17 173.254.28 #173.254.202.176 quadranet los angeles 173.254.192.0 - 173.254.255.255 Require not ip 173.254.192.0/18 173.254.202 #172.255.125.187 abuseipdb leaseweb dallas 172.255.125.187 - - [19/Jul/2021:11:25:24 -0700] "GET /xmlrpc.php?rsd HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:50.0) Gecko/20100101 Firefox/50.0" #173.255.132.114 midphase /hosting svcs inc. ***173.255.128.0 - 173.255.143.255*** r-114-132-255-173.consumer-pool.prcdn.net Require not ip 173.255.128.0/20 #172.255.125 #174.138.28.150 digitalocean singapore 174.138.0.0 - 174.138.127.255 174.138.29.162 174.138.36.1 wp Require not ip 174.138.0.0/17 174.138.28 #china telecom Require not ip 175.7.56 #175.44.42.69 china unicom range 175.44.32.0 - 175.44.63.255 175.44.42.174 Require not ip 175.44.0.0/16 #fake admin - kddi corp japan 175.128.0.0 - 175.135.255.255 wp-login Require not ip 175.131.94.111 #175.145.44.64 wp-login telcom kuala lumpur ***175.145.0.0 - 175.145.255.255*** Require not ip 175.145 #hetzner germany 176.9.17.0 - 176.9.17.31 Require not ip 176.9.17.6 #176.74.192.85 internet vikings NJ/Sweden ***176.74.192.64 - 176.74.192.127*** Require not ip 176.74.192.85 #176.100.8.204 pautina ukraine ***176.100.0.0 - 176.100.31.255*** Require not ip 176.100.8 #176.103.48.32 xserver ukraine 176.103.48.0 - 176.103.63.255 Require not ip 176.103.48 #176.105.207.51 homenetpultava ukraine 176.105.192.0 - 176.105.223.255 Require not ip 176.105.207 #176.106.247.22 softvideo russia 176.106.240.0 - 176.106.255.255 176.106.246.67 Require not ip 176.106.246 176.106.247 #176.113.42.191 leasetoserversget russia ***176.113.42.0 - 176.113.43.255*** 176.113.43.187 176.113.43.80 Require not ip 176.113.42 176.113.43 #176.113.157.149 FOP/belicom ukraine 176.113.144.0 - 176.113.159.255 Require not ip 176.113.157 #176.122.25.12 IT GRAD Russia ***176.122.20.0 - 176.122.27.255*** #176.122.25.12 10/15/21, 8:24 AM /wp-admin/ error 403 GET 424 Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) Require not ip 176.122.25 #176.123.4.115 alexhost moldova ***176.123.0.0 - 176.123.11.255*** 176.123.0.55 Require not ip 176.123.0 176.123.4 #176.125.229.143 m247 Europe (Montenegro) constantly hacking 176.125.229.0 - 176.125.229.255 Require not ip 176.125.229 #176.174.233.185 Bouygues Telecom SA France pretended to be duckduckgo ss859-h02-176-174-233-185.dsl.sta.abo.bbox.fr - - [27/Jul/2021:00:40:37 -0700] "GET /b2evo1/blog1.php/brave-browser-and-opensuse-tumbleweed HTTP/2.0" 404 236 "https://duckduckgo.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Falkon/3.1.0 Chrome/87.0.4280.144 Safari/537.36" Require not ip 176.174.233.185 #176.222.58.28 proton.ru germany/proline london ***176.222.58.0 - 176.222.58.255*** Require not ip 176.222.58 #176.223.68.88 inhostroyale cleardocks israel ***176.223.68.0 - 176.223.71.255*** Require not ip 176.223.68 #176.235.216.155 superonline turkey ***176.232.0.0 - 176.236.255.255*** 176.232.56.28 Require not ip 176.232 176.235 #176.226.182.194 is74.ru russia ***176.226.128.0 - 176.226.191.255*** Require not ip 176.226.182 #178.17.171.124 trabia data center tor Moldova Require not ip 178.17.171 #178.18.247.147 contabo germany 178.18.240.0 - 178.18.247.255 cwpger.erisetechnology.com wp-login Require not ip 178.18.247 #179.61.228.102 host1plus australia / digital energy chile 179.61.128.0/17 #178.63.170.231 hetzner germany wp attack 178.63.170.224 - 178.63.170.239 Require not ip 178.63.170.231 179.61.128.0/17 179.61.228 #178.73.212.124 glesys sweden, Twingly 178.73.212.96 - 178.73.212.127 178.73.212.123 twingly 178.73.212.122 twingly Require not ip 178.73.212.122 178.73.212.120 178.73.212.121 178.73.212.123 178.73.212.124 #178.128.51.162 - - [10/Jul/2021:14:29:28 -0700] "GET /autodiscover/autodiscover.xml HTTP/1.1" 406 300 "http://autodiscover.fastbk.com/wp-login.php" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #178.128.48.180 digitalocean ***178.128.48.0 - 178.128.63.255*** 178.128.48.180 Require not ip 178.128.48 178.128.51 #178.128.166.56 wp digitalocean ***178.128.160.0 - 178.128.175.255*** Require not ip 178.128.166 #178.128.203.247 178.128.192.0 - 178.128.207.255 scan attack #digitalocean singapore & NYC - 178.128.80.83 - - [23/Jul/2021:10:32:31 -0700] "GET /autodiscover/autodiscover.xml/wp-includes/wlwmanifest.xml HTTP/1.1" 400 52 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" Require not ip 178.128.80 178.128.81 178.128.82 178.128.83 178.128.84 178.128.85 178.128.86 178.128.87 178.128.88 178.128.89 178.128.90 178.128.92 178.128.93 178.128.94 178.128.95 Require not ip 178.128.203 #178.171.53.160 goodline info elighttelecom ru ***178.171.52.0 - 178.171.53.255*** Require not ip 178.171.52 178.171.53 #178.238.231.203 contabo germany 178.238.231.0 - 178.238.231.255 Require not ip 178.238.231 #178.251.28.50 interacks netherlands wp-login ***178.251.28.0 - 178.251.28.255*** Require not ip 178.251.28 #179.34.40.203 TIM brazil 179.34.0.0/15 Require not ip 179.34.0.0/15 179.34.40 #179.61.150.109 digital energy germany ***179.61.144.0/20*** Require not ip 179.61.144.0/20 #179.61.162.94 digitalenergy germany ***179.61.160.0/19*** 179.61.172.109 Require not ip 179.61.160.0/19 #179.108.192.148 fixed line brazil conecta wp-login ***179.108.192.0/19*** Require not ip 179.108.192.0/19 #179.108.192.148 #179.124.215.127 novanet brazil fixed line ??? #Require not ip 179.124.212.0/22 #179.124.215.127 #180.69.199.119 skbroadband korea ***180.64.0.0 - 180.71.255.255*** Require not ip 180.69 #180.163.220.3 chinanet 180.160.0.0 - 180.175.255.255 180.163.220.97 180.163.220.62 2021-08-14 is block working? Require not ip 180.163 #180.168.171.18 chinatelcom 180.160.0.0 - 180.175.255.255 Require not ip 180.168 #Baidu *180.76.0.0 - 180.76.255.255*** Require not ip 180.76 #180.215.120.63 wp attack rackip/ctg hong kong 180.215.32.0 - 180.215.127.255 180.215.120.62 Require not ip 180.215.120 #abuseipdb - Indonesia 180.250.28.34 - - [12/Jul/2021:08:51:06 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 180.250.28.34 #181.15.99.54 argentina telcom 181.15.99.0/24 host54.181-15-99.telecom.net.ar - - [27/Jul/2021:16:58:32 -0700] "GET /?utm=semalt.com HTTP/1.1" 301 243 "https://semalt.com-----google.com/?q=semalt" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" Require not ip 181.15.99 181.15.99.0/24 #181.214.1.224 181.214.1.157 #181.214 is netherlands and I have had too many hack attempts from the entire range. 181.214.151.135 - - [04/Jul/2021:17:44:40 -0700] "GET /ca/ HTTP/2.0" 404 234 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1" Require not ip 181.214 #182.50.132.9 bork godaddy singapore ***182.50.132.0 - 182.50.133.255*** Require not ip 182.50.132 182.50.133 #182.53.92.100 tot thailand node-i90.pool-182-53.dynamic.totinternet.net broadband 182.53.0.0 - 182.53.255.255 Require not ip 182.53.92.100 #182.54.149.7 net4uindia india ***182.54.148.0 - 182.54.151.255*** Require not ip 182.54.149 #182.18.140.163 pioneer labs india ***182.18.140.0 - 182.18.142.255*** Require not ip 182.18.140 #182.160.96.130 wp-login aamranetworks bagladesh ***182.160.96.0 - 182.160.96.255*** Require not ip 182.160.96 #182.189.205.153 ptcl pakistan ***182.189.0.0 - 182.189.255.255*** Require not ip 182.189 #182.232.83.215 Thailand mobile internet 182.232.80.0 - 182.232.95.255 182.232.83.215 - - [27/Jul/2021:20:01:03 -0700] "GET /?utm=semalt.com HTTP/1.1" 401 228 "https://semalt.com-----google.com/?q=semalt" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" #182.232.83.42 Require not ip 182.232.80 182.232.81 182.232.82 182.232.83 #180.245.230.76 PT Telcom Indonesia ***180.245.128.0 - 180.245.255.255*** Require not ip 180.245.230 ###182.254.234.148 wp-login tencent cloud ***182.254.128.0 - 182.254.255.255*** Require not ip 182.254.234.148 #183.36.115.12 chinatelcom 183.0.0.0 - 183.63.255.255 Require not ip 183.36 #chinamobileltd Require not ip 183.192.233 #chinamobileltd Require not ip 183.200.98 #184.73.70.10 amazonaws VA ***184.72.0.0 - 184.73.255.255*** Require not ip 184.72 184.73 #184.94.240.92 abuseipdb cisco systems ironport Burlington WY 184.94.240.0 - 184.94.255.255 Require not ip 184.94 184.94.240.0/20 #abuseipdb - Belgrade - 37.120.193.232 - - [08/Jul/2021:11:53:07 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36" #abuseipdb - Netherlands - 181.214.206.232 - - [08/Jul/2021:11:53:37 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36" #[mostly] Sitelocker 184.154.139.3 184.154.139.17 ***184.154.0.0 - 184.154.255.255*** Require not ip 184.154 #184.155.229.4 cableone new mexico ***184.155.0.0 - 184.155.255.255*** Require not ip 184.155.229.4 #bork 184.164.70.7 gotmyhost phoenix 184.164.64.0 - 184.164.95.255 Require not ip 184.164.70 #bork abuseipdb resolves to 0.0.0.0 so info probably spoofed godaddy data center singapore ip-184-168-96-27.ip.secureserver.net - - [20/Jul/2021:02:49:40 -0700] "GET /wp-admin/ HTTP/2.0" 301 232 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 184.168.96 #hacker pair - Phoenix, AZ 184.170.241.192 - - [11/Jul/2021:09:25:45 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" #Belgium - 217.138.211.242 - - [11/Jul/2021:09:26:20 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" #184.170.252.242 performiv Georgia ***184.170.240.0 - 184.170.255.255*** 184.170.242.241 persistent attack Require not ip 184.170.241 184.170.242 184.170.252 #bork 185.13.231.4 - parsonline isp tehran - bluedns.maroonhost.net - - [20/Jul/2021:08:45:14 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 185.13.231 #185.20.51.238 hosteurope.de uk godaddy wp attack 185.20.48.0 - 185.20.51.255 Require not ip 185.20.51 #abuseipdb - Ireland - 105-233-24-185.static.servebyte.com - - [11/Jul/2021:09:57:04 -0700] "GET / HTTP/1.1" 200 1120 "-" "-" Require not ip 185.24.233.105 #185.27.99.146 excellent hosting sweden ***185.27.98.0 - 185.27.99.255*** 185.27.99.116 Require not ip 185.27.98 185.27.99 #185.31.175.240 bork liteserve netherlands ***185.31.175.0 - 185.31.175.255*** Require not ip 185.31.175 #185.32.190.38 wp-login ptservidor portugal 185.32.190.0 - 185.32.190.255 Require not ip 185.32.190 #185.32.222.13 cyberghost zurich 185.32.222.1 - 185.32.222.18 Require not ip 185.32.222.13 #185.49.20.75 abuseipdb ineonet france 185.49.20.75 - - [22/Jul/2021:10:13:11 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 185.49.20 #bork - abuseipdb datashield data center seychelles - onion.xor.sc - - [15/Jul/2021:22:44:41 -0700] "GET / HTTP/1.1" 200 8496 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0" Require not ip 185.56.80 #185.186.61.118 Atlantis Broadband Los Angeles ***185.186.60.0 - 185.186.63.255*** 185.186.61.118 - - [10/Oct/2021:11:45:14 -0700] "POST /wp-includes/css/wp-config.php HTTP/1.1" 500 - "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" Require not ip 185.186.61.118 #traffictransitsolutions france Require not ip 185.61.218 #185.65.134.175 31173 services amsterdam tor exit 185.65.134.0 - 185.65.134.255 Require not ip 185.65.134 #185.68.247.129 fine france 185.68.247.0 - 185.68.247.255 Require not ip 185.68.247 #185.72.54.199 ruscable spain fixed ip 185.72.54.0 - 185.72.54.255 Require not ip 185.72.54 #185.77.248.22 netstyle data center israel 185.77.248.0 - 185.77.248.255 Require not ip 185.77.248 #185.81.157.122 - inulogic virtual servers, europe 185.81.157.0 - 185.81.157.255 vpn 185.81.158.0 - 185.81.158.255 185.81.158.174 185.81.157.200 Require not ip 185.81.157 185.81.158 #185.83.214.69 nuno felgueiras Portugal IP Volume Norway ***185.83.214.0 - 185.83.214.255*** Require not ip 185.83.214 #185.85.189.10 idealhosting turkey 185.85.189.0 - 185.85.189.255 Require not ip 185.85.189 #185.104.44.133 ukraine.com ***185.104.44.0 - 185.104.44.255*** Require not ip 185.104.44 #185.104.187.120 m247 hungary ***185.104.187.0 - 185.104.187.255*** Require not ip 185.104.187.120 #185.104.217.66 servebyte ireland ***185.104.217.0 - 185.104.217.255*** Require not ip 185.104.217 #185.107.57.2 nforce netherlands ***185.107.57.0 - 185.107.57.255*** Require not ip 185.107.57 #185.121.81.206 hosterkz kz ***185.121.81.0 - 185.121.81.255*** Require not ip 185.121.81 #185.122.170.51 rapidseedbox israel 185.122.170.0 - 185.122.170.255 Require not ip 185.122.170 #185.132.250.222 jnet palestine ***185.132.250.0 - 185.132.250.255*** Require not ip 185.132.250 #185.138.241.232 coosto netherlands ***185.138.240.0 - 185.138.241.255*** Require not ip 185.138.241 #185.149.40.23 hosting ukraine ***185.149.40.0 - 185.149.41.255*** #web649.default-host.net - - [07/Oct/2021:13:19:50 -0700] "GET /.env HTTP/1.1" 301 237 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" Require not ip 185.149.40.23 #185.150.87.99 hostroyale india ***185.150.84.0 - 185.150.87.255*** 185.150.87.41 Require not ip 185.150.87 #***185.159.159.0 - 185.159.159.255***www.protonvpn.com - - [23/Sep/2021:06:13:36 -0700] "POST / HTTP/1.1" 200 16376 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" Require not ip 185.159.159 #185.165.116.23 wp-login maralhost iran ***185.165.116.0 - 185.165.117.255*** Require not ip 185.165.116.23 #185.182.23.197 inhostroyale ippn holdings israel ***185.182.20.0 - 185.182.23.255*** Require not ip 185.182.23 #185.195.24.52 firstbyte russia ***185.195.24.0 - 185.195.24.255*** Require not ip 185.195.24 #185.217.198.183 firstbyte russia 185.217.198.0 - 185.217.199.255 Require not ip 185.217.198 #185.220.100.244 185.220.100.240 - 185.220.100.255 zweibelfreunde germany #185.220.101.14 bork zweibelfreunde cia triad security wilmington DE 185.220.101.0 - 185.220.101.255*** Require not ip 185.220.100.244 185.220.101 #185.220.102.248 tor zweibelfreunde netherlands ***185.220.102.240 - 185.220.102.255*** 185.220.102.247 #185.220.103.4 tor zweibelfreunde netherlands ***185.220.103.0 - 185.220.103.255*** Require not ip 185.220.102.248 185.220.102.243 185.220.103 #185.240.188.154 admin BG Streamnet Bulgaria 185.240.188.0 - 185.240.188.255 Require not ip 185.240.188 #185.251.0.132 IT Management NYC ***185.251.0.0 - 185.251.1.255*** 185.251.0.132 - - [09/Oct/2021:09:33:50 -0700] "POST /wp-includes/css/wp-config.php HTTP/1.1" 500 - "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" Require not ip 185.251.0.132 #185.252.31.60 hostnetwork iran ***185.252.31.0 - 185.252.31.255*** Require not ip 185.252.31 #185.253.97.235 m247 185.253.97.0 - 185.253.97.255 big attack 2021-08-15 Require not ip 185.253.97 #185.128.136.63 sefroyek Tehran 185.128.136.0 - 185.128.137.255 cp42.tavanahost.com - - [26/Jul/2021:05:04:45 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 185.128.136 185.128.137 #185.136.204.48 fiberserve turkey 185.136.204.0 - 185.136.204.255 Require not ip 185.136.204 #185.154.154.226 virtua system france 185.154.154.0 - 185.154.155.255 Require not ip 185.154.154 185.154.155 #russia Require not ip 185.158.112 185.158.113 185.158.114 185.158.115 #185.107.47.171 tor exit massive hack attempt netherlands 185.107.47.0 - 185.107.47.255 Require not ip 185.107.47 #185.108.106.242 host royale france 185.108.106.0 - 185.108.106.255 Require not ip 185.108.106 #185.171.24.33 meanderhost bursabil turkey 185.171.24.32 - 185.171.24.39 Require not ip 185.171.24.33 #abuseipdb - anubisnetworks data center Belgium Require not ip 185.180.143 #bork - abuseipdb - koddos data center netherlands - 185.191.124.152 - - [19/Jul/2021:12:57:33 -0700] "GET /config HTTP/1.1" 301 231 "https://mail.fastbk.com/.git/config" "Go-http-client/1.1" Require not ip 185.191.124 #185.191.171.25 datawebglobal netherlands / SEMrush Cyprus ***185.191.171.0 - 185.191.171.255*** Require not ip 185.191.171 #185.201.246.183 everhost elitework tx 185.201.246.0 - 185.201.246.255 Require not ip 185.201.246 #185.219.83.52 zomro netherlands 185.219.83.0 - 185.219.83.127 Require not ip 185.219.83.52 #185.202.170.77 colocation america ***185.202.168.0 - 185.202.171.255*** Require not ip 185.202.170 #bork 185.220.100.254 - abuseipdb - zweibelfreunde data center Hassfurt Germany - tor-exit-3.zbau.f3netze.de - - [15/Jul/2021:22:44:36 -0700] "GET /index.php HTTP/1.1" 404 8493 "https://bork.fastbk.com/" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0" [working with three other tor exits] #185.220.100.255 git attack Require not ip 185.220.100 #185.220.102.251 tor exit Zwiebelfreunde E.V. netherlands/digitalcourage.de germany 185.220.102.240 - 185.220.102.255*** 185.220.102.253 Require not ip 185.220.102.243 185.220.102.251 185.220.102.253 #bork 185.220.101.216 - zweibelfreunde data center netherlands 185.220.101.216 - - [19/Jul/2021:12:57:47 -0700] "GET /config HTTP/1.1" 404 - "http://mail.fastbk.com/.git/config" "Go-http-client/1.1" #bork - 185.220.101.219- abuseipdb - zweibelfreunde data center Hassfurt Germany - tor exit - 185.220.101.219 - - [15/Jul/2021:22:44:31 -0700] "GET / HTTP/1.1" 200 8496 "-" "Mozilla/5.0 (Windows NT 6.0; rv:34.0) Gecko/20100101 Firefox/34.0"- [working with three other tor exits] Require not ip 185.220.101 #185.222.37.31 Elitework Kirkland WA everhost dallas tx 185.222.36.0 - 185.222.37.255 Require not ip 185.222.36 185.222.37 #sakura data center Hong Kong Require not ip 185.245.43 #"illuminati networks (coordinated with "intelligence network, inc" They are just making fun of us ... 185.246.173.104 - - [04/Jul/2021:17:49:37 -0700] "GET /en/ HTTP/2.0" 404 234 "-" "Mozilla/5.0 (iPhone; CPU iPhone OS 13_7 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.1.2 Mobile/15E148 Safari/604.1" Require not ip 185.246 #185.254.31.122 meric turkey host-185.254.31.122.meric.net.tr 185.254.31.0 - 185.254.31.255 Require not ip 185.254.31 # 186.13.122.70 env claro/amx argentina 186.13.0.0/16 Require not ip 186.13.0.0/16 #186.13.122.70 #186.64.117.55 zamltda Chile 186.64.116.235 wp-login mail.sitio36.sitiodns.net 186.64.118.190 Require not ip 186.64.112.0/21 #186.64.117 #186.127.49.32 telcom argentina *** Require not ip 186.127.48.0/23 #186.179.100.173 azteca colombia fixed line isp ***186.179.96.0/20*** #186.179.100.173 - - [14/Oct/2021:14:38:59 -0700] "GET /wp-login.php HTTP/1.1" 403 1414 "-" "Opera/9.80 (Windows NT 10.0); U) Presto/2.12.388 Version/12.16" Require not ip 186.179.100.173 #brazil - 187.51.127.28 - - [22/Jul/2021:00:47:49 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 187.51.127.0/24 #188.0.241.91 fixed line iran ***188.0.241.0 - 188.0.241.255*** Require not ip 188.0.241 #188.34.163.227 hetzner ***188.34.128.0 - 188.34.255.255*** Require not ip 188.34.163 #abuseipdb - netorn russia 188.35.130.0 - 188.35.131.255 Require not ip 188.35.130. 188.35.131 #188.68.47.96 abuseipdb netcup data center germany 188.68.47.96 - - [19/Jul/2021:09:38:10 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 188.68.47 #188.72.76.37 itg russia 188.72.76.0 - 188.72.76.255 Require not ip 188.72.76 #188.72.187.157 government of azerbaijan 188.72.160.0 - 188.72.191.255 Require not ip 188.72.187.157 #188.119.91.33 elitework atlanta 188.119.90.0 - 188.119.91.255 Require not ip 188.119.90 188.119.91 # 188.121.57.5 bork hosteruope netherlands godaddy 188.121.56.0 - 188.121.59.255 Require not ip 188.121.57 #188.138.192.154 starnet moldova 188.138.192.0 - 188.138.192.255 Require not ip 188.138.192 #188.166.40.55 ***188.166.0.0 - 188.166.127.255*** #digitalocean 188.166.224.0 - 188.166.239.255 Require not ip 188.166.40 Require not ip 188.166.224 188.166.225 188.166.226 188.166.227 188.166.228 188.166.229 188.166.230 188.166.231 188.166.232 188.166.233 188.166.234 188.166.235 188.166.236 188.166.224 188.166.237 188.166.239 #188.166.249.97 digitalocean singapore ***188.166.240.0 - 188.166.255.255*** Require not ip 188.166.249 #188.227.35.54 itglobal russia i-goldenhammock.co wp scan 188.227.35.0 - 188.227.35.255 Require not ip 188.227.35 #188.241.178.22 M247 188.241.178.0 - 188.241.178.255 Require not ip 188.241.178 #190.2.130.168 worldstream netherlands 190.2.128.0/20 Require not ip 190.2.128.0/20 190.2.130 #190.51.75.11 telephonica isp argentina - - [25/Jul/2021:05:30:18 -0700] "GET /?utm=semalt.com HTTP/1.1" 401 228 "https://semalt.com-----google.com/?q=semalt" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" Require not ip 190.51.75.11 #191.96.17.147 - - [23/Jul/2021:09:10:01 -0700] "POST /mail.php HTTP/1.0" 404 236 "https://ridesbyscott.com/" "Mozilla/5.0 (Windows NT 6.2; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.139 Safari/537.36" Require not ip 191.96.17.0/24 #191.96.67.142 either pakistan data server or digital energy chile Require not ip 191.96.67.0/24 #abuseipdb - 191.96.100.84 - - [08/Jul/2021:11:24:11 -0700] "GET /b2evo1/blog3.php/2009/01/04/prog HTTP/1.0" 404 236 "https://www.daltrey.org/b2evo1/blog3.php/2009/01/04/prog" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36 Edg/83.0.478.37" Require not ip 191.96.100.84 #191.96.251.172 Require not ip 191.96.251.172 #191.101.31.40 digitalenergy chile ***191.101.0.0/16*** 191.101.31.199 POST 191.101.106.64 #191.101.85.230 digitalenergy frankfurt germany/brazil ***191.101.80.0/20*** #191.101.106.64 digitalenergy frankfurt germany/brazil ***191.101.96.0/20*** 191.101.86.62 191.101.83.102 191.101.93.205 Require not ip 191.101.80.0/20 191.101.96.0/20 191.101.0.0/16 #191.101.174.27 - - [17/Sep/2021:22:20:40 -0700] "GET /autodiscover/autodiscover.xml/wp-includes/wlwmanifest.xml HTTP/1.1" 400 52 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" #191.101.174.27 digitalenergy l.a. ***191.101.174.0/23*** ***191.101.174.0 - 191.101.175.255*** 191.101.174.82 Require not ip 191.101.174 191.101.175 #191.101.217.199 host1plus france registered in Los Angeles 191.101.208.0/20 snooping search 191.101.208.35 191.101.217.125 Require not ip 191.101.208.0/20 191.101.217 #192.3.147.50 colocrossing 192.3.0.0 - 192.3.255.255 192.3.155.227 Require not ip 192.3 #192.34.60.141 digitalocean 192.34.56.0 - 192.34.63.255 Require not ip 192.34.56.0/21 192.34.60 #192.36.52.37 resilan/internetbolaget sweden 192.36.52.0 - 192.36.53.255 192.36.53.165 Require not ip 192.36.52 192.36.53 #192.36.71.133 internetbolaget 192.36.70.0 - 192.36.71.255*** Require not ip 192.36.70 192.36.71 #192.36.248.249 internetbolaget ***192.36.248.0 - 192.36.248.255*** Require not ip 192.36.248 #192.71.12.140 #192.71.44.44 - abuseipdb - resilans.se data center stockholm 192.36.70.0 - 192.36.71.255 192.71.12.0 - 192.71.12.255 192.71.142.0 - 192.71.142.255 - 192.71.44.44 - - [17/Jul/2021:06:59:07 -0700] "GET /humans.txt HTTP/1.1" 404 236 "http://ridesbyscott.com/humans.txt" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36" [multiple addresses, see abuseipdb also working with 192.36.71.133] #192.71.36.158 #192.71.142.35 resilan sweden 192.71.142.0 - 192.71.142.255 Require not ip 192.36.70 192.36.71 192.71.12 192.71.23 192.71.36 192.71.38 192.71.44 192.71.142 #192.40.57.58 totalsolutions performativ 192.40.56.0 - 192.40.59.255 Require not ip 192.40.57 #192.71.42.108 192.71.224.240 192.71.225.127 #192.71.30.89 resilan/internetbolaget ***192.71.30.0 - 192.71.30.255*** #192.71.103.173 internetbolaget sweden 192.71.42.0 - 192.71.42.255 192.71.103.0 - 192.71.103.255 192.71.224.0 - 192.71.225.255 Require not ip 192.71.30 192.71.42 192.71.103 192.71.224 192.71.225 #192.99.18.108 ovh data center quebec ns501158.ip-192-99-18.net 192.99.0.0 - 192.99.255.255 192.99.9.125 mail3.instantpot.com - - [16/Aug/2021:12:32:47 -0700] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 301 247 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" Require not ip 191.96.251.172 #192.42.116.23 tor as1101.net netherlands ***192.42.116.0 - 192.42.116.31*** Require not ip 192.42.116.23 #192.99.18.122 ovh ***192.99.0.0 - 192.99.255.255*** 192.99.18.136 Require not ip 192.99 #192.109.159.59 heficed ***192.109.159.0 - 192.109.159.127*** Require not ip 192.109.159.59 #192.109.159.248 heficed london ***192.109.159.128 - 192.109.159.255*** Require not ip 192.109.159.248 #192.109.165.100 nexsign germany/heficed london ***192.109.165.0 - 192.109.165.127*** Require not ip 192.109.165.100 #192.121.71.93 internetbolaget 192.121.71.0 - 192.121.71.255 192.121.71.61 Require not ip 192.121.71 #192.126.240.184 bigtip seattle wa 192.126.128.0 - 192.126.255.255 Require not ip 192.126.128.0/17 #192.145.239.46 this is weird, abuseipdb reports this as biz207.inmotionhosting, which is no the historical ip address and there are reports of wp-login attacks from this ip Require not ip 192.145.239.46 #192.151.145.138 nocix xyzzy kc mo ***192.151.144.0 - 192.151.159.255*** Require not ip 192.151.144.0/20 #192.126.240.184 #192.161.190.105 snooping search quadranet dallas 192.161.160.0 - 192.161.191.255 192.165.48.109 192.165.85.249 Require not ip 192.161.160.0/19 #192.169.82.226 bork limestoneworks dallas ***192.169.80.0 - 192.169.95.255*** Require not ip 192.169.80.0/20 #192.161.190 #192.185.130.172 websitewelcome provo ut 192.185.0.0 - 192.185.255.255 Require not ip 192.185 #192.186.177.218 servermania b2net 192.186.128.0 - 192.186.191.255 Require not ip 192.186.128.0/18 #192.186.177 #192.198.114.229 b2net solutions 192.198.96.0 - 192.198.127.255 Require not ip 192.198.96.0/19 #192.198.114.229 #192.210.168.228 colocrossing 192.210.128.0 - 192.210.255.255 Require not ip 192.210.128.0/17 192.210.168 #192.227.152.151 colocrossing buffalo ny 192.227.128.0 - 192.227.255.255 Require not ip 192.227.128.0/17 192.227.230 192.227.152 #srt4.websitewelcome.com - - [11/Jul/2021:02:20:32 -0700] "GET /wp-admin/ HTTP/2.0" 401 228 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" #bork - Atlanta GA srt4.websitewelcome.com - - [11/Jul/2021:02:20:32 -0700] "GET /wp-admin/ HTTP/2.0" 401 228 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 192.185.82 #192.186.169.50 servermania data center NYC Require not ip 192.186.169 #yournetmarket, chinese site on use host Require not ip 192.187.111.219 #192.81.214.168 digitalocean 192.81.208.0 - 192.81.223.255 Require not ip 192.81.208.0/20 192.81.214 #192.241.119.218 b2solutions servermania ***192.241.64.0 - 192.241.127.255*** 192.241.77.136 192.241.76.195 Require not ip 192.241.64.0/18 #193.9.158.180 atomohost ukraine silverstar UK 193.9.158.128 - 193.9.158.255 Require not ip 193.9.158.180 #193.19.109.40 consumervpn seattle/netherlands ***193.19.109.0 - 193.19.109.255*** Require not ip 193.19.109 #193.23.3.40 starkrdp germany (Italy) ***193.23.3.0 - 193.23.3.127*** Require not ip 193.23.3.40 #abuseipdb tidikom ukraine Require not ip 193.26.13 #193.32.126.155 interxion france ***193.32.126.0 - 193.32.126.255*** Require not ip 193.32.126 #193.47.57.86 hostroyale israel ***193.47.56.0 - 193.47.59.255*** Require not ip 193.47.57 #193.56.29.48 webhosted uk ***193.56.29.0 - 193.56.29.255*** Require not ip 193.56.29 #193.56.252.21 M247 ***193.56.252.0 - 193.56.252.255*** Require not ip 193.56.252 #193.70.30.99 OVH france 193.70.30.96 - 193.70.30.103 Require not ip 193.70.30.96 193.70.30.99 #193.93.192.172 btt group finance london 193.93.192.0 - 193.93.192.255 Require not ip 193.93.192 #193.105.73.129 behosting belgium ***193.105.73.0 - 193.105.73.255*** Require not ip 193.105.73 #193.110.95.34 findreplace tor spale switzerland ***193.110.95.0 - 193.110.95.255*** Require not ip 193.110.95.34 #193.112.212.10 wp-login tencent cloud 193.112.0.0 - 193.112.255.255 Require not ip 193.112 #193.118.53.138 zenlayer netherlands ***193.118.51.0 - 193.118.55.0*** #193.118.55.170 abuseipdb - zenlayer data center netherlands - zl-ams-nl-gp1-wk128.internet-census.org - - [19/Jul/2021:02:46:00 -0700] "GET / HTTP/1.1" 301 236 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36" Require not ip 193.118.53 193.118.55 #193.122.144.138 oracle VA ***193.122.0.0 - 193.123.255.255*** Require not ip 193.122 #193.124.9.165 finegroup germany / newark nj ***193.124.9.0 - 193.124.9.255*** Require not ip 193.124.9 #193.148.18.77 m247 europe - nyc 193.148.18.0 - 193.148.18.255 Require not ip 193.148.18 #193.149.225.9 heficed london ***193.149.225.0 - 193.149.225.127*** Require not ip 193.149.225.9 #193.160.68.176 ruusers rpmen russia ***193.160.68.0 - 193.160.69.25*** 193.160.68.244 193.160.69.49 193.160.69.12 193.160.69.204 Require not ip 193.160.68 193.160.69 #193.160.73.99 leasetoserversget russia ***193.160.72.0 - 193.160.73.255*** 193.160.73.229 Require not ip 193.160.73 #193.169.253.168 gigahost estonia ***193.169.253.0 - 193.169.253.255*** #193.169.254.217 gigahost estonia / poland 193.169.254.0 - 193.169.254.255 193.169.254.217 - - [24/Jul/2021:00:35:43 -0700] "GET /admin/jQuery-File-Upload/server/php/ HTTP/1.1" 301 264 "http://fastbk.com/admin/jQuery-File-Upload/server/php/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.152 Safari/537.36" Require not ip 193.169.253 193.169.254 #193.182.112.208 active search hosting stockholm 193.182.112.0 - 193.182.112.255 Require not ip 193.182.112 #193.183.171.82 internetbolaget 193.183.170.0 - 193.183.171.255 Require not ip 193.183.170 193.183.171 #customer-nat.pub.webpod6-cph3.one.com - - [10/Jul/2021:05:43:48 -0700] "GET /wp-admin/ HTTP/2.0" 301 232 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 193.202.110.22 #193.218.118.116 abuseipdb urdn data center urkaine Require not ip 193.218.118 #193.235.238.32 193.internetbolaget 193.235.238.0 - 193.235.239.255 193.235.239.88 Require not ip 193.235.238 193.235.239 #194.34.133.92 creanova finland 194.34.133.0 - 194.34.133.255 host-194-34-133-92.creanova.org Require not ip 194.34.133 #194.36.25.10 abuseipdb xtom data center germany 194.36.25.10 - - [18/Jul/2021:05:02:08 -0700] "GET /.env HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" Require not ip 194.36.25 #194.36.45.73 netlogic croatia ***194.36.45.0 - 194.36.45.255*** Require not ip 194.36.45 #194.44.228.53 fixed ip ukraine Require not ip 194.44.228 #194.61.114.162 hostroyale india ***194.61.114.0 - 194.61.115.255*** 194.61.114.133 Require not ip 194.61.114 194.61.115 #194.71.209.190 internetbolaget 194.71.208.0 - 194.71.211.255 194.71.209.105 Require not ip 194.71.209 #194.87.52.13 finegroup estonia / newark NJ 194.87.52.0 - 194.87.52.255 Require not ip 194.87.52 #194.127.179.142 abuseipdb clouvider data center netherlands 194.127.179.142 - - [18/Jul/2021:06:33:21 -0700] "GET /style.php?sig=beima&domain=anonymousfox.net&shell_file=qcivlupzkrs&file_name=/imam.zoneh.php HTTP/1.1" 404 236 "-" "Python-urllib/2.7" Require not ip 194.127.179 #194.146.24.114 kamatera ireland cloudwebmanage nyc 194.146.24.0 - 194.146.24.255 looking for _bork_ Require not ip 194.146.24 #194.156.124.135 dauction/silverstar uk ***194.156.124.0 - 194.156.125.255*** Require not ip 194.156.124 194.156.125 #vmi587035.contaboserver.net wp-login attack ***194.163.128.0 - 194.163.159.255*** 194.163.155.53 194.163.159.35 Require not ip 194.163.130 194.163.155 194.163.159 #194.59.165.219 tt1 datacenter singapore ***194.59.164.0 - 194.59.165.255 Require not ip 194.59.164 194.59.165 #194.9.191.20 vuhuvBot Turkey 194.9.191.0 - 194.9.191.255 Require not ip 194.9.191 #abuseipdb - ionos data center Germany. There are a lot of attacks from entire 195, I have a lot of blocks in the old deny list and maybe all of 195 should be blocked.195.20.240.196 - - [18/Jul/2021:16:29:22 -0700] "GET /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello HTTP/1.1" 301 236 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" Require not ip 195.20.224.0/19 #195.22.153.172 cjs russia ***195.22.152.0 - 195.22.153.255*** 195.22.153.165 /contact Require not ip 195.22.153 #195.28.11.250 ground ir iran ***195.28.11.0 - 195.28.11.255*** Require not ip 195.28.11 #195.54.161.54 arkada cyprus 195.54.161.0 - 195.54.161.255 Require not ip 195.54.161 #195.133.40.109 wp attack des capital spain/netherlands ***195.133.40.0 - 195.133.43.255*** Require not ip 195.133.40 #195.154.63.222 .wellknown illiad france 195.154.0.0 - 195.154.127.255 195.154.62.232 colton.probe.onyphe.net Require not ip 195.154.62 195.154.63 #195.78.54.130 Heficed Netherlands 195.78.54.0 - 195.78.54.255 Require not ip 195.78.54 #estnoc cambodia range 195.80.149.0 - 195.80.149.255 Require not ip 195.80 #195.133.40.201 des.capital data center madrid - 195.133.57.230 Require not ip 195.133 #195.154.62.232 illiad france 195.154.0.0 - 195.154.127.255 195.154.61.206 Require not ip 195.154 #195.176.3.20 Digitale Gesellschaft Switzerland/switch.ch 195.176.3.16 - 195.176.3.31 git attack Require not ip 195.176.3.20 195.176.3.23 #195.201.9.240 hetzner ***195.201.9.192 - 195.201.9.255*** Require not ip 195.201.9 #195.206.105.217 tor M247 zurich ***195.206.105.0 - 195.206.105.255*** Require not ip 195.206.105 #195.224.99.187 daisy group london ***195.224.99.0 - 195.224.99.255*** #195.224.117.82 daisy group london 195.224.117.0 - 195.224.117.255 Require not ip 195.224.99 195.224.117 #195.225.118.58 datasource zurich 195.225.117.0 - 195.225.119.255 Require not ip 195.225.117 195.225.118 195.225.119 #195-246-120-102-static.serverhotell.net - - [20/Jul/2021:17:12:45 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 403 1443 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20121202 Firefox/17.0 Iceweasel/17.0.1" Require not ip 195.246.120 #195.123.226.182 abuseipdb itldc data center bulgaria Require not ip 195.123.226 #195.133.57.160 finegroup india / newark, nj ***195.133.57.0 - 195.133.57.255*** Require not ip 195.133.57 #196.2.15.68 cbinet burundi ***196.2.15.0 - 196.2.15.255*** Require not ip 196.2.15 #196.18.5.145 netstyleservers Seychelles 196.16.0.0 - 196.19.255.255 #196.16.162.12 netstyleservers Kansas City MO 196.18.225.180 196.19.240.102 Require not ip 196.16 196.17 196.18 196.19 #196.44.176.55 yoafrica zimbabwe - dagga.yoafrica.com - - [21/Jul/2021:19:04:42 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 196.44.176 #196.65.60.41 git maroc telecom moracco ***196.65.0.0 - 196.65.255.255*** Require not ip 196.65 #196.245.186.157 fibergrid ***196.245.128.0 - 196.245.191.255*** Require not ip 196.245.186 #196.196.224.172 fibergrid south africa ***196.196.192.0 - 196.196.255.255*** Require not ip 196.196.224 #196.203.219.49 wp-login topnet tunisia ***196.203.216.0 - 196.203.219.255*** Require not ip 196.203.219 #196.240.237.59 sleutelwerk poland 196.240.192.0 - 196.240.255.255 Require not ip 196.240.237 #196.242.21.252 snooping search fibregrid london/finland/eu 196.242.0.0 - 196.242.63.255 196.242.46.238 196.242.21.222 196.242.20.222 196.242.20.134 Require not ip 196.242.20 196.242.21 196.242.46 #196.242.115.83 fibergrid helsinki / south africa 196.242.64.0 - 196.242.127.255 Require not ip 196.242.115 #196.244.46.45 fibergrid finland/south africa ***196.244.0.0 - 196.244.63.255*** Require not ip 196.244.46 #196.245.164.127 fibergrid finland ***196.245.128.0 - 196.245.191.255*** Require not ip 196.245.164 #196.245.187.28 fibergrid finland ***196.245.128.0 - 196.245.191.255*** Require not ip 196.245.187 #196.247.163.211 fibergrid finland 196.247.128.0 - 196.247.191.255 Require not ip 196.247.163 #197.13.10.11 ati tunisia 197.13.0.0 - 197.13.255.255 plesk.oxabox.com - - [16/Aug/2021:09:31:52 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 197.13 #197.37.166.206 tedata egypt ***197.36.0.0 - 197.37.255.255*** Require not ip 197.37 #198.1.73.44 unifiedlayer ***198.1.64.0 - 198.1.127.255*** server.thedcvoice.com - - [02/Oct/2021:04:58:29 -0700] "GET / HTTP/1.1" 301 228 "-" "-" Require not ip 198.1.73 #198.12.123.130 vortex ga / colocrossing 198.12.64.0 - 198.12.127.255 Require not ip 198.12.64.0/18 #198.12.226.30 godaddy 198.12.128.0 - 198.12.255.255 Require not ip 198.12.128.0/17 #198.15.81.219 securedservers data center phoenix 198.15.64.0 - 198.15.127.255 [not clear this is the server] bork host103-58-58-66.adriinfocom.in - - [25/Jul/2021:12:39:19 -0700] "GET /_bork_/ HTTP/1.1" 200 14034 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.47 Safari/537.36" #bork 198.49.66.68 hostdime Orlando vps.fafireead.com.br - - [31/Jul/2021:16:27:46 -0700] "GET /download.php?link_ID=22 HTTP/1.0" 404 236 "-" "-" Require not ip 198.15.64.0/18 198.15.81 198.49 #198.20.173.156 b2net ***198.20.160.0 - 198.20.191.255*** Require not ip 198.20.160.0/19 #198.46.90.17 ??? ash-biz-pro-bir1.imhadmin.net - - [30/Aug/2021:01:38:42 -0700] "GET / HTTP/1.1" 301 228 "-" "python-requests/2.9.1" inmotionhosting admin??? #198.23.145.197 colocossing 198.23.128.0 - 198.23.255.255 Require not ip 198.23.128.0/17 198.23.145 #198.27.82.45 wp-login ovh canada ***198.27.64.0 - 198.27.127.255*** Require not ip 198.27.82 #198.46.176.33 snoopy colocrossing 198.46.128.0 - 198.46.255.255 198.46.251.51 Require not ip 198.46.128.0/17 198.46.176.33 #namecheap.com - must be parked domain hosting or something # Require not ip 198.54.117 #198.54.120.235 bork namecheap 198.54.112.0 - 198.54.127.255 Require not ip 198.54.112.0/20 #198.54.120.235 #198.71.227.4 bork godaddy 198.71.128.0 - 198.71.255.255 Require not ip 198.71.128.0/17 #198.71.227.4 #tek7.tektonik.com - - [10/Jul/2021:05:52:05 -0700] "GET /wp-admin/ HTTP/2.0" 301 232 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" Require not ip 198.100.150.163 #198.144.120.177 GTT McLean VA 198.144.96.0 - 198.144.127.255 Require not ip 198.144.96.0/19 198.144.120 #198.144.176.73 colocrossing 198.144.176.0 - 198.144.191.255 Require not ip 198.144.176.0/20 198.144.176.73 #198.199.94.115 digitalocean 198.199.64.0 - 198.199.127.255 Require not ip 198.199.64.0/18 #198.204.234.254 nocix kansas city mo 198.204.224.0 - 198.204.255.255 198.204.234.251 198.204.238.212 Require not ip 198.204.234 198.204.238 #198.204.234.252 - - [09/Jul/2021:08:10:15 -0700] "GET //wp-content/plugins/fancy-product-designer/inc/custom-image-handler.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36" #198.204.234.253 nocix kansas city 198.204.224.0 - 198.204.255.255 Require not ip 198.204.224.0/19 #198.204.234.252 #198.240.68.28 fastlane wyoming 198.240.64.0 - 198.240.127.255 Require not ip 198.240.64.0/18 198.240.68 #198.245.73.117 b2net servermania, was this colocrossing or not? 198.245.64.0 - 198.245.79.255 198-245-73-117-host.colocrossing.com 198-245-68-103-host.colocrossing.com Require not ip 198.245.64.0/20 198.245.68 198.245.73 #199.21.115.43 colocrossing 199.21.112.0 - 199.21.115.255 Require not ip 199.21.112.0/22 #199.21.115.43 #bork - 199.26.192.2 - abuseipdb - eqservers data server Wilmington Delaware -hosted-by.eqservers.com - - [15/Jul/2021:21:58:34 -0700] "GET / HTTP/1.1" 200 8496 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_8; en-us) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50" #hosted-by.eqservers.com - - [03/Oct/2021:19:49:17 -0700] "GET //2020/wp-includes/wlwmanifest.xml HTTP/1.1" 301 259 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" Require not ip 199.26.192 #199.34.18.6 sipbound/cloudsouth west palm beach fl 199.34.16.0 - 199.34.31.255 Require not ip 199.34.16.0/20 199.34.18 #199.127.56.236 fiberhub las vegas 199.127.56.0 - 199.127.59.255 x236.dp.ly - - [01/Aug/2021:03:46:44 -0700] "GET / HTTP/2.0" 200 1192 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36" Require not ip 199.127.56 199.127.57 199.127.58 199.127.59 #199.187.209.30 totalserversolutions phoenix 199.187.208.0 - 199.187.211.255 Require not ip 199.187.209 #199.188.103.221 colocrossing ***199.188.100.0 - 199.188.103.255*** Require not ip 199.188.100.0/22 #199.192.23.119 namecheap ***199.192.16.0 - 199.192.31.255*** Require not ip 199.192.16.0/20 #199.195.253.184 ponynet frantech cheyenne wyoming 199.195.248.0 - 199.195.255.255 Require not ip 199.195.248.0/21 199.195.253 #199.229.250.134 performive GA and other names 199.229.248.0 - 199.229.255.255 Require not ip 199.229.250 #abuseipdb - quintex alliance consulting data center San Angelo TX tor58.quintex.com - - [10/Jul/2021:23:46:43 -0700] "GET /assets/ckfinder/core/connector/php/connector.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.3945.117 Safari/537.36" Require not ip 199.249.230 #200.142.183.33 semalt faciliti telcom brazil 200.142.176.0/21 Require not ip 200.142.176.0/21 200.142.183.33 #202.39.54.2 chungwa telcom taiwan ***202.39.0.0 - 202.39.95.255*** Require not ip 202.39.54 #malaysia 202.80.208.0 - 202.80.223.255 Require not ip 202.80.217.0/24 #202.213.116.82 japan network information center 202.212.0.0 - 202.215.255.255 pc01082.nice-tv.jp Require not ip 202.213 #203.150.48.118 internet thailand ***203.150.48.0 - 203.150.48.255*** Require not ip 203.150.48 #203.159.80.189 legaconetworks netherlands 203.159.80.0 - 203.159.95.255 203.159.80.189 - - [16/Aug/2021:21:00:38 -0700] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 406 300 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" #full anonymousfox 203.159.80.189 - - [16/Aug/2021:20:58:27 -0700] "GET /style.php HTTP/1.1" 500 - "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" Require not ip 203.159.80 #203.162.0.78 vietnam data communications 203.162.0.0 - 203.162.8.255 static.vnpt.vn - - [05/Aug/2021:08:17:39 -0700] "GET /?utm=semalt.com HTTP/1.1" 500 - "https://semalt.com-----google.com/?q=semalt" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" Require not ip 203.162.0 #203.190.41.148 jatara indonesia internet service provider 203.190.40.0 - 203.190.47.255 Require not ip 203.190.41 #203.218.98.99 hong kong telecommunications ***203.218.0.0 - 203.218.127.255*** Require not ip 203.218.98 #204.9.73.208 smartdrive systems/fullcontrol Kansas ***204.9.72.0 - 204.9.79.255*** Require not ip 204.9.73 #confluence virgin islands 204.11.56.0 - 204.11.57.255 204.11.56.48 Require not ip 204.11.56 204.11.57 204.11.56.0/23 #204.48.23.72 digital ocean ***204.48.16.0 - 204.48.31.255*** Require not ip 204.48.16.0/20 #bork - 204.145.69.221 - abuseipdb - bizbudding Hackettstown NJ - hostingsource.dmarc2.ewr1.atlanticmetro.net - - [13/Jul/2021:07:49:23 -0700] "GET /install.php?step=2 HTTP/1.1" 401 228 "-" "Python-urllib/2.7" Require not ip 204.145.69 #205.169.39.13 century link isp arkansas not sure this was a hacker, just looked at daltrey.org front page, but also looked at pinkbunny, so not. Require not ip 205.169.39.13 #205.185.123.97 frantech tor las vegas ponynet wyoming ***205.185.112.0 - 205.185.127.255*** Require not ip 205.185.112.0/20 #205.185.123.97 #205.185.214.139 ipvanish 205.185.192.0 - 205.185.223.255 Require not ip 205.185.192.0/19 205.185.214 #205.196.222.192 dreamhost la brea ca ***205.196.208.0 - 205.196.223.255*** wp-login Require not ip 205.196.208.0/20 #205.234.152.103 colocrossing ***205.234.128.0 - 205.234.255.255*** Require not ip 205.234.128.0/17 #205.234.152.103 #206.41.182.205 Trident thoughtport chicago 206.41.160.0 - 206.41.191.255 ridesbyscott not sure on this one # Require not ip 206.41.160.0/19 206.41.182.205 #abuseipdb digitalocean NYC - 206.81.5.38 - - [22/Jul/2021:11:18:58 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 206.81.0.0/19 #206.123.95.132 admin colocrossing ***206.123.64.0 - 206.123.127.255*** Require not ip 206.123.64.0/18 #206.123.95 #206.130.96.50 westhost Providence UT 206.130.96.0 - 206.130.127.255 adf4d15b.setaptr.net POST Require not ip 206.130.96.0/19 #206.130.96.50 #206.166.236.45 n3xtwork lutz fl 206.166.224.0 - 206.166.239.255 Require not ip 206.166.236 #bork - 206.189.85.88 digitalocean singapore 206.189.0.0 - 206.189.255.255 206.189.85.88 - - [26/Jul/2021:06:01:17 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #206.189.144.241 206.189.140.3 Require not ip 206.189 #206.217.131.119 colocrossing ***206.217.128.0 - 206.217.143.255*** Require not ip 206.217.128.0/20 #206.253.224.14 iss.net atlanta 206.253.224.14 - - [19/Jul/2021:07:25:01 -0700] "GET /robots.txt HTTP/1.1" 200 254 "-" "Mozilla/5.0 (compatible; oBot/2.3.1; http://www.xforce-security.com/crawler/)" #206.253.226.7 obot x-force security internet securrity systems ***206.253.224.0 - 206.253.255.255*** 206.253.224.74 Require not ip 206.253.224.0/19 #206.253.224 #207.55.255.20 wp-login jumpline florida ***207.55.240.0 - 207.55.255.255*** Require not ip 207.55.240.0/20 #207.99.46.206 net access corp denver 207.99.0.0 - 207.99.127.255 207.99.46.205 Require not ip 207.99 #207.136.12.46 symbionet australia ***207.136.0.0 - 207.136.63.255*** Require not ip 207.136.12 #207.148.71.228 constant co/vultr ***207.148.64.0 - 207.148.79.255*** Require not ip 207.148.71 #per abuseipdb mail.semanticsystems.com - - [07/Jul/2021:17:37:17 -0700] "GET /rsc/AD005_screenshot.png HTTP/2.0" 200 128740 "https://www.google.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.106 Safari/537.36" Require not ip 207.148.248.143 #207.180.251.227 abuseipdb contabo data center munich Require not ip 207.180.251 #207.210.239.214 hudsonvalleyhost/colocrossing ***207.210.192.0 - 207.210.255.255*** Require not ip 207.210.192.0/18 #207.244.251.142 us.net/contabo missouri ***207.244.224.0 - 207.244.255.255*** Require not ip 207.244.224.0/19 #207.241.229.226 internet archive search spider? #Require not ip 207.241.229.226 #forcepoint / surfcontrol san diego - 208.87.232.0 - 208.87.239.255 Require not ip 208.87.237 208.87.232.0/21 #208.92.218.162 boardreader, won't take no for an answer 208.92.216.0 - 208.92.223.255 Require not ip 208.92.216.0/21 208.92.218 #208.97.177.228 dreamhost brea ca 208.97.128.0 - 208.97.191.255 wp-login william-floyd.dreamhost.com Require not ip 208.97.177.228 #208.110.85.68 admin hack tsinghua university kansas city mo - wholesale internet inc. 208.110.85.69 208.110.85.70 Require not ip 208.110.85 208.110.64.0/19 #208.113.170.11 #208.113.217.164 dreamhost Brea CA 208.113.128.0 - 208.113.255.255 francis-lewis.dreamhost.com - - [31/Jul/2021:08:16:38 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 208.113.128.0/17 208.113.217 #209.58.130.54 leaseweb san jose 209.58.128.0 - 209.58.143.255 #209.58.142.218 leaseweb 209.58.128.0 - 209.58.143.255 Require not ip 209.58.128.0/20 #209.58.142 #bork 209.97.171.80 digitalocean singapore 209.97.128.0 - 209.97.191.255 209.97.171.80 - - [28/Jul/2021:09:18:28 -0700] "GET /credentials HTTP/1.1" 404 236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" Require not ip 209.97.128.0/18 209.97.171 #209.126.5.104 wp-login contabo US ***209.126.0.0 - 209.126.15.255*** Require not ip 209.126.0.0/20 #209.126.5.104 #209.127.17.242 b2net solutions ***209.127.0.0 - 209.127.138.255*** Require not ip 209.127.128.0/21 209.127.0.0/17 209.127.138.0/24 209.127.136.0/23 #209.141.50.178 frantech las vegas/ponytel wy ***209.141.32.0 - 209.141.63.255*** Require not ip 209.141.32.0/19 #209.145.58.226 world internet san marcos ca adiaboreha.com 209.145.32.0 - 209.145.63.255 Require not ip 209.145.32.0/19 209.145.58 #209.242.196.208 hostroyale south carolina/houston tx ***209.242.192.0 - 209.242.223.255*** Require not ip 209.242.192.0/19 #209.242.196.208 #210.13.75.122 chinaunicom shanghai 210.13.64.0 - 210.13.127.255 - - [27/Jul/2021:11:31:23 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 210.13.75 #broadnnet korea Require not ip 211.176 211.177 #211.91.229.15 chinaunicom ***211.90.0.0 - 211.91.255.255*** Require not ip 211.90 211.91 #211.231.37.65 kt.com korea 211.226.0.0 - 211.231.255.255 Require not ip 211.231 #211.249.246.130 dreamline isp Korea forum attack Require not ip 211.249 #212.3.130.12 rostelecom.ru 212.3.128.0 - 212.3.159.255 Require not ip 212.3.130.12 #212.14.52.46 zut.edu poland ***212.14.0.0 - 212.14.63.255*** Require not ip 212.14.52 #212.23.91.197 vimpelcom/holy net russia 212.23.91.196 - 212.23.91.199 office.render.ur.ru Require not ip 212.23.91.196 212.23.91.197 212.23.91.198 212.23.91.199 #212.33.207.28 asiatech iran ***212.33.207.0 - 212.33.207.255*** Require not ip 212.33.207 #212.45.32.29 solcon netherlands ***212.45.32.0 - 212.45.32.255*** Require not ip 212.45.32 #212.47.248.114 online SAS france/scaleway ***212.47.240.0 - 212.47.255.255*** Require not ip 212.47.248 #212.50.66.227 magibg bulgaria ***212.50.64.0 - 212.50.67.255*** Require not ip 212.50.66 #212.83.146.233 monica.probe.onyphe.net - 100% evil, abuseipdb - France SAS Online France 212.83.144.0 - 212.83.159.255 Require not ip 212.83.146 212.83.158 #212-83-183-215.rev.poneytelecom.eu - - [03/Jul/2021:10:02:38 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" #illiad france ***212.83.160.0 - 212.83.191.255*** Require not ip 212.83.178 212.83.183 #212.86.102.106 netherlands 212.86.102.0 - 212.86.102.127 zomro vm2100279.62ssd.had.wf Require not ip 212.86.102.106 #212.90.39.68 ukraine 212.90.32.0 - 212.90.47.255 Require not ip 212.90.32 212.90.34 212.90.34 212.90.35 212.90.36 212.90.37 212.90.38 212.90.39 #212.102.49.192 datacamp uk/spain, big wp attack 212.102.48.0 - 212.102.49.255 might not be this ip unn-212-102-49-192.cdn77.com. It was 403, on daltrey.net Require not ip 212.102.48 212.102.49 #212.102.63.151 datacamp data center london Require not ip 212.102.63 #212.192.241.68 major attack serverion netherlands range 212.192.240.0 - 212.192.243.255 Require not ip 212.192.240 212.192.241 212.192.242 212.192.243 #212.193.0.51 fine group germany/newark nj 212.193.0.0 - 212.193.0.255 Require not ip 212.193.0 #212.236.196.13 anonymousfox vbnetat austria ***212.236.196.0 - 212.236.196.255*** Require not ip 212.236.196 #213.61.154.42 finbot financialbot germany 213.61.154.40 - 213.61.154.43 213.61.218.52 #***213.61.218.0 - 213.61.218.127*** Require not ip 213.61.154.42 213.61.218.52 #213.133.106.50 hetzner germany 213.133.96.0 - 213.133.111.255 Require not ip 213.133.106 #213.164.204.165 banhof sweden tor exit 213.164.204.0 - 213.164.207.255 Require not ip 213.164.204 #bork - abuseipdb - dauction.ru moscow russia - 213.166.92.141 - - [16/Jul/2021:09:24:06 -0700] "HEAD /js/jquery/jquery-migrate.js HTTP/1.1" 404 - "https://ridesbyscott.com/wp-includes/js/jquery/jquery-migrate.js" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/51.0" Require not ip 213.166.92 #213.168.249.115 crawlerthing/linode UK/Philadelphia ***213.168.248.0 - 213.168.251.255*** Require not ip 213.168.249 #213-178-40-145.clients.smr.100megabit.ru abuseipdb fixed line isp russia Require not ip 213.178.40 #213.202.216.189 myloc germany ***213.202.192.0 - 213.202.255.255*** Require not ip 213.202.216 #213.209.139.36 ipmen russia ***213.209.139.0 - 213.209.139.255*** Require not ip 213.209.139 #parsonline tehran Require not ip 213.217.34 #213.232.122.194 fine group newark nj ***213.232.122.0 - 213.232.122.255*** Require not ip 213.232.122 #213.238.178.239 amazon singapore ***213.238.178.0 - 213.238.178.255*** #213.238.178.239 - - [13/Oct/2021:13:04:08 -0700] "GET /.env HTTP/1.1" 403 426 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" Require not ip 213.238.178 #216.126.231.194 servercrate data server seattle 216.126.224.0 - 216.126.239.255 Require not ip 216.126.231 216.126.224.0/20 #216.145.14.142 domaintools seattle ***216.145.0.0 - 216.145.31.255*** Require not ip 216.145.0.0/19 #216.151.191.12 ipvanish bandcon dallas tx 216.151.176.0 - 216.151.191.255 Require not ip 216.151.176.0/20 216.151.191 #216.152.132.114 aptum ontario 216.152.128.0 - 216.152.143.255 Require not ip 216.152.128.0/20 216.152.132 #abuseipdb - websitewelcome.com - Provo Utah - br484.hostgator.com.br - - [12/Jul/2021:09:17:49 -0700] "GET / HTTP/2.0" 401 228 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" [linked with 108.179.193.10, same host???] Require not ip 216.172.172 #colocrossing chicago Require not ip 216.246.0.0/17 #dotbot Require not ip 216.244.66 #216.151.191.12 ipvanish bandcon dallas tx 216.151.176.0 - 216.151.191.255 Require not ip 216.151.176.0/20 216.151.191 #217.9.143.94 vodafone iceland 217.9.143.0 - 217.9.143.255 ns2.xnet.is - - [28/Jul/2021:10:02:47 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" Require not ip 217.9.143.94 #217.12.86.246 wp-login amaliy uzbekistan ***217.12.86.0 - 217.12.86.255*** Require not ip 217.12.86 #217.52.184.157 nile online egypt 217.52.0.0 - 217.55.255.255 Require not ip 217.52 #217.69.2.86 netv4 france ***217.69.2.0 - 217.69.3.255*** Require not ip 217.69.2 217.69.3 #217.121.85.180 ziggo cable netherlands 217-121-85-180.cable.dynamic.v4.ziggo.nl repeated requests for home.gif Require not ip 217.121.85.180 #hacker pair - Phoenix, AZ 184.170.241.192 - - [11/Jul/2021:09:25:45 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" #Belgium 217.138.211.242 - - [11/Jul/2021:09:26:20 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" m247 brussels 217.138.211.0 - 217.138.211.255 Require not ip 217.138.211 #217.160.12.144 ionos ***217.160.3.0 - 217.160.15.255*** 217.160.192.178 #ionos germany ***217.160.192.0 - 217.160.193.25*** Require not ip 217.160.12 217.160.192 217.160.193 #217.172.98.91 Iran ***217.172.98.0 - 217.172.98.255*** Require not ip 217.172.98 #217.182.171.12 ovh france 217.182.0.0 - 217.182.255.255 Require not ip 217.182 #218.17.86.55 chinatelecom ***218.13.0.0 - 218.18.255.255*** Require not ip 218.17 #218.26.163.125 internet.sx.cn china 218.26.163.120 - 218.26.163.127 125.163.26.218.internet.sx.cn - - [16/Aug/2021:17:13:01 -0700] "GET / HTTP/1.1" 301 235 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" Require not ip 218.26.163.125 #china telecom Require not ip 218.31.194 #218.56.69.8 chinaunicom ***218.56.0.0 - 218.59.255.255*** Require not ip 218.56 #218.76.84.52 chinanet 218.76.64.0 - 218.76.95.255 Require not ip 218.76.84 #218.77.73.72 china telcom 218.77.64.0 - 218.77.79.255 Require not ip 218.77.73 #218.54.99.23 skbroadband korea 218.50.0.0 - 218.55.255.255 Require not ip 218.54 #219.77.242.95 netvigator hong kong 219.77.0.0 - 219.77.255.255 n219077242095.netvigator.com Require not ip 219.77 #219.100.37.243 softether gmail.com japan ***219.96.0.0 - 219.127.255.255*** Require not ip 219.100 #219.138.163.116 chinatelcom ***219.138.0.0 - 219.140.255.255*** Require not ip 219.138 #220.170.173.194 chinatelcom ***220.170.160.0 - 220.170.183.255*** Require not ip 220.170.173 #220.181.51.73 chinanet 220.181.0.0 - 220.181.255.255 220.181.51.81 220.181.108.118 baidu Require not ip 220.181 #bytespider Require not ip 220.243.135 220.243.136 #220.249.46.126 sogou referral chinatelcom 220.249.0.0 - 220.249.63.255 Require not ip 220.249.46 #221.2.163.231 chinaunicom ***221.0.0.0 - 221.3.127.255*** 221.213.75.161 china unicom ***221.213.0.0 - 221.213.255.255*** Require not ip 221.2 221.213 #abusipdb China 221.226.50.162 - - [08/Jul/2021:04:50:06 -0700] "GET / HTTP/1.1" 200 1713 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" Require not ip 221.226.50 #222.73.129.25 chinanet shanghai ***222.64.0.0 - 222.73.255.255*** Require not ip 222.73 #china telecom Require not ip 222.90.58 222.218.130 #222.127.126.50 wp-login shangrila philippines ***222.127.126.0 - 222.127.126.255*** Require not ip 222.127.126 # 222.137.4.183 chinaunicom 222.136.0.0 - 222.143.255.255 Require not ip 222.137 #chinamobileltd ***223.64.0.0 - 223.117.255.255*** Require not ip 223.67 223.78 #223.78.154.250 chinamobile order allow,deny allow from all ErrorDocument 403 /403.html Redirect 301 /2018 https://bork.fastbk.com Redirect 301 /2019 https://bork.fastbk.com Redirect 301 /2020 https://bork.fastbk.com Redirect 301 /autodiscover https://bork.fastbk.com Redirect 301 /admin https://daltrey.org/autoblk.php Redirect 301 /adminer.php https://bork.fastbk.com Redirect 301 /administrator https://fastbk.com/_admin Redirect 301 /.aws https://bork.fastbk.com Redirect 301 /aws.yml https://bork.fastbk.com Redirect 301 /backup https://bork.fastbk.com Redirect 301 /bkp https://bork.fastbk.com Redirect 301 /blog https://bork.fastbk.com Redirect 301 /b2evo1/htsrv https://bork.fastbk.com Redirect 301 /cms https://bork.fastbk.com Redirect 301 /cgi-sys https://bork.fastbk.com Redirect 301 /config https://bork.fastbk.com Redirect 301 /config.yml https://bork.fastbk.com Redirect 301 /copy https://bork.fastbk.com Redirect 301 /dump https://bork.fastbk.com Redirect 301 /db https://bork.fastbk.com Redirect 301 /database https://bork.fastbk.com Redirect 301 /.env https://bork.fastbk.com Redirect 301 /file https://bork.fastbk.com Redirect 301 /forum https://bork.fastbk.com Redirect 301 /.git https://bork.fastbk.com Redirect 301 /myadmin https://fastbk.com/_admin Redirect 301 /mysql https://bork.fastbk.com Redirect 301 /mysqladmin https://bork.fastbk.com Redirect 301 /media https://bork.fastbk.com Redirect 301 /new https://bork.fastbk.com Redirect 301 /news https://bork.fastbk.com Redirect 301 /old https://bork.fastbk.com Redirect 301 /oldsite https://bork.fastbk.com Redirect 301 /phpinfo https://fastbk.com/php_share_this.html Redirect 301 /phpinfo.php https://fastbk.com/php_share_this.html Redirect 301 //phpMyAdmin https://fastbk.com/_admin Redirect 301 /pma https://bork.fastbk.com Redirect 301 /?q=semalt https://fastbk.com/_admin Redirect 301 /robots.txt https://fastbk.com/403.php Redirect 301 /shop https://bork.fastbk.com Redirect 301 /site https://bork.fastbk.com Redirect 301 /sito https://bork.fastbk.com Redirect 301 /sql https://bork.fastbk.com Redirect 301 /sql.php https://bork.fastbk.com Redirect 301 /temp https://bork.fastbk.com Redirect 301 /tmp https://bork.fastbk.com Redirect 301 /test https://bork.fastbk.com Redirect 301 /web https://bork.fastbk.com Redirect 301 /website https://bork.fastbk.com Redirect 301 /wordpress https://bork.fastbk.com Redirect 301 /wp-admin https://fastbk.com/_admin Redirect 301 /wp https://bork.fastbk.com Redirect 301 /wp1 https://bork.fastbk.com Redirect 301 /wp2 https://bork.fastbk.com Redirect 301 /wp-content https://bork.fastbk.com Redirect 301 /wp-content.php https://bork.fastbk.com Redirect 301 /wp-login https://daltrey.org/autoblk.php Redirect 301 /wp-login.php https://daltrey.org/autoblk.php Redirect 301 /wp-includes https://bork.fastbk.com Redirect 301 /xmlrpc.php https://bork.fastbk.com #special to sitelock Redirect 301 /th1s_1s_a_4o4.html https://www.sitelock.com/public/contact Redirect 301 /_sf/all-v2.15.js https://www.sitelock.com/public/contact #!!!WARNING!!! Deny/Allow is deprecated in apache > 2.4 and slated to be removed in future deny from .amazonaws.com deny from .googleusercontent.com deny from .internet-census.org deny from .popularglee.com deny from .seznam.cz deny from .sogou.com deny from .twingly.com deny from .y3k0.com deny from .ny.adsl #wp-login Malaysia deny from 1.9.153.148 #1.14.191.23 - - [05/Jul/2021:13:24:07 -0700] "GET / HTTP/1.1" 200 3272 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" deny from 1.14.191.23 deny from 2.90.228.179 deny from 5.9.62.130 deny from 5.9.88.103 deny from 5.9.89.170 deny from 5.9.104.83 deny from 5.9.111.70 #abuseipdb - 59% - Amsterdam deny from 5.39.217.208 deny from 5.104.241.0/24 deny from 5.104.241. #5.188.210.4 - - [05/Jul/2021:07:04:55 -0700] "GET /wp-includes/upload_index.php?auth=f02pz3831W0DTtLgq26L HTTP/1.0" 401 228 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36" deny from 5.108.210.4 # abuseipdb - luxumberg (paired with 193.56.252.252 ireland) 5.253.204.102 - - [05/Jul/2021:16:03:26 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" deny from 5.153.204.102 #ec2-13-213-36-107.ap-southeast-1.compute.amazonaws.com - - [04/Jul/2021:07:17:04 -0700] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" deny from 13.213.36.107 # wp-login from Maylasia deny from 14.192.211.42 deny from 23.91.71.239 #tried to post to mail.php - colorcrossing atlanta, evil per abuseipdb deny from 23.94.177.135 #wp hacker - colorcrossing deny from 23.95.20.6 deny from 23.100.232.233 deny from 23.225.169.106 #23.235.210.218 my ip #zoom-info bot deny from 29.51.237.35 #wp-login attack deny from 31.209.13.28 #snooping for autodiscover deny from 34.245.104.10 #web attack per abuseipdb aws Portland deny from 35.164.153.80 #web attack per ab useipdb awas Portland deny from 35.166.214.66 #wp hacker deny from 35.198.105.76 #wp-login hacker deny from 35.221.181.187 #zoom info bot deny from 35.237.51.29 #36.110.147.100 - - [04/Jul/2021:06:44:16 -0700] "GET / HTTP/2.0" 200 1713 "http://www.sogou.com/web?query=site%3Afastbk.com" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" deny from 36.110.147.100 deny from 37.115.112.228 deny from 37.143.123.92 #russia - .git HEAD attack deny from 37.194.176.53 deny from 37.229.253.71 deny from 39.35.218.61 deny from 39.155.215.0/24 #wp hacker deny from 40.71.123.71 #looking for .env from Microsoft, confirm abuseipdb deny from 40.76.233.157 #very weird b2evo1 login request, though abuseipdb claims it is a bing bot and whitelisted deny from 40.77.167 #40.77.167.105 - - [29/Jun/2021:16:18:35 -0700] "GET /XzU3NTd4VzYyMTVSZWk= HTTP/1.1" 301 247 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" #wp hacker deny from 40.113.247.153 #host-41.45.98.99.tedata.net - - [03/Jul/2021:08:24:41 -0700] "GET /wp-login.php HTTP/1.1" 301 239 "" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/8745E8" deny from 41.45.98.99 #attempted wp-login Nigeria deny from 41.58.214.57 #static.41.129.55.162.clients.your-server.de - - [04/Jul/2021:06:53:13 -0700] "GET /wp-content/plugins/t_file_wp/t_file_wp.php?test=hello HTTP/1.1" 404 236 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" deny from 41.129.55.162 #wp-login probe deny from 42.189.69.182 deny from 42.236.10. deny from 42.236.104.26 #jjxy.goldmanfun.com - - [06/Jul/2021:06:28:46 -0700] "GET /config.bak.php HTTP/1.1" 404 3271 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" #per abuseipdb - ireland deny from 45.8.194.165 #placeholder.sitelock.com - could not resolve, this is the sitelock ip deny from 45.60 #placeholder.sitelock.com - could not resolve, this is the sitelock ip deny from 45.60.102.54 #sitelock deny from 45.79.71.25 #evil per abuseipdb, moscow, russia 45.90.44.132 - - [07/Jul/2021:17:06:17 -0700] "HEAD /js/jquery/jquery-migrate.js HTTP/1.1" 404 - "https://fastbk.com/wp-includes/js/jquery/jquery-migrate.js" "Mozilla/5.0 (Windows NT 6.3; WOW64; rv:43.0) Gecko/20100101 Firefox/51.0" deny from 45.90.44.132 #tried to post to mail.php after I removed it deny from 45.91.5.0/24 #45.91.22.220 - - [04/Jul/2021:06:58:04 -0700] "POST /xmlrpc.php HTTP/1.1" 403 228 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36" deny from 45.91.22.220 deny from 45.133.154.0/24 deny from 45.133.172.124 deny from 45.135.224.0/24 deny from 45.139.70.0/24 deny from 45.145.18.0/24 deny from 46.4.97.116 deny from 46.4.116.197 deny from 46.4.120.0 deny from 46.4.123.172 #Malta - wp-login deny from 46.11.24.166 deny from 46.118.124.89 deny from 46.118.125.174 deny from 46.118.155.165 deny from 46.119.116.109 deny from 46.161.9.22 deny from 46.161.9.61 # bork crawler-46-246-64-21.twingly.com - - [04/Jul/2021:16:46:54 -0700] "GET / HTTP/1.1" 200 234 "-" "Twingly Recon" deny from 46.246.64.21 #wp-login probe deny from 47.29.164.19 deny from 47.147.209.230 #sogouspider-49-7-20-65.crawl.sogou.com - - [04/Jul/2021:13:12:46 -0700] "GET / HTTP/1.1" 301 231 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" deny from 49.7.20 #sogu bot deny from 49.7.20.78 deny from 49.7.21 #sogu bot #deny from 49.7.21.76 #sogu bot #deny from 49.7.21.127 #sogu bot #deny from 49.7.21.131 deny from 49.146.33.72 deny from 50.63.202.32 #ec2-50-112-68-230.us-west-2.compute.amazonaws.com - - [04/Jul/2021:00:26:11 -0700] "GET / HTTP/1.1" 301 228 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" deny from 50.112.68.230 deny from 52.3.250.100 #ec2-52-12-119-150.us-west-2.compute.amazonaws.com - - [05/Jul/2021:08:25:10 -0700] "GET / HTTP/1.1" 200 7570 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" deny from 52.12.119.150 #ec2-52-12-168-206.us-west-2.compute.amazonaws.com - - [04/Jul/2021:07:26:33 -0700] "GET /favicon.ico HTTP/1.1" 301 244 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" deny from 52.12.168.206 deny from 52.23.177.211 deny from 52.33.237.25 #ahrefsbot deny from 52.34.88.13 #web attack aws Denver per abuseipdb deny from 52.36.31.206 deny from 52.87.172.202 #ec2-52-88-71-231.us-west-2.compute.amazonaws.com - - [04/Jul/2021:07:41:35 -0700] "GET /favicon.ico HTTP/1.1" 404 236 "http://ridesbyscott.com/favicon.ico" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" deny from 52.88.71.231 deny from 52.91.152.101 #attempt to access .env deny from 52.188.9.246 #52.247.216.96 - - [04/Jul/2021:17:10:21 -0700] "GET /autodiscover/autodiscover.xml HTTP/1.1" 400 52 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" deny from 52.247.216.96 #ahrefsbot deny from 54.36.148 #ahrefsbot deny from 54.36.148.48 #ahrefsbot deny from 54.36.148.55 #ahrefsbot deny from 54.36.148.56 #ahrefsbot deny from 54.36.148.60 #ahrefsbot deny from 54.36.148.135 #ahrefsbot deny from 54.36.148.168 #ahrefsbot deny from 54.36.148.208 #ahrefsbot deny from 54.36.148.220 #ahrefsbot deny from 54.36.148.250 #ahrefsbot deny from 54.36.149 #ahrefsbot deny from 54.36.149.13 #ahrefsbot deny from 54.36.149.105 # US - amazon.com - ec2-54-67-59-131.us-west-1.compute.amazonaws.com - abuseipdb 92% evil #ns559934.ip-54-39-105.net - - [04/Jul/2021:20:42:02 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 54.39.105.88 deny from 54.67.59.131 # attack Portland aws per abuseipdb #deny from 54.149.111.40 # US - Ashburn VA -- c2-54-161-237-174.compute-1.amazonaws.com Mauibot all day DDoS attack (accessed legit files, 3 per sec. all day long) #deny from 54.161.237.174 # attack, aws portland and per abuseipdb #deny from 54.189.230.128 #attack Portland aws per abuseipdb #deny from 54.190.41.204 #ec2-54-190-227-202.us-west-2.compute.amazonaws.com - - [04/Jul/2021:07:26:17 -0700] "GET / HTTP/1.1" 301 233 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" #deny from 54.190.227.202 #ec2-54-202-17-197.us-west-2.compute.amazonaws.com - - [04/Jul/2021:07:41:07 -0700] "GET / HTTP/1.1" 200 7570 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" #deny from 54.202.17.197 #ec2-54-213-1-227.us-west-2.compute.amazonaws.com - - [04/Jul/2021:00:26:38 -0700] "GET /favicon.ico HTTP/1.1" 301 239 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" deny from 54.213.1.227 #ec2-54-213-199-174.us-west-2.compute.amazonaws.com - - [04/Jul/2021:00:30:54 -0700] "GET /favicon.ico HTTP/1.1" 301 239 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.97 Safari/537.36" deny from 54.213.199.174 deny from 54.236.29.52 #linkdex.com seos deny from 54.243.7.187 #web attack aws Portland per abuseipdb deny from 54.244.166.191 #amazon data services Japan - Singapore deny from 54.254.212.88 #58.8.152.207 - - [05/Jul/2021:09:24:24 -0700] "GET /?utm=semalt.com HTTP/1.1" 401 228 "https://semalt.com-----google.com/?q=semalt" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36" deny from 58.8.152.207 #evil, per abuseipdb - China deny from 58.53.128.148 #sogu crawler deny from 58.250.125.113 deny from 60.8.123.0/24 deny from 60.168.49.91 deny from 60.242.171.91 deny from 60.168.254.163 #61.84.145.230 - - [06/Jul/2021:17:20:58 -0700] "GET / HTTP/1.1" 200 4215 "https://bork.fastbk.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/537.36" deny from 61.84.145.230 deny from 62.138.8.181 #wp hacker germany per abuseipdb deny from 62.171.152.145 #knowledge AI abuseipdb Fremont, CA deny from 64.62.252.163 #wp-login deny from 64.225.16.11 #64.225.79.191 - - [25/Jun/2021:06:12:49 -0700] "GET /xmlrpc.php?rsd HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36" deny from 64.225.79.191 #netcraft deny from 64.225.57.104 deny from 64.246.161.30 #abuseipdb - iraq - .20.155.242 - - [05/Jul/2021:23:11:30 -0700] "GET / HTTP/1.1" 200 1120 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36" deny from 65.20.155.242 #in abuseipdb whitelist palo alto networks, but lots of reports and why are they knocking on sf? deny from 65.154.226.165 #66.23.252.226 - - [23/Jun/2021:12:13:00 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 66.23.252.226 #wp-login Houston, US deny from 66.135.187.115 #crawl-66-249-65-15.googlebot.com - - [04/Jul/2021:06:23:24 -0700] "GET /b2evo1/htsrv/login.php?action=lostpassword&redirect_to=%2Fb2evo1%2Fblog3.php%2F2019%2F09%2F%3Fdisp%3Dposts%26m%3D201909%26posts%3D100&return_to=%2Fb2evo1%2Fblog3.php%2F2019%2F09%2F%3Fdisp%3Dposts%26m%3D201909%26posts%3D100 HTTP/1.1" 200 4998 "-" "Mozilla/5.0 (Linux; Android 6.0.1; Nexus 5X Build/MMB29P) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.90 Mobile Safari/537.36 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" #attack include 15 17 and 19 deny from 66.249.65.15 deny from 66.249.65.17 deny from 66.249.65.19 #68.183.231.120 - - [25/Jun/2021:03:10:45 -0700] "GET /xmlrpc.php?rsd HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" deny from 68.183.231.120 deny from 69.30.234.2 #Reston, VA verisign.com 19% evil abuseipdb deny from 69.58.178.56 deny from 69.58.178.59 deny from 70.119.100.27 #wp-login probe deny from 71.48.238.186 #probe /temp/phpinfo().html ??? deny from 71.172.156.10 deny from 71.215.102.132 deny from 73.157.93.235 #wp hacker deny from 75.119.198.100 deny from 76.28.253.21 #100% abuseipdb - 76.72.172.167 - - [05/Jul/2021:06:35:24 -0700] "GET / HTTP/2.0" 206 1713 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0" deny from 76.72.172.167 #seznam deny from 77.75 #seznam bot Czech Republic #77-75-76-166 #deny from 77.75.76.171 #deny from 77.75.76.172 #seznam bot #deny from 77.75.77 #deny from 77.75.77.17 #deny from 77.75.77.72 #seznam bot #deny from 77.75.78 #deny from 77.75.78.161 #deny from 77.75.78.166 #deny from 77.75.78.167 #deny from 77.75.78.169 #deny from 77.75.78.170 #seznam #deny from 77.75.79.72 #seznam #deny from 77.75.79.119 #wp-config probe deny from 77.247.181.163 deny from 78.11.209.225 deny from 78.46.174.19 deny from 78.47.224.245 # Greece - hosted-by.enahost.com - synapsecom.gr wordpress attack deny from 78.108.46.132 #delta.veridyen.com - - [03/Jul/2021:07:20:27 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 78.142.209.104 #wp-login probe deny from 79.106.209.245 deny from 81.198.190.41 #web01.extendeez.com - - [04/Jul/2021:21:25:43 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 82.97.10.156 deny from 82.115.13.165 #wp hacker deny from 82.156.101.17 deny from 82.193.102.149 deny from 83.136.45.172 #wp-login probe deny from 83.139.133.45 deny from 85.195.118.42 # semrush bot deny from 85.208.98.2* #deny from 85.208.98.22 #deny from 85.208.98.27 # spare.namesco.net - attempted to access admin wordpress file deny from 85.233.160.31 #web attack Romania per abuseipdb deny from 86.104.194.104 #ukraine - abuseipdb - 100% evil deny from 86.110.117.10 #wp-login probe deny from 86.194.106.202 deny from 86.238.153.183 #mail.sinask.ir - - [05/Jul/2021:16:12:09 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 87.107.124.28 deny from 87.250.20.164 #wp-login probe deny from 89.42.216.96 #hacker abuseipdb - Romania deny from 89.136.31.149 deny from 89.234.157.254 #apache3.cp247.net - - [03/Jul/2021:01:04:43 -0700] "GET /wordpress/wp-admin/ HTTP/1.1" 301 247 "http://daltrey.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36" deny from 89.238.188.8 deny from 91.121.86.136 deny from 91.121.97.49 #ServerAstra Hungary deny from 91.219.236.171 deny from 91.227.33.3 #"GET /:8880/get_password.php HTTP/1.0" 404 236 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36" deny from 94.23.33.67 deny from 93.115.95.206 #93.158.91.247 - - [06/Jul/2021:12:12:32 -0700] "GET / HTTP/1.1" 200 1713 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 11.1; rv:84.0) Gecko/20100101 Firefox/84.0" abuseipdb - sweden deny from 93.158.91.247 #kd02.stebio.at abuseipdb 100% evil vienna deny from 93.189.30.194 deny from 94.189.139.139 #wp-login probe deny from 95.32.64.243 deny from 95.88.251.12 #fetcher16-31.go.mail.ru - - [02/Jul/2021:11:01:57 -0700] "GET /site_map.xml HTTP/1.1" 406 300 "-" "Mozilla/5.0 (compatible; Linux x86_64; Mail.RU_Bot/2.0; +http://go.mail.ru/help/robots)" deny from 95.163.255.180 #fetcher16-40.go.mail.ru - - [02/Jul/2021:11:01:55 -0700] "GET /robots.txt HTTP/1.0" 406 300 "-" "Mozilla/5.0 (compatible; Linux x86_64; Mail.RU_Bot/2.0; +http://go.mail.ru/help/robots)" deny from 95.163.255.189 #wp-login probe deny from 97.107.135.87 #mm-101-254-57-86.static.mgts.by - - [02/Jul/2021:08:44:34 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 101.254.57.86 deny from 103.41.36.48 #wp-login probe deny from 103.106.98.112 # "GET /wp-login.php HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1" deny from 103.200.39.6 #103.241.205.82 - - [05/Jul/2021:08:42:14 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 103.241.205.82 deny from 104.25.20.37 deny from 104.130.124.209 deny from 104.140.4.136 deny from 104.140.4.238 #US - Glenview IL - intelium.com - unidentified bot, questionable per abuseipdb deny from 104.192.74.43 deny from 104.193.88.243 deny from 104.193.88.244 #zoom info bot deny from 104.196.17.158 #wp hacker deny from 104.197.165.66 deny from 104.227.112.142 deny from 104.238.248.15 #sogu deny from 106.38.241 #deny from 106.38.241.118 #sogouspider-106-38-241-170.crawl.sogou.com - - [04/Jul/2021:09:27:36 -0700] "GET / HTTP/1.1" 200 1120 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" #sogu #deny from 106.38.241.182 deny from 107.21.1.8 deny from 107.150.59.98 deny from 107.152.196.243 deny from 107.152.254.91 deny from 107.172.134.148 deny from 107.172.150.61 #wp-admin probe deny from 108.167.188.185 deny from 109.202.107.20 #110.249.201.70 - - [05/Jul/2021:07:22:34 -0700] "GET /robots.txt HTTP/1.1" 403 228 "-" "Mozilla/5.0 (Linux; Android 5.0) AppleWebKit/537.36 (KHTML, like Gecko) Mobile Safari/537.36 (compatible; Bytespider; https://zhanzhang.toutiao.com/)" deny from 110.249.201 #deny from 110.249.201.0/24 deny from 110.249.202.0/24 #china hacking on b2evo1 deny from 111.197 #111.202.100.82 - - [03/Jul/2021:18:23:04 -0700] "GET / HTTP/1.1" 200 1120 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" deny from 111.202.100.82 #china hacking on b2evo1 deny from 111.225 #deny from 111.225.149.0/24 #china, reported abuseipdb deny from 112.5.234.143 #china, reported abuseipdb deny from 112.5.236.207 # SEO from China deny from 112.5.248.142 deny from 112.111.184.153 deny from 112.111.184.176 deny from 112.111.188.15 deny from 112.111.189.180 deny from 112.111.191.141 deny from 112.111.191.182 deny from 115.89.123.121 deny from 115.221.19.191 deny from 117.26.242.143 deny from 117.26.242.191 #Bangladesh - wp-login deny from 117.103.86.14 #ThinkBot test phase deny from 118.24.106.70 deny from 119.94.190.82 deny from 119.188.64.4 #Hanghou, Zeijiang China - aliyun.com 50% evil abuseipdb / active attack on pdf systems deny from 120.78.72.59 #wp-login probe deny from 120.239.27.31 #wp-login probe deny from 121.42.138.121 #121.180.254.117 - - [22/Jun/2021:08:46:17 -0700] "GET /wp-login.php HTTP/1.1" 404 236 "http://fastbk.com/wp-login.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.198 Safari/A45269" deny from 121.180.254.117 deny from 121.200.54.100 deny from 121.207.88.248 deny from 123.30.175 #china, abuseipdb deny from 123.114.7.7 #sogouspider-123-183-224-15.crawl.sogou.com - - [02/Jul/2021:05:37:40 -0700] "GET / HTTP/1.1" 200 1113 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" deny from 123.183.224 #deny from 123.183.224.15 #sogu #deny from 123.183.224.89 #sogouspider-123-183-224-96.crawl.sogou.com - - [02/Jul/2021:09:25:37 -0700] "GET / HTTP/1.1" 200 1113 "-" "Sogou web spider/4.0(+http://www.sogou.com/docs/help/webmasters.htm#07)" deny from 124.72.196.247 deny from 124.72.196.135 #zl-dal-us-gp1-wk122.internet-census.org - - [06/Jul/2021:11:29:13 -0700] "GET / HTTP/1.1" 200 1713 "http://www.fastbk.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36" - see abuseipdb deny from 128.14.209.242 deny from 128.68.143.181 deny from 129.121.176.186 #129.213.147.45 - - [04/Jul/2021:23:30:43 -0700] "GET /wp-admin/install.php HTTP/1.1" 301 242 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36" deny from 129.213.147.45 #wp-admin probe deny from 131.153.37.2 #polecat.cs.uni-bonn.de - - [03/Jul/2021:22:43:38 -0700] "GET / HTTP/1.1" 200 1120 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.79 Safari/537.36" #evil per abuseipdb deny from 131.220.6.152 #netcraft deny from 134.122.3.187 #netcraft deny from 134.122.7.14 #-digital ocean netcraft survey agent deny from 134.122.9.28 #wp hacker deny from 134.122.28.82 deny from 136.243.152.18 deny from 137.74.203.0/24 #wp-login probe deny from 138.59.24.134 #wp hacker deny from 138.128.178.194 deny from 138.197.111.146 #139.180.135.194.vultr.com - - [05/Jul/2021:17:28:01 -0700] "GET //sito/wp-includes/wlwmanifest.xml HTTP/1.1" 301 259 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" #deny from 139.180.135.194 #deny from 139.199.62.227 #deny from 139.199.63.33 #141-8-142-67.spider.yandex.com - - [04/Jul/2021:13:10:58 -0700] "GET /3ja2B38656rja2xO1001Aa HTTP/1.1" 404 236 "-" "Mozilla/5.0 (compatible; YandexBot/3.0; +http://yandex.com/bots)" deny from 141.8.142.67 #wp hacker deny from 142.4.30.31 deny from 142.4.218.156 #searching for .env deny from 142.93.212.48 #zoom bot deny from 143.106.73.34 deny from 144.76.7.106 deny from 144.76.8.132 deny from 144.76.29.66 deny from 144.76.4.148 deny from 144.172.195.90 #wp hacker deny from 145.131.25.136 #wp hacker deny from 146.70.25.76 #St Petersburg sazonhost.net 77% abuseipdb deny from 146.185.223.150 deny from 146.185.223.240 deny from 149.56.97.122 #St. Petersburg, Russian Federation, sazonhost.net, 85% evil abuseipdb deny from 146.185.223.252 #ip-148-72-215-37.ip.secureserver.net - - [04/Jul/2021:07:58:00 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 148.72.215.37 deny from 149.154.71.233 deny from 150.107.0.113 #252.ip-151-80-141.eu - - [04/Jul/2021:06:41:27 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 151.80.141.252 #belarus, chacking favicon only deny from 151.249.145.207 #multiple wp phrases: 152.67.52.194 - - [03/Jul/2021:10:50:40 -0700] "GET /wp-login.php HTTP/1.1" 401 228 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 152.67.52.194 #bork - 152.67.251.185 - - [05/Jul/2021:20:14:58 -0700] "GET / HTTP/1.1" 200 3645 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" deny from 152.67.251.185 #wp-login probe deny from 152.168.255.232 #tried to post to mail.php, evil per abuseipdb, datacamp, france deny from 156.146.63.156 #microsoft hong kong - 1% evil but listed as white listed abuseipdb deny from 157.55.39 #157.55.39.120 - - [29/Jun/2021:16:22:18 -0700] "GET /ddfsw5610pdfsqK1001K HTTP/1.1" 301 247 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" #157.55.39.120 - - [29/Jun/2021:16:30:39 -0700] "GET /MWxkbGE5NzIxTWxkQTQwNTEzVGRscWlr HTTP/1.1" 301 263 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" #netcraft deny from 157.245.124.17 #wp uploader attack deny from 158.69.101.124 #zoominfo bot deny from 158.96.237.35 #158.101.112.12 - - [22/Jun/2021:01:19:33 -0700] "GET /.env HTTP/1.1" 404 236 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.129 Safari/537.36" deny from 158.101.112.12 #netcraft deny from 159.65.160.143 #netcraft deny from 159.65.165.186 #unknown wp-login search deny from 159.65.219.142 #bork - 159.75.134.201 - - [05/Jul/2021:14:45:07 -0700] "GET / HTTP/1.1" 200 3645 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" deny from 159.75.134.201 #looking for wp-login deny from 159.203.105.141 #159.242.234.47 - - [22/Jun/2021:01:22:39 -0700] "GET /xmlrpc.php?rsd HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4240.193 Safari/537.36" deny from 159.242.234.47 #looking for .env deny from 159.242.234.67 deny from 160.153.147.153 #netcraft deny from 161.35.134.128 #netcraft deny from 161.35.134.170 #netcraft deny from 161.35.141.66 #netcraft deny from 161.35.176.71 #netcraft deny from 161.35.188.84 #ninja-crawler103.webmeup.com - - [02/Jul/2021:16:40:28 -0700] "GET /robots.txt HTTP/1.1" 406 300 "-" "Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/)" #abuseipdb - germany - adiaboreha.com - - [06/Jul/2021:02:17:26 -0700] "GET //wp1//installer.php HTTP/1.1" 403 1269 "-" "Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:28.0) Gecko/20100101 Firefox/28.0" deny from 161.97.175.100 deny from 162.55.85.222 deny from 164.132.161.0/24 deny from 164.132.162.0/24 deny from 163.172.4.153 deny from 163.172.32.175 deny from 163.172.35.99 deny from 163.172.149.96 deny from 163.172.64.0/24 deny from 163.172.65.0/24 deny from 163.172.66.0/24 deny from 163.172.68.121 deny from 163.172.71.0/24 deny from 163.172.161.0/24 deny from 164.132.161.60 deny from 164.132.162.0/24 #162.55.129.41 - - [04/Jul/2021:06:57:10 -0700] "POST /wp-includes/css/wp-config.php HTTP/1.1" 403 228 "anonymousfox.co" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36" deny from 162.55.129.41 #165.22.209.132 - - [05/Jul/2021:09:12:55 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 165.22.209.132 #66.160.140.184 - - [06/Jul/2021:03:51:42 -0700] "GET /robots.txt HTTP/1.1" 200 255 "-" "The Knowledge AI" deny from 66.160.140.184 #netcraft deny from 167.99.114.225 #wp hacker deny from 167.114.156.15 deny from 171.12.10.121 deny from 173.208.157.186 deny from 173.212.207.251 deny from 173.234.153.122 deny from 173.234.159.250 #wp hacker deny from 173.236.170.203 #ipvanish vpn 173-245-202-60.ipvanish.com - - [04/Jul/2021:12:06:24 -0700] "GET /b2evo1/blog1.php/brother-mfc6920dw-won-t-turn HTTP/2.0" 404 236 "https://www.google.com/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36" deny from 173.245.202.60 #thinkbot test phase deny from 175.24.232.97 # ukraine hack 100% deny from 176.8.89.33 deny from 176.9.10.227 deny from 176.112.49.187 #ukraine deny from 176.122.2.143 #brazil, looking for exploit in the etm software deny from 177.37.140.192 deny from 177.141.155.64 deny from 178.63.19.22 deny from 178.63.19.148 #178.128.14.204 - - [04/Jul/2021:20:50:13 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 178.128.14.204 deny from 178.137.83.166 deny from 178.159.37.112 #abuseipdb - Moldova ae0-3101.cr01.ch.md.as43289.net - - [05/Jul/2021:22:41:25 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36" deny from 178.175.129.41 deny from 178.184.223.136 deny from 178.210.90.90 #wp-login probe deny from 179.220.52.128 deny from 179.158.81.96 deny from 180.97.35.165 deny from 180.191.126.238 deny from 183.160.1.109 deny from 183.160.3.206 deny from 183.160.121.235 deny from 183.160.122.195 #snooping around for .js in _sf?? claims sometimes to be sitelock #deny from 184.154.76.35 #deny from 184.154.139.18 #deny from 184.154.139.19 #suspicious - "http://www.google.com/url?url=www.daltrey.org&yahoo.com" - claims to be sitelock crawler, abuseipdb says bad at least 18-21 #deny from 184.154.139.21 deny from 185.2.4.118 #
vps-64243.fhnet.fr - - [06/Jul/2021:15:30:10 -0700] "GET / HTTP/1.1" 200 4215 "-" "Mozilla 5.0" aka 185.13.37.134 france deny from 185.13.37.134 #hack probing from latvia deny from 185.29.8.34 deny from 185.38.14.215 deny from 185.53.44.188 deny from 185.93.182.134 # netherlands - s10.domeinwinkel.nl - attempted to retrieve wordpress admin file deny from 185.103.173.100 #wp-login probe deny from 185.121.211.53 #100% evil per abuseipdb - Brussels deny from 185.180.143.148 #semrush 100% evil per abuseipdb deny from 185.191.171 #wp-login deny from 185.213.170.15 #185.220.101.201 - - [05/Jul/2021:11:58:05 -0700] "GET /.git/config HTTP/1.1" 404 236 "-" "Go-http-client/1.1" deny from 185.220.101.201 deny from 185.234.218.249 # hm2504.locaweb.com.br - attempted wordpress admin file deny from 187.45.193.159 #wp-login probe deny from 187.67.31.163 deny from 187.137.68.166 #wp-login probe deny from 187.188.9.211 deny from 188.163.75.37 #vss125.yakoo.com.hk - - [03/Jul/2021:08:48:30 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 188.166.247.170 deny from 188.186.60.31 #wp hacker deny from 188.225.40.162 #bace8db8.virtua.com.br - - [06/Jul/2021:15:22:23 -0700] "GET / HTTP/1.1" 200 4215 "http://drjuicepharma.co.uk/wp-login.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36" deny from 189.6.48.3 deny from 189.216.166.40 #190.119.238.15 - - [04/Jul/2021:07:53:35 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 190.119.238.15 #191.96.100.239 - - [02/Jul/2021:06:36:46 -0700] "GET /.env HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" deny from 191.96.100.239 #fastbk hijack user from Brussels deny from 192.71.249.158 deny from 192.126.157.145 deny from 192.126.166.241 deny from 192.126.163.122 deny from 192.151.149.10 deny from 192.160.102.165 #server.premiumchex.com - - [03/Jul/2021:08:47:05 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 192.185.130.170 deny from 192.187.104.235 deny from 192.241.210.101 deny from 192.243.53.51 deny from 193.33.94.3 deny from 193.41.60.108 #abuseipdb - ireland - 193.56.252.252 - - [05/Jul/2021:16:03:46 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36" #paired with 5.253.204.102 - - [05/Jul/2021:16:03:26 -0700] "GET /linux/DBFlashRC58.exe HTTP/1.1" 200 406528 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0" deny from 193.56.252.252 # Ukraine - infiumhost.com - 100% evil, abuseipdb deny from 193.106.30.98 deny from 193.106.30.99 #romania - checking rss (all of the 193.169's) deny from 193.169.20.68 deny from 193.169.20.185 deny from 193.169.20.220 deny from 193.169.21.58 deny from 193.169.21.139 deny from 193.169.21.165 deny from 193.169.21.201 deny from 193.169.21.243 # autodiscover probe deny from 193.169.145.194 #romania deny from 193.178.224.127 deny from 193.178.224.237 deny from 193.178.225.235 deny from 194.6.202.0/24 #194.99.24.205 - - [05/Jul/2021:07:32:30 -0700] "GET /__media__/js/netsoltrademark.php?d=kt5hwmpbzu.com HTTP/1.1" 404 236 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36" deny from 194.99.24.205 deny from 194.187.248.10 deny from 195.0.0.0/8 deny from 195.2.219.48 deny from 195.28.182.35 deny from 195.93.140.3 deny from 195.128.188.3 deny from 195.154.161.171 deny from 195.210.44.203 deny from 195.254.141.0/24 #South Africa - vts-connect-gw.telkom-ipnet.co.za - - [05/Jul/2021:10:56:21 -0700] "GET /administrator/ HTTP/1.1" 301 241 "http://fastbk.com/administrator/" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" deny from 196.25.251.106 # cpanel7.mywebserver.co.za - cybersmart.co.za - South Africa -- attempted wordpress admin file deny from 196.41.123.146 deny from 196.196.253.83 #198-23-221-30-host.colocrossing.com - - [05/Jul/2021:13:13:30 -0700] "GET / HTTP/1.1" 200 3272 "-" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/44.9.5483.20 Safari/537.36" deny from 198.23.221.30 #looking for wp-login deny from 198.27.69.82 deny from 198.245.49.215 deny from 199.19.104.163 #wp hacker deny from 199.188.204.131 #zequn - China - reported as spammer at abuseipdb deny from 202.46.48.91 #looking for adminstrator, from Cambodia deny from 203.80.171.67 #wp-login probe deny from 203.128.31.153 deny from 203.158.160.14 deny from 204.79.180.4 deny from 204.85.191.31 deny from 204.152.203.157 #sf1 hack attempt abuseipdb centurylink arkansas deny from 205.169.39.8 deny from 205.234.159.77 deny from 206.214.82.186 #bing bot abuseipdb thinks whitelist, but definitely evil per logs deny from 207.46.13 #207.46.13.165 - - [29/Jun/2021:16:18:20 -0700] "GET /2gemcS18082Vgemp770jemc HTTP/1.1" 301 250 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" #207.46.13.109 - - [29/Jun/2021:16:29:43 -0700] "GET /ODB1OGxRNTEyNjVZMHU4bHEvNTI1NEJ1OGw= HTTP/1.1" 301 267 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" #wp-login probe deny from 207.99.15.4 #207.154.215.89 - - [04/Jul/2021:21:24:21 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 207.154.215.89 deny from 207.244.149.106 #softlayer San Jose - attacked /admin deny from 208.83.1.168 #wp hacker deny from 208.92.244.35 deny from 208.110.93.76 #ip-208-109-8-126.ip.secureserver.net - - [03/Jul/2021:07:40:55 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 208.109.8.126 #fsndc1.fastnet.my.id - - [05/Jul/2021:10:32:18 -0700] "GET /wp-login.php HTTP/1.1" 406 300 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" deny from 209.126.13.151 #fedorait network lvstreamthenet Las Vegas 97% highly reported abouse deny from 209.141.45.6 #Winnepeg, Manitoba - mega repeated hits on blog deny from 209.177.100.29 #vm2413703.nvme.had.wf - - [04/Jul/2021:12:16:07 -0700] "GET / HTTP/1.0" 200 1120 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/71.0.3578.98 Safari/537.36" see abuseipdb deny from 212.8.246.4 deny from 212.47.229.189 #Sweden - looking for wp-login deny from 213.64.73.190 deny from 213.251.182.115 deny from 213.251.184.38 #mozbot seo spammer deny from 216.244.66 #216.244.66.227 #deny from 216.244.66.228 #dot.bot, SEO spammer Moz, Inc. deny from 216.244.66.241 #mail.ru deny from 217.69.133. deny from 217.182.132.27 #china trackback spam deny from 219.136.75.198 #china action unclear deny from 220.181.108.111 #china - excess b2evo1 queries, possible login attempte deny from 220.243.135.0/24 deny from 220.243.136.0/24 deny from 220.243.188 #pakistan wp-login hack deny from 221.120.215.18 deny from 221.175.239.205 deny from 221.175.255.86 deny from 222.97.39.100 #wp hacker deny from 223.204.101.199 #########autoban########