๐ฎ๐ณ
evicky2002
2026-07-15 06:00:00
(21 minutes ago)
Confirmed malicious by STILWaters CTI platform (score=100, sources=1)
Hacking
Brute-Force
SSH
๐ซ๐ท
SpaceHost-Server
2026-07-14 22:26:15
(7 hours ago)
Brute-Force
Web App Attack
๐ธ๐ฌ
securejdprop
2026-07-14 20:19:09
(10 hours ago)
This IP was detected by CrowdSec triggering custom/vpatch-wlwmanifest.
Hacking
๐ฉ๐ช
macrob
2026-07-14 18:26:41
(11 hours ago)
2026/07/14 18:26:39 [error] 3428139#3428139: *376346394 access forbidden by rule, client: 138.197.34 ...
show more
2026/07/14 18:26:39 [error] 3428139#3428139: *376346394 access forbidden by rule, client: 138.197.34.12, server: antzfund.com, request: "GET /wp-includes/wlwmanifest.xml HTTP/1.1", host: "antzfund.com"
2026/07/14 18:26:39 [error] 3428139#3428139: *376346397 access forbidden by rule, client: 138.197.34.12, server: antzfund.com, request: "GET /xmlrpc.php?rsd HTTP/1.1", host: "antzfund.com"
2026/07/14 18:26:39 [error] 3428139#3428139: *376346390 access forbidden by rule, client: 138.197.34.12, server: antzfund.com, request: "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1", host: "antzfund.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 16:59:54
(13 hours ago)
(mod_security) mod_security (id:225170) triggered by 138.197.34.12 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 138.197.34.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 12:59:49.700221 2026] [security2:error] [pid 4007:tid 4041] [client 138.197.34.12:56747] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||andyboynton.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "andyboynton.com"] [uri "/wordpress/wp-json/wp/v2/users/"] [unique_id "alZrBfOJr9Xkv3y46jl7NgAAABc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
oralunal
2026-07-14 16:30:44
(13 hours ago)
IP banned by Fail2Ban in jail ah-suss access.log mvfnds
...
Bad Web Bot
Web App Attack
Anonymous
2026-07-14 16:08:04
(14 hours ago)
Bot / scanning and/or hacking attempts: GET / HTTP/1.1, GET //wp/wp-includes/wlwmanifest.xml HTTP/1. ...
show more
Bot / scanning and/or hacking attempts: GET / HTTP/1.1, GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1, GET //web/wp-includes/wlwmanifest.xml HTTP/1.1, GET //wp-includes/wlwmanifest.xml HTTP/1.1, GET //website/wp-includes/wlwmanifest.xml HTTP/1.1, GET //news/wp-includes/wlwmanifest.xml HTTP/1.1, GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1, GET //xmlrpc.php?rsd HTTP/1.1, GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 15:33:31
(14 hours ago)
(mod_security) mod_security (id:225170) triggered by 138.197.34.12 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 138.197.34.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 11:33:23.096351 2026] [security2:error] [pid 6230:tid 6230] [client 138.197.34.12:51242] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.americanexportimport.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.americanexportimport.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alZWw-DqeYuF1Sg8r25VwwAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ท๐ด
ICT
2026-07-14 15:19:00
(15 hours ago)
Jul 14 18:18:58 wordpress wordpress(acad-icht.tm.edu.ro)[97198]: XML-RPC authentication attempt for ...
show more
Jul 14 18:18:58 wordpress wordpress(acad-icht.tm.edu.ro)[97198]: XML-RPC authentication attempt for unknown user admin from 138.197.34.12
Jul 14 18:18:59 wordpress wordpress(acad-icht.tm.edu.ro)[97559]: XML-RPC authentication attempt for unknown user admin from 138.197.34.12
Jul 14 18:18:59 wordpress wordpress(acad-icht.tm.edu.ro)[97651]: XML-RPC authentication attempt for unknown user admin from 138.197.34.12
...
show less
Brute-Force
Web App Attack
๐ซ๐ท
bazter.pro
2026-07-14 15:05:11
(15 hours ago)
Fail2Ban: plesk-bot-aggressive - 15 failures
Port Scan
Bad Web Bot
Web App Attack
๐ฉ๐ช
Kreapptivo
2026-07-14 15:04:17
(15 hours ago)
[14/Jul/2026:17:04:16 +0200] Web-Request: "GET //wp-includes/wlwmanifest.xml", User-Agent: "Mozilla/ ...
show more
[14/Jul/2026:17:04:16 +0200] Web-Request: "GET //wp-includes/wlwmanifest.xml", User-Agent: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
show less
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 14:41:12
(15 hours ago)
(mod_security) mod_security (id:225170) triggered by 138.197.34.12 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 138.197.34.12 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 10:41:06.489168 2026] [security2:error] [pid 16090:tid 16090] [client 138.197.34.12:63140] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.abcollie.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.abcollie.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alZKghzeCYtoSKdE1_DkUgAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
zynex
2026-07-14 14:38:07
(15 hours ago)
URL Probing: /fr/wp-includes/wlwmanifest.xml
Web App Attack
๐ฉ๐ช
Marc
2026-07-14 14:34:35
(15 hours ago)
138.197.34.12 - - [14/Jul/2026:16:34:32 +0200] "POST //xmlrpc.php HTTP/1.1" 200 1118 "-" "Mozilla/5. ...
show more
138.197.34.12 - - [14/Jul/2026:16:34:32 +0200] "POST //xmlrpc.php HTTP/1.1" 200 1118 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" 138.197.34.12 - - [14/Jul/2026:16:34:33 +0200] "POST //xmlrpc.php HTTP/1.1" 200 3519 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" 138.197.34.12 - - [14/Jul/2026:16:34:33 +0200] "POST //xmlrpc.php HTTP/1.1" 200 3519 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36"
show less
Brute-Force
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-14 14:26:16
(15 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH