๐ฉ๐ช
thesimonmanuel
2026-07-16 10:38:52
(2 hours ago)
168.144.150.111 - - [16/Jul/2026:16:08:52 +0530] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 302 5 " ...
show more
168.144.150.111 - - [16/Jul/2026:16:08:52 +0530] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "-"
show less
Web App Attack
๐ณ๐ฑ
ParaBug
2026-07-15 16:35:11
(20 hours ago)
168.144.150.111 - - [15/Jul/2026:18:35:11 +0200] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 40 ...
show more
168.144.150.111 - - [15/Jul/2026:18:35:11 +0200] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 404 405 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
...
show less
Phishing
Brute-Force
Web App Attack
๐บ๐ธ
ruusvuu
2026-07-15 02:32:40
(1 day ago)
Automated abuse report: 15 attack/probe requests from DigitalOcean, LLC / IN.
Targeted paths: //wp-i ...
show more
Automated abuse report: 15 attack/probe requests from DigitalOcean, LLC / IN.
Targeted paths: //wp-includes/wlwmanifest.xml, //xmlrpc.php, //blog/wp-includes/wlwmanifest.xml, //web/wp-includes/wlwmanifest.xml, //wordpress/wp-includes/wlwmanifest.xml.
Sample log lines:
[rulesandprompts] 07/14/2026, 19:32:38 MST | 168.144.150.111 | GET //site/wp-includes/wlwmanifest.xml 404 172b 0.674 ms | ref=-
[rulesandprompts] 07/14/2026, 19:32:38 MST | 168.144.150.111 | GET //cms/wp-includes/wlwmanifest.xml 404 171b 0.613 ms | ref=-
[rulesandprompts] 07/14/2026, 19:32:38 MST | 168.144.150.111 | GET //sito/wp-includes/wlwmanifest.xml 404 172b 0.579 ms | ref=-
Detected by an automated web-server log monitor.
show less
Web App Attack
๐ณ๐ฟ
Antinson
2026-07-15 02:13:37
(1 day ago)
Scraping with a high error ratio and request rate
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-07-14 23:50:16
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 168.144.150.111 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 168.144.150.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 19:50:12.604174 2026] [security2:error] [pid 15506:tid 15506] [client 168.144.150.111:55465] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.fixmyland.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.fixmyland.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "albLNLKarIyY5WIgoVVH3wAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
cmbplf
2026-07-14 20:07:32
(1 day ago)
2.318 requests from abuseipdb.com blacklisted IP (1yr3mos3w)
Brute-Force
Bad Web Bot
๐ฉ๐ช
LRob
2026-07-14 15:46:46
(1 day ago)
CrowdSec: crowdsecurity/http-probing | req: //wp-includes/wlwmanifest.xml | 10 distinct paths | UA: ...
show more
CrowdSec: crowdsecurity/http-probing | req: //wp-includes/wlwmanifest.xml | 10 distinct paths | UA: -
show less
Port Scan
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 13:52:41
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 168.144.150.111 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 168.144.150.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 09:52:35.705448 2026] [security2:error] [pid 867188:tid 867188] [client 168.144.150.111:60297] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.daisydoesoap.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.daisydoesoap.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alY_IwPyRIpiicSa8mE7wwAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 11:14:17
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 168.144.150.111 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 168.144.150.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 07:14:09.912406 2026] [security2:error] [pid 18644:tid 18644] [client 168.144.150.111:51969] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.montidaunitour.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.montidaunitour.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alYaAdXeWPqKFmMO7EhE-QAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-13 17:20:48
(2 days ago)
IP banned by Fail2Ban due to multiple malicious requests on Nginx
Brute-Force
SSH
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-13 08:29:16
(3 days ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐บ๐ธ
TPI-Abuse
2026-07-13 07:54:25
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 168.144.150.111 (-): 1 in the last 300 secs; Po ...
show more
(mod_security) mod_security (id:225170) triggered by 168.144.150.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 03:54:20.738262 2026] [security2:error] [pid 30785:tid 30785] [client 168.144.150.111:52248] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.smartradios.info|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.smartradios.info"] [uri "/wp-json/wp/v2/users/"] [unique_id "alSZrLpI-2WQ3lk4d2AkygAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
HamSammich
2026-07-12 21:15:52
(3 days ago)
Automated sensor: 3 HTTP connection/probe attempts over the last 24h (latest 2026-07-12T21:15Z).
Brute-Force
Web App Attack
๐ฉ๐ช
strxmpp
2026-07-12 17:40:50
(3 days ago)
168.144.150.111 - - [12/Jul/2026:19:40:49 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 533 ...
show more
168.144.150.111 - - [12/Jul/2026:19:40:49 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 533 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
...
show less
Bad Web Bot
๐น๐ญ
thaizone.com
2026-07-12 09:05:48
(4 days ago)
Brute Force Attack on a Web Application #2
DDoS Attack
Web Spam
Brute-Force
Web App Attack