This IP address has been reported a total of
14
times from
9 distinct
sources.
188.212.135.224 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Aggressive web search of vulnerable pages: /wordpress/wp-includes/ /ALFA_DATA/alfacgiapi/ /wp-includ ...
show moreAggressive web search of vulnerable pages: /wordpress/wp-includes/ /ALFA_DATA/alfacgiapi/ /wp-includes/assets/wp-includes/assets/ /wp-content/m ...
show less
Web App Attack
Anonymous
188.212.135.224 - - [13/Jun/2026:21:26:30 +0200] "GET /wp-content/uploads/goods.php HTTP/1.1" 404 49 ...
show more188.212.135.224 - - [13/Jun/2026:21:26:30 +0200] "GET /wp-content/uploads/goods.php HTTP/1.1" 404 492 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0"
188.212.135.224 - - [13/Jun/2026:21:26:30 +0200] "GET /wp-admin/js/sad.php HTTP/1.1" 404 492 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3"
188.212.135.224 - - [13/Jun/2026:21:26:30 +0200] "GET /wp-includes/sitemaps/wp-conflg.php HTTP/1.1" 404 492 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
188.212.135.224 - - [13/Jun/2026:21:26:30 +0200] "GET /wp-includes/assets/wp-includes/assets/script-loader-packages.php HTTP/1.1" 404 492 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36"
188.212.135.224 - - [13/Jun/2026:21:26:31 +0200] "GET /wp-includes/SimplePie/login.php HTTP/1.1" 404 492
...
show less
Aggressive web search of vulnerable pages: /wp-header.php /Marvins.php /wp-class.php /xx.php /autolo ...
show moreAggressive web search of vulnerable pages: /wp-header.php /Marvins.php /wp-class.php /xx.php /autoload_classmap.php /content.php /web.php /wp-t ...
show less
(mod_security) mod_security (id:222160) triggered by 188.212.135.224 (-): 1 in the last 300 secs; Po ...
show more(mod_security) mod_security (id:222160) triggered by 188.212.135.224 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 09:00:34.279123 2026] [security2:error] [pid 26708:tid 26708] [client 188.212.135.224:0] ModSecurity: Access denied with code 403 (phase 1). String match "wp-content/plugins/wp-easycart/inc/admin/phpinfo.php" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6347"] [id "222160"] [rev "1"] [msg "COMODO WAF: Information disclosure vulnerability in The EasyCart plugin before 2.0.6 for WordPress (CVE-2014-4942)||nyemdr.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "nyemdr.com"] [uri "/wp-content/plugins/wp-easycart/inc/admin/phpinfo.php"] [unique_id "ae4Mciq4yxID9UZVcOwo4QAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Showing 1 to
14
of 14 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ