๐บ๐ธ
ph
2026-07-10 14:35:08
(14 hours ago)
Bad web bot attempting to run wp-includes on non-WP site
Hacking
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-10 14:31:53
(14 hours ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
๐ฌ๐ง
OptimusGO
2026-07-10 14:31:51
(14 hours ago)
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Time ...
show more
Malicious activity detected: web_attack
Server: commstackbc (185.127.18.66)
Attack: web_attack
Timestamp: 2026-07-10 15:31:51 UTC
Log evidence:
34.12.145.113 - - [10/Jul/2026:15:29:19 +0100] "GET / HTTP/1.1" 200 615 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
34.12.145.113 - - [10/Jul/2026:15:29:19 +0100] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
34.12.145.113 - - [10/Jul/2026:15:29:19 +0100] "GET /xmlrpc.php?rsd HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
show less
Port Scan
Brute-Force
๐ฉ๐ช
thesimonmanuel
2026-07-10 14:31:28
(15 hours ago)
34.12.145.113 - - [10/Jul/2026:20:01:19 +0530] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "- ...
show more
34.12.145.113 - - [10/Jul/2026:20:01:19 +0530] "GET //wp-includes/wlwmanifest.xml HTTP/1.1" 301 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "-"
show less
Web App Attack
๐ฉ๐ช
ger-stg-sifi1
2026-07-10 14:27:41
(15 hours ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 14:26:49
(15 hours ago)
(mod_security) mod_security (id:225170) triggered by 34.12.145.113 (113.145.12.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 34.12.145.113 (113.145.12.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 10:26:46.640226 2026] [security2:error] [pid 11358:tid 11358] [client 34.12.145.113:57133] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||deals.directnic-support.rocks|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "deals.directnic-support.rocks"] [uri "/wp-json/wp/v2/users/"] [unique_id "alEBJr4kWDFa0rzqJo6x7gAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-10 14:22:20
(15 hours ago)
[redacted] 34.12.145.113 - - [10/Jul/2026:16:22:08 +0200] "POST //xmlrpc.php HTTP/1.1" 200 447 "-" " ...
show more
[redacted] 34.12.145.113 - - [10/Jul/2026:16:22:08 +0200] "POST //xmlrpc.php HTTP/1.1" 200 447 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 34.12.145.113 - - [10/Jul/2026:16:22:10 +0200] "POST //xmlrpc.php HTTP/1.1" 200 447 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 34.12.145.113 - - [10/Jul/2026:16:22:11 +0200] "POST //xmlrpc.php HTTP/1.1" 200 447 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 34.12.145.113 - - [10/Jul/2026:16:22:12 +0200] "POST //xmlrpc.php HTTP/1.1" 200 447 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
[redacted] 34.12.145.113 - - [10/Jul/2026:16:22:13 +0200] "POST //xmlrpc.php HTTP/1.1" 200 447 "-" "Mozilla/5.0 (
...
show less
Hacking
Web App Attack
Anonymous
2026-07-10 14:09:43
(15 hours ago)
34.12.145.113 - - [10/Jul/2026:16:09:41 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 4974 ...
show more
34.12.145.113 - - [10/Jul/2026:16:09:41 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 4974 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
34.12.145.113 - - [10/Jul/2026:16:09:42 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 4989 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
34.12.145.113 - - [10/Jul/2026:16:09:42 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 4986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
34.12.145.113 - - [10/Jul/2026:16:09:42 +0200] "GET /wordpress/wp-includes/wlwmanifest.xml HTTP/1.1" 404 5004 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
34.12.145.113 - - [10/Jul/2026:16:09:42 +0200] "GET /website/wp-includes/wlwmanifest.xml HTTP
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 14:04:23
(15 hours ago)
(mod_security) mod_security (id:225170) triggered by 34.12.145.113 (113.145.12.34.bc.googleuserconte ...
show more
(mod_security) mod_security (id:225170) triggered by 34.12.145.113 (113.145.12.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 10:04:16.653962 2026] [security2:error] [pid 14360:tid 14360] [client 34.12.145.113:60276] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.garanta.co|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.garanta.co"] [uri "/wp-json/wp/v2/users/"] [unique_id "alD74LlnIbY6kFNnJSaD0QAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
taivas.nl
2026-07-10 14:02:11
(15 hours ago)
Bad_requests
Bad Web Bot
๐บ๐ธ
integrantservices.com
2026-07-10 13:56:45
(15 hours ago)
(wordpress) Failed wordpress login from 34.12.145.113 (113.145.12.34.bc.googleusercontent.com)
Brute-Force
๐ฑ๐น
NotACaptcha
2026-07-10 13:54:34
(15 hours ago)
webserver:80 [10/Jul/2026] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 396 "-" "Mozilla/5.0 (Wi ...
show more
webserver:80 [10/Jul/2026] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 396 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
webserver:80 [10/Jul/2026] "GET / HTTP/1.1" 200 444 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
webserver:80 [10/Jul/2026] "GET / HTTP/1.1" 200 445 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
show less
Web App Attack
๐ฉ๐ช
grassau.com
2026-07-10 13:46:27
(15 hours ago)
(wordpress) Failed wordpress login from 34.12.145.113 (NL/The Netherlands/Groningen/Groningen/113.14 ...
show more
(wordpress) Failed wordpress login from 34.12.145.113 (NL/The Netherlands/Groningen/Groningen/113.145.12.34.bc.googleusercontent.com)
show less
Brute-Force
๐ซ๐ฎ
as211431.net
2026-07-10 13:41:14
(15 hours ago)
Triggered Cloudflare WAF (firewallCustom) from NL.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from NL.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: //wp2/wp-includes/wlwmanifest.xml
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฉ๐ช
on-com
2026-07-10 13:40:38
(15 hours ago)
URL scan
Brute-Force
Web App Attack