๐บ๐ฆ
URAN Publishing Service
2026-06-29 13:40:31
(3 days ago)
34.156.126.164 - - [29/Jun/2026:16:40:30 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 ...
show more
34.156.126.164 - - [29/Jun/2026:16:40:30 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.156.126.164 - - [29/Jun/2026:16:40:30 +0300] "GET /xmlrpc.php?rsd HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 13:34:46
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 34.156.126.164 (164.126.156.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:225170) triggered by 34.156.126.164 (164.126.156.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 09:34:38.020311 2026] [security2:error] [pid 19676:tid 19676] [client 34.156.126.164:55371] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||geckoturner.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "geckoturner.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akJ0bqSHVJA68UdYAZHs7QAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
NewGastroline
2026-06-29 13:27:05
(3 days ago)
Malicious request blocked by CrowdSec on gastro-prod1.boreus.de
Bad Web Bot
Web App Attack
๐บ๐ธ
zwebvigil
2026-06-29 13:26:18
(3 days ago)
34.156.126.164 [29/Jun/2026:06:26:16 -0700] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 2721 " ...
show more
34.156.126.164 [29/Jun/2026:06:26:16 -0700] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 2721 "-" port=50083 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "-" "-" "<host>" 926
34.156.126.164 [29/Jun/2026:06:26:17 -0700] "GET //feed/ HTTP/1.1" 404 2677 "-" port=50083 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "-" "-" "<host>" 609
34.156.126.164 [29/Jun/2026:06:26:17 -0700] "GET //xmlrpc.php?rsd HTTP/1.1" 404 2695 "-" port=50083 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "-" "-" "<host>" 984
34.156.126.164 [29/Jun/2026:06:26:17 -0700] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 2731 "-" port=50083 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36" "-" "-"
show less
Web App Attack
๐ซ๐ท
Sklurk
2026-06-29 13:18:39
(3 days ago)
Web App Attack
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-06-29 13:13:50
(3 days ago)
Try to access /xmlrpc.php?rsd
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-29 13:10:30
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 34.156.126.164 (164.126.156.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:225170) triggered by 34.156.126.164 (164.126.156.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 09:10:27.561605 2026] [security2:error] [pid 20652:tid 20652] [client 34.156.126.164:55784] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.furbabieslivesmatter.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.furbabieslivesmatter.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akJuw7rZxdklvD1tB00qXwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐ฉ
Burayot
2026-06-29 13:10:16
(3 days ago)
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 34.156.126.164 (BE/Belgium/164.126. ...
show more
LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 34.156.126.164 (BE/Belgium/164.126.156.34.bc.googleusercontent.com): 1 in the last 3600 secs
show less
Web App Attack
๐ซ๐ฎ
pixiekat
2026-06-29 13:08:18
(3 days ago)
[Mon Jun 29 14:08:18.142490 2026] [authz_core:error] [pid 1691960:tid 1692024] [client 34.156.126.16 ...
show more
[Mon Jun 29 14:08:18.142490 2026] [authz_core:error] [pid 1691960:tid 1692024] [client 34.156.126.164:59792] AH01630: client denied by server configuration: proxy:http://100.79.113.37:8096/
[Mon Jun 29 14:08:18.187857 2026] [authz_core:error] [pid 1691960:tid 1692019] [client 34.156.126.164:59792] AH01630: client denied by server configuration: proxy:http://100.79.113.37:8096/wp-includes/ID3/license.txt
[Mon Jun 29 14:08:18.253810 2026] [authz_core:error] [pid 1691960:tid 1692023] [client 34.156.126.164:59792] AH01630: client denied by server configuration: proxy:http://100.79.113.37:8096/feed/
[Mon Jun 29 14:08:18.386184 2026] [authz_core:error] [pid 1691960:tid 1692020] [client 34.156.126.164:59792] AH01630: client denied by server configuration: proxy:http://100.79.113.37:8096/xmlrpc.php
[Mon Jun 29 14:08:18.423065 2026] [authz_core:error] [pid 1691960:tid 1692022] [client 34.156.126.164:59792] AH01630: client denied by server configuration: proxy:http://100.79.113.37:8096/blog/wp-i
...
show less
Brute-Force
๐จ๐ญ
Origon
2026-06-29 12:58:39
(3 days ago)
http-probing - IP: 34.156.126.164 - time="2026-06-29T14:58:38+02:00" level=info msg="(555f66b4f6a74 ...
show more
http-probing - IP: 34.156.126.164 - time="2026-06-29T14:58:38+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-probing by ip 34.156.126.164 (US/396982) : 4h ban on Ip 34.156.126.164" module=db
show less
Web App Attack
๐ซ๐ท
Guardian
2026-06-29 12:57:39
(3 days ago)
Unauthorized connection attempt / Port scanning (x9)
34.156.126.164 [29/Jun/2026:12:57:39] "GET //wp ...
show more
Unauthorized connection attempt / Port scanning (x9)
34.156.126.164 [29/Jun/2026:12:57:39] "GET //wp-includes/ID3/license.txt HTTP/1.1"
34.156.126.164 [29/Jun/2026:12:57:39] "GET //feed/ HTTP/1.1"
34.156.126.164 [29/Jun/2026:12:57:39] "GET //xmlrpc.php?rsd HTTP/1.1"
34.156.126.164 [29/Jun/2026:12:57:39] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1"
34.156.126.164 [29/Jun/2026:12:57:39] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1"
34.156.126.164 [29/Jun/2026:12:57:39] "GET //wordpress/wp-includes/wlwmanifest.xml HTTP/1.1"
34.156.126.164 [29/Jun/2026:12:57:39] "GET //wp/wp-includes/wlwmanifest.xml HTTP/1.1"
34.156.126.164 [29/Jun/2026:12:57:39] "GET //2020/wp-includes/wlwmanifest.xml HTTP/1.1"
34.156.126.164 [29/Jun/2026:12:57:39] "GET //2019/wp-includes/wlwmanifest.xml HTTP/1.1"
show less
Port Scan
Web App Attack
๐จ๐ญ
backslash
2026-06-29 12:57:00
(3 days ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-29 12:55:12
(3 days ago)
(mod_security) mod_security (id:225170) triggered by 34.156.126.164 (164.126.156.34.bc.googleusercon ...
show more
(mod_security) mod_security (id:225170) triggered by 34.156.126.164 (164.126.156.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 08:55:07.460399 2026] [security2:error] [pid 13840:tid 13840] [client 34.156.126.164:53095] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||frenchla.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "frenchla.com"] [uri "/blog/wp-json/wp/v2/users/"] [unique_id "akJrKyzubBwj1t650goUQgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
webbie
2026-06-29 12:50:17
(3 days ago)
34.156.126.164 - - [29/Jun/2026:14:50:16 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 436 ...
show more
34.156.126.164 - - [29/Jun/2026:14:50:16 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 436 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.156.126.164 - - [29/Jun/2026:14:50:16 +0200] "GET /feed/ HTTP/1.1" 404 436 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.156.126.164 - - [29/Jun/2026:14:50:16 +0200] "GET /xmlrpc.php?rsd HTTP/1.1" 404 436 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.156.126.164 - - [29/Jun/2026:14:50:16 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 436 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.156.126.164 - - [29/Jun/2026:14:50:16 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 436 "-" "Mozilla/5.0 (Windows NT 10.0; Win64;
...
show less
Brute-Force
Web App Attack
๐ฎ๐น
VHosting
2026-06-29 12:50:07
(3 days ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack