๐ญ๐บ
DumaNet
2026-07-13 10:03:00
(6 days ago)
WordPress (CMS) attack attempts.
Date: 2026 Jul 13. 09:16:42
Source IP: 34.21.93.171
Portion of ...
show more
WordPress (CMS) attack attempts.
Date: 2026 Jul 13. 09:16:42
Source IP: 34.21.93.171
Portion of the log(s):
34.21.93.171 - [13/Jul/2026:09:16:40 +0200] "GET /site/wp-includes/wlwmanifest.xml HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.21.93.171 - [13/Jul/2026:09:16:40 +0200] "GET /test/wp-includes/wlwmanifest.xml HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.21.93.171 - [13/Jul/2026:09:16:40 +0200] "GET /wp1/wp-includes/wlwmanifest.xml HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.21.93.171 - [13/Jul/2026:09:16:40 +0200] "GET /shop/wp-includes/wlwmanifest.xml HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 07:44:34
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 34.21.93.171 (171.93.21.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 34.21.93.171 (171.93.21.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 03:44:30.673879 2026] [security2:error] [pid 11385:tid 11385] [client 34.21.93.171:60125] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.psychiatryabuse.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.psychiatryabuse.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alSXXlHxkc5tsjvhH26toQAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Antinson
2026-07-13 07:44:26
(6 days ago)
Scraping with a high error ratio and request rate
Bad Web Bot
๐ฉ๐ช
on-com
2026-07-13 07:40:26
(6 days ago)
URL scan
Brute-Force
Web App Attack
๐จ๐ฆ
polycoda
2026-07-13 07:34:23
(6 days ago)
AutoBlock: ๐ฏ Vulnerability Scanner (Non Decay-Based) - ๐ Directory Listings (Decay-Based) - โ Excess ...
show more
AutoBlock: ๐ฏ Vulnerability Scanner (Non Decay-Based) - ๐ Directory Listings (Decay-Based) - โ Excessive 40X Errors (Decay-Based)
show less
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
lostswordfish.com
2026-07-13 07:32:04
(6 days ago)
Wordfence waf block on lostswordfish
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 07:24:11
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 34.21.93.171 (171.93.21.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 34.21.93.171 (171.93.21.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 03:24:05.139196 2026] [security2:error] [pid 26697:tid 26697] [client 34.21.93.171:65115] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.garantagroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.garantagroup.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "alSSlfIUSBZc7EUUYohlqwAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-13 07:09:10
(6 days ago)
Blocked by ModSec and CSF
Port Scan
๐ณ๐ฑ
WeCloudit-Anti-Abuse
2026-07-13 07:08:09
(6 days ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-probing
Web App Attack
Hacking
๐ซ๐ท
masterguru
2026-07-13 07:05:36
(6 days ago)
(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 34.21.93.171 (US/United States/171.93 ...
show more
(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 34.21.93.171 (US/United States/171.93.21.34.bc.googleusercontent.com): 1 in the last 3600 secs (0-195)
show less
Hacking
๐ฌ๐ง
Apache
2026-07-13 07:05:21
(6 days ago)
(mod_security) mod_security (id:210410) triggered by 34.21.93.171 (US/United States/171.93.21.34.bc. ...
show more
(mod_security) mod_security (id:210410) triggered by 34.21.93.171 (US/United States/171.93.21.34.bc.googleusercontent.com): 5 in the last 300 secs (CF_ENABLE)
show less
Brute-Force
Web App Attack
๐ฎ๐น
VHosting
2026-07-13 07:05:04
(6 days ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ฉ๐ช
abdubhai
2026-07-13 07:05:00
(6 days ago)
34.21.93.171 - - [13/Jul/2026:12
...
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-13 07:03:57
(6 days ago)
(mod_security) mod_security (id:225170) triggered by 34.21.93.171 (171.93.21.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 34.21.93.171 (171.93.21.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 03:03:54.110221 2026] [security2:error] [pid 8717:tid 8735] [client 34.21.93.171:55491] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||mail.aafm.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mail.aafm.us"] [uri "/wp-json/wp/v2/users/"] [unique_id "alSN2ujOPEEwIWyaAyUMhwAAAIY"]
show less
Brute-Force
Bad Web Bot
Web App Attack