๐ญ๐บ
kranem
2026-07-09 18:00:19
(1 day ago)
Triggered Cloudflare WAF from US.
Action taken: BLOCK
ASN: 396982 (Google LLC)
Protocol: HTTP/1.1 (G ...
show more
Triggered Cloudflare WAF from US.
Action taken: BLOCK
ASN: 396982 (Google LLC)
Protocol: HTTP/1.1 (GET method)
Endpoint: /wp1/wp-includes/wlwmanifest.xml
Timestamp: 2026-07-09T15:19:12Z
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
show less
Bad Web Bot
๐ณ๐ฟ
Antinson
2026-07-09 16:02:32
(1 day ago)
Scraping with a high error ratio and request rate
Bad Web Bot
๐ฎ๐ฉ
Burayot
2026-07-09 15:32:24
(1 day ago)
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 34.75.77.233 (US/United States/233.7 ...
show more
LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 34.75.77.233 (US/United States/233.77.75.34.bc.googleusercontent.com): 2 in the last 3600 secs
show less
Web App Attack
๐ซ๐ท
YF
2026-07-09 15:30:44
(1 day ago)
WordPress directory enumeration
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-09 15:29:15
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 34.75.77.233 (233.77.75.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 34.75.77.233 (233.77.75.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 11:29:09.442301 2026] [security2:error] [pid 4357:tid 4357] [client 34.75.77.233:59307] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.passy.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.passy.us"] [uri "/wp-json/wp/v2/users/"] [unique_id "ak--RQX0wUWAP6QSLJD2OAAAABg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Rip
2026-07-09 15:22:39
(1 day ago)
WordPress fingerprinting and attack surface probing
Port Scan
Web App Attack
๐จ๐ญ
zynex
2026-07-09 15:21:04
(1 day ago)
URL Probing: /blog/wp-includes/wlwmanifest.xml
Web App Attack
๐ฉ๐ช
Ba-Yu
2026-07-09 15:17:13
(1 day ago)
WP-xmlrpc exploit
Web Spam
Blog Spam
Hacking
Exploited Host
Web App Attack
๐ณ๐ฑ
ipoac.nl
2026-07-09 15:12:14
(1 day ago)
-:443 34.75.77.233 - - [09/Jul/2026:17:12:13 +0200] - "GET //xmlrpc.php?rsd HTTP/1.1" 403 1964 "-" " ...
show more
-:443 34.75.77.233 - - [09/Jul/2026:17:12:13 +0200] - "GET //xmlrpc.php?rsd HTTP/1.1" 403 1964 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Bad Web Bot
๐ณ๐ด
jad-abuse
2026-07-09 15:11:43
(1 day ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. O ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Observed by 1 sensor(s); 16 hits.
show less
Brute-Force
Web App Attack
๐ซ๐ฎ
as211431.net
2026-07-09 15:07:50
(1 day ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: //cms/wp-includes/wlwmanifest.xml
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ช๐ธ
yvoictra
2026-07-09 15:07:48
(1 day ago)
34.75.77.233 - - [09/Jul/2026:17:07:46 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 564 "- ...
show more
34.75.77.233 - - [09/Jul/2026:17:07:46 +0200] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.75.77.233 - - [09/Jul/2026:17:07:47 +0200] "GET /feed/ HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.75.77.233 - - [09/Jul/2026:17:07:47 +0200] "GET /xmlrpc.php?rsd HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.75.77.233 - - [09/Jul/2026:17:07:47 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.75.77.233 - - [09/Jul/2026:17:07:48 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 564 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Apple
...
show less
Brute-Force
Web App Attack
๐จ๐ญ
backslash
2026-07-09 15:06:01
(1 day ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
Anonymous
2026-07-09 15:05:34
(1 day ago)
[Drupal AbuseIPDB module] Request path is blacklisted. /wp-includes/id3/license.txt/feed
Web App Attack
๐ฎ๐น
VHosting
2026-07-09 15:05:04
(1 day ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack