Anonymous
2026-06-28 15:07:01
(7 hours ago)
Automated web scanner. Requested suspicious paths: //wp-includes/ID3/license.txt | //xmlrpc.php | // ...
show more
Automated web scanner. Requested suspicious paths: //wp-includes/ID3/license.txt | //xmlrpc.php | //blog/wp-includes/wlwmanifest.xml | //web/wp-includes/wlwmanifest.xml | //wordpress/wp-includes/wlwmanifest.xml | //wp/wp-includes/wlwmanifest.xml | //2020/wp-includes/wlwmanifest.xml | //2021/wp-includes/wlwmanifest.xml | //2019/wp-includes/wlwmanifest.xml | //shop/wp-includes/wlwmanifest.xml | //wp1/wp-includes/wlwmanifest.xml | //test/wp-includes/wlwmanifest.xml. UTC: 2026-06-28 14:07:28.
show less
Web App Attack
๐ฉ๐ช
big-cloud.nl
2026-06-28 14:52:40
(7 hours ago)
Try to access /xmlrpc.php?rsd
Web App Attack
๐ณ๐ฑ
Joop
2026-06-28 14:49:00
(7 hours ago)
2026-06-28 16:48:59 +0200 s1 /wp-includes/id3/license.txt/web/wp-includes/wlwmanifest.xml
Web App Attack
๐ฉ๐ช
KiekerJan
2026-06-28 14:48:13
(7 hours ago)
34.91.98.185 - - [28/Jun/2026:16:48:12 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 ...
show more
34.91.98.185 - - [28/Jun/2026:16:48:12 +0200] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.91.98.185 - - [28/Jun/2026:16:48:12 +0200] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 404 548 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack
๐ณ๐ฑ
Savvii
2026-06-28 14:47:56
(7 hours ago)
10 attempts against mh-misc-ban on sonic
Web App Attack
๐จ๐ฆ
TechnoSolutions CL
2026-06-28 14:46:48
(7 hours ago)
34.91.98.185 - - [28/Jun/2026:14:46:47 +0000] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 200 ...
show more
34.91.98.185 - - [28/Jun/2026:14:46:47 +0000] "GET //blog/wp-includes/wlwmanifest.xml HTTP/1.1" 200 4861 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
34.91.98.185 - - [28/Jun/2026:14:46:48 +0000] "GET //web/wp-includes/wlwmanifest.xml HTTP/1.1" 200 4858 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Hacking
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Antinson
2026-06-28 14:41:48
(7 hours ago)
Scraping with a high error ratio and request rate
Bad Web Bot
๐ซ๐ฎ
JLKnoch.com
2026-06-28 14:29:26
(7 hours ago)
CrowdSec crowdsecurity/http-probing
Brute-Force
Web App Attack
๐ง๐ช
cmbplf
2026-06-28 14:26:25
(7 hours ago)
24.247 requests with url.path */xmlrpc.php
24.153 requests with url.path //xmlrpc.php
Brute-Force
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-28 14:24:26
(7 hours ago)
(mod_security) mod_security (id:225170) triggered by 34.91.98.185 (185.98.91.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 34.91.98.185 (185.98.91.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 10:24:20.469600 2026] [security2:error] [pid 18219:tid 18219] [client 34.91.98.185:62316] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bodyonabudget.daebakdesign.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bodyonabudget.daebakdesign.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akEulIliBb0qpA5-ILa42QAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
BlueWire Hosting
2026-06-28 14:15:00
(8 hours ago)
Probing websites for vulnerabilities
Web App Attack
SQL Injection
๐ซ๐ท
dynamix
2026-06-28 14:05:52
(8 hours ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
alecj.com
2026-06-28 14:00:43
(8 hours ago)
This IP was detected by CrowdSec triggering crowdsecurity/http-probing
Web App Attack
Hacking
๐บ๐ธ
TPI-Abuse
2026-06-28 13:54:47
(8 hours ago)
(mod_security) mod_security (id:225170) triggered by 34.91.98.185 (185.98.91.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 34.91.98.185 (185.98.91.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 09:54:42.511123 2026] [security2:error] [pid 21126:tid 21126] [client 34.91.98.185:56659] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||blackberrycircle.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "blackberrycircle.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "akEnoi4WHGadtEDN3g1kvgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฎ๐น
๐ท๐ท๐ท
2026-06-28 13:54:22
(8 hours ago)
Multiple WordPress unauthorized access attempts
...
Brute-Force
Bad Web Bot