๐ง๐ช
taivas.nl
2026-07-02 04:32:29
(8 hours ago)
Many_bad_calls
Web App Attack
๐ง๐ช
Ivo Vynckier
2026-07-01 14:24:00
(22 hours ago)
35.199.8.132 - - [01/Jul/2026:14:38:30 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 6263 ...
show more
35.199.8.132 - - [01/Jul/2026:14:38:30 +0200] "GET //wp-includes/ID3/license.txt HTTP/1.1" 404 6263 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.199.8.132 - - [01/Jul/2026:14:38:30 +0200] "GET //feed/ HTTP/1.1" 403 796 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.199.8.132 - - [01/Jul/2026:14:38:30 +0200] "GET //xmlrpc.php?rsd HTTP/1.1" 404 27 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Web App Attack
๐บ๐ธ
mnsf
2026-07-01 13:08:35
(23 hours ago)
Too many Status 40X (14)
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 12:48:51
(1 day ago)
(mod_security) mod_security (id:225170) triggered by 35.199.8.132 (132.8.199.35.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 35.199.8.132 (132.8.199.35.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 08:48:43.433017 2026] [security2:error] [pid 1615:tid 1615] [client 35.199.8.132:58098] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||huntingforebears.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "huntingforebears.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akUMq8MLsPBjAUbDJD6JzAAAAAY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ญ๐บ
bcsaba
2026-07-01 12:47:40
(1 day ago)
Multiple web server 400 error codes from same source ip.
35.199.8.132 - - [01/Jul/2026:14:47:34 +020 ...
show more
Multiple web server 400 error codes from same source ip.
35.199.8.132 - - [01/Jul/2026:14:47:34 +0200] "GET //site/wp-includes/wlwmanifest.xml HTTP/1.1" 404 1491 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
show less
Web App Attack
Brute-Force
๐ง๐ช
taivas.nl
2026-07-01 12:32:10
(1 day ago)
Bad_requests
Bad Web Bot
๐ณ๐ด
jad-abuse
2026-07-01 12:31:02
(1 day ago)
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. O ...
show more
ActiveDefense automated detection: malicious HTTP scanning / exploit attempts. Signatures: xmlrpc. Observed by 1 sensor(s); 15 hits.
show less
Brute-Force
Web App Attack
๐ซ๐ฎ
as211431.net
2026-07-01 12:27:47
(1 day ago)
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from US.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: //shop/wp-includes/wlwmanifest.xml
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐บ๐ฆ
RatCommander
2026-07-01 12:25:14
(1 day ago)
CrowdSec: crowdsecurity/http-probing
Port Scan
Web App Attack
๐ฎ๐น
VHosting
2026-07-01 12:25:06
(1 day ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
Anonymous
2026-07-01 12:23:07
(1 day ago)
Web attack blocked by Wordfence on heemkundesjin.nl (1 hit). Reported by CRMON.
Web App Attack
๐จ๐ญ
Origon
2026-07-01 12:13:37
(1 day ago)
http-probing - IP: 35.199.8.132 - time="2026-07-01T14:13:36+02:00" level=info msg="(555f66b4f6a7455 ...
show more
http-probing - IP: 35.199.8.132 - time="2026-07-01T14:13:36+02:00" level=info msg="(555f66b4f6a74558bc11e3f93469658es8App0Mcc0TKEeje/crowdsec) crowdsecurity/http-probing by ip 35.199.8.132 (US/396982) : 4h ban on Ip 35.199.8.132" module=db
show less
Web App Attack
๐ท๐ด
aks4226
2026-07-01 12:11:49
(1 day ago)
Bot search, attacking common web applications.
Web App Attack
๐ฉ๐ช
FeG Deutschland
2026-07-01 12:10:23
(1 day ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 27
Exploited Host
Web App Attack
๐บ๐ฆ
URAN Publishing Service
2026-07-01 12:03:32
(1 day ago)
35.199.8.132 - - [01/Jul/2026:15:03:31 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "- ...
show more
35.199.8.132 - - [01/Jul/2026:15:03:31 +0300] "GET /wp-includes/ID3/license.txt HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
35.199.8.132 - - [01/Jul/2026:15:03:31 +0300] "GET /xmlrpc.php?rsd HTTP/1.1" 404 683 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
...
show less
Web App Attack