๐ธ๐ช
SkyDancer
2026-07-07 01:05:56
(1 day ago)
Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blo ...
show more
Multiple intrusion attempts via http/https on known vulnerable url offsets. Attack automatically blocked by SkyDancer Ai(web-X).
show less
Hacking
Brute-Force
๐จ๐ญ
zynex
2026-06-24 20:12:39
(1 week ago)
URL Probing: /2018/wp-includes/wlwmanifest.xml
Web App Attack
๐บ๐ธ
infra-monitor
2026-06-04 18:00:05
(1 month ago)
Automated ban via infra-monitor: wp-sensitive-paths, wordpress-probe
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-08 04:31:03
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 91.239.208.38 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 91.239.208.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 00:30:55.627187 2026] [security2:error] [pid 21924:tid 21924] [client 91.239.208.38:62589] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.jdeloa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.jdeloa.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "af1m_96RE2kwC5L0Tv9dgwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
applemooz
2026-05-08 04:25:46
(2 months ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
Anonymous
2026-05-08 03:57:58
(2 months ago)
91.239.208.38 - - [08/May/2026:05:57:56 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.0" 404 461 " ...
show more
91.239.208.38 - - [08/May/2026:05:57:56 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.0" 404 461 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
91.239.208.38 - - [08/May/2026:05:57:56 +0200] "GET /wp-includes/wlwmanifest.xml HTTP/1.1" 404 293 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
91.239.208.38 - - [08/May/2026:05:57:57 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.0" 404 461 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
91.239.208.38 - - [08/May/2026:05:57:57 +0200] "GET /blog/wp-includes/wlwmanifest.xml HTTP/1.1" 404 293 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36"
91.239.208.38 - - [08/May/2026:05:57:57 +0200] "GET /web/wp-includes/wlwmanifest.xml HTTP/1.0" 404 461 "-"
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-08 03:23:44
(2 months ago)
(mod_security) mod_security (id:225170) triggered by 91.239.208.38 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 91.239.208.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 23:23:37.818051 2026] [security2:error] [pid 25128:tid 25151] [client 91.239.208.38:55303] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.grupojdg.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.grupojdg.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "af1XOb8SvqM_zKfOaMLueAAAANM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
oralunal
2026-05-08 03:18:22
(2 months ago)
IP banned by Fail2Ban in jail its-suss access.log mvfnds
...
Bad Web Bot
Web App Attack
๐ณ๐ฟ
Antinson
2026-05-08 03:03:55
(2 months ago)
High error rate and elevated request volume targeting cPanel servers
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-05-08 02:46:00
(2 months ago)
(mod_security) mod_security (id:240335) triggered by 91.239.208.38 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 91.239.208.38 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 07 22:45:56.231716 2026] [security2:error] [pid 21674:tid 21674] [client 91.239.208.38:60766] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 91.239.208.38 (+1 hits since last alert)|bitcoinsubscribers.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bitcoinsubscribers.com"] [uri "/xmlrpc.php"] [unique_id "af1OZHYJUOs_kZtkpoIlUgAAACc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-05-08 02:06:18
(2 months ago)
Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=21
Hacking
๐จ๐ญ
backslash
2026-05-08 02:03:00
(2 months ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
๐ฉ๐ช
abdubhai
2026-05-08 01:52:41
(2 months ago)
91.239.208.38 - - [08/May/2026:0
...
Brute-Force
๐ฌ๐ง
pinguin
2026-05-08 01:41:04
(2 months ago)
Triggered Cloudflare WAF (linkMaze) from FR.
Action taken: LINK_MAZE_INJECTED
Protocol: HTTP/1.1 (GE ...
show more
Triggered Cloudflare WAF (linkMaze) from FR.
Action taken: LINK_MAZE_INJECTED
Protocol: HTTP/1.1 (GET method)
Endpoint: //wp2/wp-includes/wlwmanifest.xml
UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐ฉ๐ช
FeG Deutschland
2026-05-08 01:33:07
(2 months ago)
Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 247
Exploited Host
Web App Attack