Anonymous
2026-06-30 12:49:40
(1 week ago)
Backdrop CMS module - malicious activity detected
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Webhoster
2026-06-30 12:44:53
(1 week ago)
{"ClientAddr":"141.101.76.57:12676","ClientHost":"34.158.167.0","ClientPort":"12676","ClientUsername ...
show more
{"ClientAddr":"141.101.76.57:12676","ClientHost":"34.158.167.0","ClientPort":"12676","ClientUsername":"-","DownstreamContentSize":0,"DownstreamStatus":429,"Duration":436100,"OriginContentSize":0,"OriginDuration":0,"OriginStatus":0,"Overhead":436100,"RequestAddr":"demo1.timvdberg.dev","RequestContentSize":0,"RequestCount":10383,"RequestHost":"demo1.timvdberg.dev","RequestMethod":"GET","RequestPath":"/wp-includes/wlwmanifest.xml","RequestPort":"-","RequestProtocol":"HTTP/2.0","RequestScheme":"https","RetryAttempts":0,"RouterName":"https-2-omari8kj3ono91z1qv5lbj10-coraza-www@docker","StartLocal":"2026-06-30T12:44:52.523690435Z","StartUTC":"2026-06-30T12:44:52.523690435Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"https","level":"info","msg":"","request_Cf-Connecting-Ip":"34.158.167.0","request_X-Forwarded-For":"34.158.167.0","request_X-Real-Ip":"141.101.76.57","time":"2026-06-30T12:44:52Z"}
{"ClientAddr":"141.101.76.57:12676","ClientHost":"34.158.167.0","Cli
...
show less
Port Scan
Hacking
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-30 12:40:38
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 34.158.167.0 (0.167.158.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 34.158.167.0 (0.167.158.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 08:40:33.945234 2026] [security2:error] [pid 2336:tid 2336] [client 34.158.167.0:59445] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.d-sinema.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.d-sinema.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akO5QYKJAsZqAF-dTrGo0wAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-06-30 12:37:07
(1 week ago)
(wordpress) Failed wordpress login from 34.158.167.0 (0.167.158.34.bc.googleusercontent.com)
Brute-Force
Anonymous
2026-06-30 12:33:13
(1 week ago)
Attac
Brute-Force
๐จ๐ญ
backslash
2026-06-30 12:21:00
(1 week ago)
block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8
Bad Web Bot
๐บ๐ธ
TPI-Abuse
2026-06-30 12:20:09
(1 week ago)
(mod_security) mod_security (id:225170) triggered by 34.158.167.0 (0.167.158.34.bc.googleusercontent ...
show more
(mod_security) mod_security (id:225170) triggered by 34.158.167.0 (0.167.158.34.bc.googleusercontent.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 08:19:56.879513 2026] [security2:error] [pid 31200:tid 31200] [client 34.158.167.0:55676] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||bernsteinip.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bernsteinip.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "akO0bJ5A5H99hpmjrUZfmwAAABQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ญ
zynex
2026-06-30 12:15:03
(1 week ago)
URL Probing: /2019/wp-includes/wlwmanifest.xml
Web App Attack
๐ณ๐ฑ
maxxsense
2026-06-30 12:09:13
(1 week ago)
(wordpress) Failed wordpress login from 34.158.167.0 (0.167.158.34.bc.googleusercontent.com)
Brute-Force
๐ฉ๐ช
big-cloud.nl
2026-06-30 12:06:02
(1 week ago)
Try to access /xmlrpc.php?rsd
Web App Attack
๐บ๐ธ
mnsf
2026-06-30 12:05:43
(1 week ago)
Abuse Detected (1)
Brute-Force
Web App Attack
๐ท๐บ
andrey volobuev
2026-06-30 12:04:52
(1 week ago)
[30/Jun/2026:15:04:48 +0300] - - 301 - GET http ss-dev.bebesh.ru "/" [Client 34.158.167.0] [Length 1 ...
show more
[30/Jun/2026:15:04:48 +0300] - - 301 - GET http ss-dev.bebesh.ru "/" [Client 34.158.167.0] [Length 166] [Gzip -] [Sent-to ss-dev.lan] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "-"
[30/Jun/2026:15:04:49 +0300] - 404 404 - GET https ss-dev.bebesh.ru "//wp-includes/wlwmanifest.xml" [Client 34.158.167.0] [Length 334] [Gzip -] [Sent-to ss-dev.lan] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "-"
[30/Jun/2026:15:04:49 +0300] - 404 404 - GET https ss-dev.bebesh.ru "//xmlrpc.php?rsd" [Client 34.158.167.0] [Length 334] [Gzip -] [Sent-to ss-dev.lan] "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" "-"
[30/Jun/2026:15:04:49 +0300] - 404 404 - GET https ss-dev.bebesh.ru "//blog/wp-includes/wlwmanifest.xml" [Client 34.158.167.0] [Length 334] [Gzip -] [Sent-to ss-dev.lan] "Mozilla/5.0
...
show less
Brute-Force
Web App Attack
๐ฎ๐น
VHosting
2026-06-30 12:00:10
(1 week ago)
Detected WordPress attack from 4 different servers
Brute-Force
Web App Attack
๐ฉ๐ช
bescared
2026-06-30 11:56:23
(1 week ago)
F2B - Malicious activity detected. URL Probing. -8ff06ede-
Hacking
Bad Web Bot
Web App Attack