๐บ๐ธ
TPI-Abuse
2026-07-12 04:55:36
(1 hour ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 00:55:29.768532 2026] [security2:error] [pid 12439:tid 12439] [client 105.163.1.246:1115] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.246 (+1 hits since last alert)|fundingangelinvestors.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fundingangelinvestors.com"] [uri "/xmlrpc.php"] [unique_id "alMeQfELavDR_e26eGf5EAAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 23:16:22
(7 hours ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 19:16:15.658303 2026] [security2:error] [pid 32285:tid 32285] [client 105.163.1.246:3041] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.246 (+1 hits since last alert)|mortuarymessageservices.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mortuarymessageservices.com"] [uri "/xmlrpc.php"] [unique_id "alLOv_xEl0HCd5NYdvXHkAAAACY"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 19:41:50
(11 hours ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 15:41:47.928566 2026] [security2:error] [pid 30426:tid 30448] [client 105.163.1.246:5277] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.246 (+1 hits since last alert)|hoffmanandassoc.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hoffmanandassoc.com"] [uri "/xmlrpc.php"] [unique_id "alKce3L12py3rZheAveHEwAAARQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 16:06:57
(14 hours ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 12:06:50.805109 2026] [security2:error] [pid 15755:tid 15755] [client 105.163.1.246:3413] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.246 (+1 hits since last alert)|femalegamblers.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "femalegamblers.org"] [uri "/xmlrpc.php"] [unique_id "alJqGhWhQSsyeHy8xZtc8wAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 15:34:38
(15 hours ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 11:34:32.757059 2026] [security2:error] [pid 14058:tid 14093] [client 105.163.1.246:5757] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.246 (+1 hits since last alert)|lamcohomecare.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lamcohomecare.com"] [uri "/xmlrpc.php"] [unique_id "alJiiEgQFnLBxaWCgmBUxQAAARE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
masterguru
2026-07-11 09:14:10
(21 hours ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
๐บ๐ธ
TPI-Abuse
2026-07-11 08:58:25
(21 hours ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 04:58:19.178479 2026] [security2:error] [pid 3826:tid 3826] [client 105.163.1.246:3568] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.246 (+1 hits since last alert)|glassclublake.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "glassclublake.com"] [uri "/xmlrpc.php"] [unique_id "alIFq-2HYByVgi-4xl01zAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
Jason Howell
2026-07-11 01:15:12
(1 day ago)
105.163.1.246 - - [10/Jul/2026:20:14:30 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "WordPress.c ...
show more
105.163.1.246 - - [10/Jul/2026:20:14:30 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "WordPress.com; https://wordpress.com"
105.163.1.246 - - [10/Jul/2026:20:14:40 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "WordPress.com; https://wordpress.com"
105.163.1.246 - - [10/Jul/2026:20:14:50 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4360 "-" "Jetpack by WordPress.com"
105.163.1.246 - - [10/Jul/2026:20:15:01 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4358 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)"
105.163.1.246 - - [10/Jul/2026:20:15:11 -0500] "POST /xmlrpc.php HTTP/1.1" 200 4359 "-" "Jetpack/12.1; WordPress/6.3; http://site66932965.com"
...
show less
Web App Attack
๐ซ๐ท
dynamix
2026-07-10 20:38:06
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-10 19:27:14
(1 day ago)
105.163.1.246 - - [10/Jul/2026:15:25:39 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5728 "-" "WordPress.c ...
show more
105.163.1.246 - - [10/Jul/2026:15:25:39 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5728 "-" "WordPress.com; https://wordpress.com"
105.163.1.246 - - [10/Jul/2026:15:25:50 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5760 "-" "WordPress.com; https://wordpress.com"
105.163.1.246 - - [10/Jul/2026:15:26:11 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5744 "-" "WordPress.com; https://wordpress.com"
105.163.1.246 - - [10/Jul/2026:15:26:42 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5760 "-" "WordPress.com; https://wordpress.com"
105.163.1.246 - - [10/Jul/2026:15:27:14 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5760 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 14:22:26
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 10:22:19.491358 2026] [security2:error] [pid 25906:tid 25906] [client 105.163.1.246:6032] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.246 (+1 hits since last alert)|theamarals.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theamarals.com"] [uri "/xmlrpc.php"] [unique_id "alEAG3txTplEjui94FXKAQAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 13:08:34
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 09:08:31.392015 2026] [security2:error] [pid 5030:tid 5034] [client 105.163.1.246:5961] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.246 (+1 hits since last alert)|iamfluff.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "iamfluff.com"] [uri "/xmlrpc.php"] [unique_id "alDuz6vZFaOV-rp-9H2ViAAAAMI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
ConsulHosting
2026-07-10 11:40:10
(1 day ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-10 06:38:22
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 02:38:16.847125 2026] [security2:error] [pid 6024:tid 6024] [client 105.163.1.246:6298] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.246 (+1 hits since last alert)|mainefirst.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mainefirst.org"] [uri "/xmlrpc.php"] [unique_id "alCTWK71hSAm50dknZ8HPgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ช๐ธ
alferez
2026-07-10 04:01:17
(2 days ago)
xmlrpc.php attack DOS
Hacking
Exploited Host
Web App Attack