๐บ๐ธ
TPI-Abuse
2026-07-02 14:42:25
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 10:42:22.251863 2026] [security2:error] [pid 1216:tid 1216] [client 105.163.1.63:2121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.63 (+1 hits since last alert)|flatchestedmama.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "flatchestedmama.com"] [uri "/xmlrpc.php"] [unique_id "akZ4ziqugUSNRY10eh5rEQAAAAw"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-02 11:36:15
(4 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
Anonymous
2026-07-02 11:36:13
(4 days ago)
Fail2ban filtered
...
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 11:08:22
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 07:08:17.813040 2026] [security2:error] [pid 16368:tid 16368] [client 105.163.1.63:2597] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.63 (+1 hits since last alert)|technesa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "technesa.com"] [uri "/xmlrpc.php"] [unique_id "akZGofjIsn4M0Xk4uNUtRAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 10:36:53
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 06:36:46.869661 2026] [security2:error] [pid 20667:tid 20667] [client 105.163.1.63:3071] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.63 (+1 hits since last alert)|famagustacyprus.eu|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "famagustacyprus.eu"] [uri "/xmlrpc.php"] [unique_id "akY_PgWFQDFCAcrkl-mvSwAAAC0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 07:01:29
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 02 03:01:24.854607 2026] [security2:error] [pid 7315:tid 7315] [client 105.163.1.63:3697] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.63 (+1 hits since last alert)|odinathletes.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "odinathletes.com"] [uri "/xmlrpc.php"] [unique_id "akYMxMmAtGb1ihHg-XzrewAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-07-02 03:52:54
(4 days ago)
105.163.1.63 - - [02/Jul/2026:05:52:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6476 "-" "Jetpack/13.0 ...
show more
105.163.1.63 - - [02/Jul/2026:05:52:33 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6476 "-" "Jetpack/13.0; WordPress/6.4; http://site21748113.com"
105.163.1.63 - - [02/Jul/2026:05:52:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6476 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.2)"
105.163.1.63 - - [02/Jul/2026:05:52:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6476 "-" "Jetpack/12.0; WordPress/6.2; http://site88238268.com"
show less
Hacking
Web App Attack
๐ซ๐ท
SpaceHost-Server
2026-07-02 03:37:27
(4 days ago)
105.163.1.63 - - [02/Jul/2026:05:37:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6476 "-" "WordPress.co ...
show more
105.163.1.63 - - [02/Jul/2026:05:37:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6476 "-" "WordPress.com; https://wordpress.com"
105.163.1.63 - - [02/Jul/2026:05:37:16 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6476 "-" "Jetpack/12.1; WordPress/6.2; http://site19852689.com"
105.163.1.63 - - [02/Jul/2026:05:37:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 6476 "-" "Jetpack by WordPress.com"
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-02 01:57:56
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 21:57:50.264889 2026] [security2:error] [pid 14609:tid 14609] [client 105.163.1.63:2592] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.63 (+1 hits since last alert)|abcollie.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abcollie.com"] [uri "/xmlrpc.php"] [unique_id "akXFnsWgFHvs7lfcEt8TdgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ง๐ช
brechtr
2026-07-02 00:11:41
(4 days ago)
[Press84-BanHammer] bad username โ Sourced from: brechtryckaert.com โ Request: POST /xmlrpc.php
Brute-Force
๐ณ๐ฑ
ConsulHosting
2026-07-01 14:23:43
(5 days ago)
Excessive failed CAPTCHA attempts (CAPTCHA DoS)
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 13:05:53
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 09:05:47.352394 2026] [security2:error] [pid 2554:tid 2554] [client 105.163.1.63:3193] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.63 (+1 hits since last alert)|glassclublake.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "glassclublake.com"] [uri "/xmlrpc.php"] [unique_id "akUQq05k5YDlOavcPqie2wAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-01 12:04:26
(5 days ago)
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:240335) triggered by 105.163.1.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 01 08:04:21.992007 2026] [security2:error] [pid 27754:tid 27754] [client 105.163.1.63:4266] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 105.163.1.63 (+1 hits since last alert)|tonytremblayauthor.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tonytremblayauthor.com"] [uri "/xmlrpc.php"] [unique_id "akUCRdWS5EVSB0RjMEH3EAAAACc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
pscriptos
2026-07-01 05:44:02
(5 days ago)
{"ClientAddr":"105.163.1.63:2161","ClientHost":"105.163.1.63","ClientPort":"2161","ClientUsername":" ...
show more
{"ClientAddr":"105.163.1.63:2161","ClientHost":"105.163.1.63","ClientPort":"2161","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":121206963,"OriginContentSize":418,"OriginDuration":118130432,"OriginStatus":403,"Overhead":3076531,"RequestAddr":"www.cleveradmin.de","RequestContentSize":705,"RequestCount":22310,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-07-01T07:43:41.749200365+02:00","StartUTC":"2026-07-01T05:43:41.749200365Z","TLSCipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLSVersion":"1.2","entryPointName":"websecure","level":"info","msg":"","time":"2026-07-01T07:43:41+02:00"}
{"ClientAddr":"105.163.1.63:2161","ClientHost":"105.163.1.63","ClientPor
...
show less
Brute-Force
Web App Attack
๐ช๐ธ
masterguru
2026-07-01 05:05:45
(5 days ago)
(xmlrpc) Failed xmlrpc access from 105.163.1.63 (KE/Kenya/-): 5 in the last 3600 secs (0-122)
Hacking