JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 105.163.1.9

105.163.1.9 was found in our database!

This IP was reported 56 times. Confidence of Abuse is 100%: ?

100%

ISP	Safaricom Limited
Usage Type	Fixed Line ISP
ASN	AS33771
Domain Name	safaricom.co.ke
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 105.163.1.9

Whois 105.163.1.9

IP Abuse Reports for 105.163.1.9:

This IP address has been reported a total of 56 times from 34 distinct sources. 105.163.1.9 was first reported on December 15th 2021, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 Site.eu	2026-06-18 14:51:33 (2 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 RH5	2026-06-18 08:14:36 (8 hours ago)	Restricted URL probing (/xmlrpc.php) (UTC 2026-06-18 08:14)	Web App Attack
Anonymous	2026-06-18 02:53:21 (14 hours ago)	105.163.1.9 - - [18/Jun/2026:04:53:00 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by Wor ... show more 105.163.1.9 - - [18/Jun/2026:04:53:00 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)" 105.163.1.9 - - [18/Jun/2026:04:53:00 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)" 105.163.1.9 - - [18/Jun/2026:04:53:09 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.1; WordPress/6.1; http://site52394234.com" 105.163.1.9 - - [18/Jun/2026:04:53:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack/12.1; WordPress/6.1; http://site52394234.com" 105.163.1.9 - - [18/Jun/2026:04:53:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.1; WordPress/6.2; http://site91820992.com" ... show less	Brute-Force Web App Attack
🇫🇷 dynamix	2026-06-18 00:40:05 (16 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-17 20:53:59 (20 hours ago)	(wordpress) Failed wordpress login from 105.163.1.9 (KE/Kenya/-)	Brute-Force
🇩🇪 ger-stg-sifi1	2026-06-17 20:52:19 (20 hours ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
Anonymous	2026-06-17 13:52:39 (1 day ago)	Attac	Brute-Force
🇳🇱 wlt-blocker	2026-06-17 00:36:54 (1 day ago)	Unauthorized access to webpage admin	Web App Attack
Anonymous	2026-06-17 00:10:34 (1 day ago)	[ssd1.kdns.gr] httpd-xmlrpc-post: sites=asteres.gr; logs=/var/log/httpd/domains/asteres.gr.log; samp ... show more [ssd1.kdns.gr] httpd-xmlrpc-post: sites=asteres.gr; logs=/var/log/httpd/domains/asteres.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
Anonymous	2026-06-16 12:06:28 (2 days ago)	105.163.1.9 - - [16/Jun/2026:14:06:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by Wor ... show more 105.163.1.9 - - [16/Jun/2026:14:06:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)" 105.163.1.9 - - [16/Jun/2026:14:06:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.1)" 105.163.1.9 - - [16/Jun/2026:14:06:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" 105.163.1.9 - - [16/Jun/2026:14:06:17 +0200] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" 105.163.1.9 - - [16/Jun/2026:14:06:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 593 "-" "Jetpack/12.1; WordPress/6.3; http://site25305708.com" ... show less	Brute-Force Web App Attack
🇳🇱 Site.eu	2026-06-16 10:02:30 (2 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-16 06:19:44 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 105.163.1.9 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 105.163.1.9 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 02:19:37.478066 2026] [security2:error] [pid 1278:tid 1278] [client 105.163.1.9:2443] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.163.1.9 (+1 hits since last alert)\|campos.tv\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "campos.tv"] [uri "/xmlrpc.php"] [unique_id "ajDq-XQ4yl63RLYnZ1RUpwAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 02:02:50 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 105.163.1.9 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:240335) triggered by 105.163.1.9 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 22:02:43.364733 2026] [security2:error] [pid 6744:tid 6744] [client 105.163.1.9:2308] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.163.1.9 (+1 hits since last alert)\|rodzillacharters.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rodzillacharters.com"] [uri "/xmlrpc.php"] [unique_id "ajCuw_2EEpVe4a0rB_kX5AAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 bazter.pro	2026-06-15 17:58:56 (2 days ago)	Fail2Ban: plesk-bot-aggressive - 15 failures	Port Scan Bad Web Bot Web App Attack
Anonymous	2026-06-15 17:58:39 (2 days ago)	Attac	Brute-Force

Showing 1 to 15 of 56 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 194.187.176.6

🇧🇷 186.238.247.238

🇵🇾 181.123.136.11

🇺🇸 162.216.150.221

🇭🇰 123.58.215.102

🇺🇸 102.129.234.204

🇱🇹 81.30.98.44

🇺🇸 65.49.1.140

🇦🇺 34.151.170.65

🇨🇳 27.8.44.168

🇯🇵 8.209.209.96

🇺🇸 172.234.224.96

🇹🇭 202.29.235.12

🇨🇳 171.83.167.55

🇦🇷 170.247.141.181

🇫🇮 147.185.133.155

🇨🇳 106.53.51.171

🇮🇩 103.149.176.34

🇳🇱 91.92.40.204

🇳🇱 91.92.40.153