๐บ๐ธ
TPI-Abuse
2026-07-14 07:18:22
(1 hour ago)
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk) ...
show more
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 03:18:15.530068 2026] [security2:error] [pid 31127:tid 31127] [client 163.61.128.141:50682] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 163.61.128.141 (+1 hits since last alert)|brushmileage.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brushmileage.org"] [uri "/xmlrpc.php"] [unique_id "alXit8h3ZhcMUy8EHKIpfAAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 18:25:15
(14 hours ago)
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk) ...
show more
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 14:25:08.521469 2026] [security2:error] [pid 19906:tid 19906] [client 163.61.128.141:51306] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 163.61.128.141 (+1 hits since last alert)|smoothiessoupssalads.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "smoothiessoupssalads.com"] [uri "/xmlrpc.php"] [unique_id "alUthEK8lzzkIkdNhodT7wAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
cwytech
2026-07-13 17:41:55
(14 hours ago)
Fleet-wide ban from the Ghostfleet ๐ป. Triggered by scenario: cwy/wp-us-login-only-high.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 16:46:16
(15 hours ago)
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk) ...
show more
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 12:46:09.843193 2026] [security2:error] [pid 799:tid 799] [client 163.61.128.141:24997] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 163.61.128.141 (+1 hits since last alert)|eye7graphics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "eye7graphics.com"] [uri "/xmlrpc.php"] [unique_id "alUWUTI0tewq9EMtfWQmqwAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ณ๐ฑ
Site.eu
2026-07-13 07:43:31
(1 day ago)
Repeated wp-login/xmlrpc attempts
Brute-Force
SSH
Anonymous
2026-07-13 07:13:21
(1 day ago)
Bad Web Bot
Web App Attack
๐ซ๐ท
tecnicorioja
2026-07-12 22:00:15
(1 day ago)
POST /xmlrpc.php [12/Jul/2026:04:50:38
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-12 18:11:36
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk) ...
show more
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 14:11:33.449094 2026] [security2:error] [pid 300367:tid 300367] [client 163.61.128.141:12211] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 163.61.128.141 (+1 hits since last alert)|richmondrents.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "richmondrents.com"] [uri "/xmlrpc.php"] [unique_id "alPY1R2chnrEMn0bb0SkQwAAAA4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-12 17:12:51
(1 day ago)
163.61.128.141 - - [12/Jul/2026:13:10:09 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5270 "-" "WordPress. ...
show more
163.61.128.141 - - [12/Jul/2026:13:10:09 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5270 "-" "WordPress.com; https://wordpress.com"
163.61.128.141 - - [12/Jul/2026:13:10:31 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5270 "-" "WordPress.com; https://wordpress.com"
163.61.128.141 - - [12/Jul/2026:13:11:34 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5270 "-" "WordPress.com; https://wordpress.com"
163.61.128.141 - - [12/Jul/2026:13:12:40 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5270 "-" "WordPress.com; https://wordpress.com"
163.61.128.141 - - [12/Jul/2026:13:12:50 -0400] "POST /xmlrpc.php HTTP/1.0" 200 5270 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-12 08:36:44
(1 day ago)
(wordpress) Failed wordpress login from 163.61.128.141 (PK/Pakistan/dyn-163-61-128-141.swis.com.pk)
Brute-Force
๐บ๐ธ
TPI-Abuse
2026-07-12 06:55:50
(2 days ago)
(mod_security) mod_security (id:225170) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk) ...
show more
(mod_security) mod_security (id:225170) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 12 02:55:42.429224 2026] [security2:error] [pid 31790:tid 31790] [client 163.61.128.141:52897] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||cloudex.link|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cloudex.link"] [uri "/wp-json/wp/v2/users"] [unique_id "alM6bm1Q5eUjX-gzwf4EUQAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 18:47:38
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk) ...
show more
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 14:47:29.959704 2026] [security2:error] [pid 17164:tid 17164] [client 163.61.128.141:59732] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 163.61.128.141 (+1 hits since last alert)|wpcoc.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "wpcoc.org"] [uri "/xmlrpc.php"] [unique_id "alKPwbZ7tE28eIMaWFkLRwAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-11 16:46:34
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk) ...
show more
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (dyn-163-61-128-141.swis.com.pk): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 11 12:46:29.349970 2026] [security2:error] [pid 29391:tid 29391] [client 163.61.128.141:18053] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 163.61.128.141 (+1 hits since last alert)|drayvian.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "drayvian.com"] [uri "/xmlrpc.php"] [unique_id "alJzZaArbZRH2wlZDnO1hAAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฌ๐ง
Apache
2026-07-11 13:36:44
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (PK/Pakistan/dyn-163-61-128-141. ...
show more
(mod_security) mod_security (id:240335) triggered by 163.61.128.141 (PK/Pakistan/dyn-163-61-128-141.swis.com.pk): 5 in the last 300 secs
show less
Brute-Force
Web App Attack
๐ช๐ธ
masterguru
2026-07-11 13:34:01
(2 days ago)
(xmlrpc) Failed xmlrpc access from 163.61.128.141 (PK/Pakistan/dyn-163-61-128-141.swis.com.pk): 5 in ...
show more
(xmlrpc) Failed xmlrpc access from 163.61.128.141 (PK/Pakistan/dyn-163-61-128-141.swis.com.pk): 5 in the last 3600 secs (0-122)
show less
Hacking