๐บ๐ธ
TPI-Abuse
2026-07-09 22:20:39
(20 hours ago)
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.ads ...
show more
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.adslplus.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jul 09 18:20:33.915419 2026] [security2:error] [pid 30393:tid 30393] [client 62.167.164.216:1971] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.167.164.216 (+1 hits since last alert)|roguetechink.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "roguetechink.com"] [uri "/xmlrpc.php"] [unique_id "alAesQKm6kXdAQpIZBXefgAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 17:13:03
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.ads ...
show more
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.adslplus.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 13:12:57.170971 2026] [security2:error] [pid 12988:tid 12988] [client 62.167.164.216:16731] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.167.164.216 (+1 hits since last alert)|pcga.golf|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pcga.golf"] [uri "/xmlrpc.php"] [unique_id "ak6FGQJsHTFlfNsBb8dOswAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 13:58:34
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.ads ...
show more
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.adslplus.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 09:58:27.658649 2026] [security2:error] [pid 5872:tid 5872] [client 62.167.164.216:2445] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.167.164.216 (+1 hits since last alert)|glassclublake.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "glassclublake.com"] [uri "/xmlrpc.php"] [unique_id "ak5Xg0jjktYzWRBH8crVsQAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-08 12:45:09
(2 days ago)
[redacted] 62.167.164.216 - - [08/Jul/2026:14:44:26 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" " ...
show more
[redacted] 62.167.164.216 - - [08/Jul/2026:14:44:26 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 62.167.164.216 - - [08/Jul/2026:14:44:36 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.4)"
[redacted] 62.167.164.216 - - [08/Jul/2026:14:44:47 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)"
[redacted] 62.167.164.216 - - [08/Jul/2026:14:44:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com"
[redacted] 62.167.164.216 - - [08/Jul/2026:14:45:08 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/13.0; WordPress/6.3; http://site89942616.com"
...
show less
Hacking
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 11:45:28
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.ads ...
show more
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.adslplus.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 07:45:23.676074 2026] [security2:error] [pid 10389:tid 10389] [client 62.167.164.216:2287] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.167.164.216 (+1 hits since last alert)|starcrestsales.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "starcrestsales.com"] [uri "/xmlrpc.php"] [unique_id "ak44U7UwvSalAZpHrPzolAAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 20:03:12
(2 days ago)
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.ads ...
show more
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.adslplus.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 16:03:08.120124 2026] [security2:error] [pid 14930:tid 14930] [client 62.167.164.216:14725] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.167.164.216 (+1 hits since last alert)|feministvoice.blog|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "feministvoice.blog"] [uri "/xmlrpc.php"] [unique_id "ak1bfGDB9nGE48iMnWUzdgAAAA0"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-07 19:25:30
(2 days ago)
(wordpress) Failed wordpress login from 62.167.164.216 (CH/Switzerland/xcpe-62-167-164-216.cgn.res.a ...
show more
(wordpress) Failed wordpress login from 62.167.164.216 (CH/Switzerland/xcpe-62-167-164-216.cgn.res.adslplus.ch)
show less
Brute-Force
๐ซ๐ท
LRob
2026-07-07 15:59:27
(3 days ago)
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPr ...
show more
CrowdSec: crowdsecurity/http-bf-wordpress_bf_xmlrpc | req: ["/xmlrpc.php"] | UA: ["Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.3)","Jetpack by WordPress.com","Jetpack/12.5; WordPress/6.2; http://site13552242.com","WordPress
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 15:36:10
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.ads ...
show more
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.adslplus.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 11:35:57.026662 2026] [security2:error] [pid 27835:tid 27835] [client 62.167.164.216:14601] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.167.164.216 (+1 hits since last alert)|zost.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "zost.net"] [uri "/xmlrpc.php"] [unique_id "ak0c3Qlg_XTrSKzdMsGrTgAAADA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 13:06:47
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.ads ...
show more
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.adslplus.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 09:06:43.151453 2026] [security2:error] [pid 17135:tid 17135] [client 62.167.164.216:14470] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.167.164.216 (+1 hits since last alert)|starvationacres.us|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "starvationacres.us"] [uri "/xmlrpc.php"] [unique_id "akz541a74GZpIlTDgwNOAgAAAAg"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
integrantservices.com
2026-07-07 13:04:48
(3 days ago)
(wordpress) Failed wordpress login from 62.167.164.216 (CH/Switzerland/xcpe-62-167-164-216.cgn.res.a ...
show more
(wordpress) Failed wordpress login from 62.167.164.216 (CH/Switzerland/xcpe-62-167-164-216.cgn.res.adslplus.ch)
show less
Brute-Force
๐ณ๐ฑ
javierin
2026-07-07 07:37:02
(3 days ago)
62.167.164.216 - mamaexperta.es - - [07/Jul/2026:07:35:27 +0000] "POST /xmlrpc.php HTTP/1.1" 503 192 ...
show more
62.167.164.216 - mamaexperta.es - - [07/Jul/2026:07:35:27 +0000] "POST /xmlrpc.php HTTP/1.1" 503 19271 "-" "Jetpack/13.0; WordPress/6.4; http://site19233470.com"
62.167.164.216 - mamaexperta.es - - [07/Jul/2026:07:35:36 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18267 "-" "Jetpack by WordPress.com"
62.167.164.216 - mamaexperta.es - - [07/Jul/2026:07:35:47 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18267 "-" "Jetpack by WordPress.com"
62.167.164.216 - mamaexperta.es - - [07/Jul/2026:07:35:57 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18267 "-" "Jetpack/12.1; WordPress/6.4; http://site69210377.com"
62.167.164.216 - mamaexperta.es - - [07/Jul/2026:07:36:08 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18267 "-" "Jetpack/13.0; WordPress/6.3; http://site22959326.com"
62.167.164.216 - mamaexperta.es - - [07/Jul/2026:07:36:19 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18267 "-" "Jetpack by WordPress.com"
62.167.164.216 - mamaexperta.es - - [07/Jul/2026:07:36:29 +0000] "POST /xmlrpc.php HTTP/1.1" 503 18267 "-" "Word
...
show less
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 07:07:07
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.ads ...
show more
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.adslplus.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 03:07:02.592659 2026] [security2:error] [pid 25049:tid 25049] [client 62.167.164.216:8821] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.167.164.216 (+1 hits since last alert)|lacycustombuilt.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lacycustombuilt.com"] [uri "/xmlrpc.php"] [unique_id "akylloM_g9qodkvDIuRkwgAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 04:23:32
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.ads ...
show more
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.adslplus.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 07 00:23:24.255470 2026] [security2:error] [pid 30252:tid 30252] [client 62.167.164.216:2054] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.167.164.216 (+1 hits since last alert)|madisonmedia.ai|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "madisonmedia.ai"] [uri "/xmlrpc.php"] [unique_id "akx_PIGcwjSVYUsdxupZLgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 01:34:39
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.ads ...
show more
(mod_security) mod_security (id:240335) triggered by 62.167.164.216 (xcpe-62-167-164-216.cgn.res.adslplus.ch): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 21:34:35.243420 2026] [security2:error] [pid 7076:tid 7076] [client 62.167.164.216:2492] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 62.167.164.216 (+1 hits since last alert)|airdriedrivingschool.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "airdriedrivingschool.com"] [uri "/xmlrpc.php"] [unique_id "akxXq7rb-VuCgQr7UYQgswAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack