JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 94.54.48.63

94.54.48.63 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 81%: ?

81%

ISP	Turksat Kablo
Usage Type	Fixed Line ISP
ASN	AS47524
Domain Name	turksatkablo.com.tr
Country	🇹🇷 Turkey
City	Tekirdag, Tekirdag

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 94.54.48.63

Whois 94.54.48.63

IP Abuse Reports for 94.54.48.63:

This IP address has been reported a total of 23 times from 15 distinct sources. 94.54.48.63 was first reported on August 1st 2025, and the most recent report was 41 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇼 ip4.tw	2026-06-29 21:17:01 (41 minutes ago)	Malicious web scan	Hacking Web App Attack
🇸🇪 vaia.cloud	2026-06-29 21:03:02 (55 minutes ago)	trying wp-login.php/xmlrpc.php 44 times in 1 minutes	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-29 16:05:18 (5 hours ago)	(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 12:05:10.660158 2026] [security2:error] [pid 25536:tid 25536] [client 94.54.48.63:30399] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|bostonmarathonstories.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bostonmarathonstories.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akKXtu-O9jjGUhaQr_XtpQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 findlab	2026-06-29 04:00:01 (17 hours ago)	Backdrop CMS module - malicious activity detected	Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-29 03:08:52 (18 hours ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇩🇪 LRob.fr	2026-06-29 02:00:22 (19 hours ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2026-06-28 21:01:13 (1 day ago)	[redacted] 94.54.48.63 - - [28/Jun/2026:23:00:26 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Moz ... show more [redacted] 94.54.48.63 - - [28/Jun/2026:23:00:26 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/98.0.0.0 Safari/537.36" [redacted] 94.54.48.63 - - [28/Jun/2026:23:00:42 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 6.3; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/10.0.0.0 Safari/537.36" [redacted] 94.54.48.63 - - [28/Jun/2026:23:00:58 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/91.0.0.0 Safari/537.36" [redacted] 94.54.48.63 - - [28/Jun/2026:23:01:11 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/15.0.0.0 Safari/537.36" [redacted] 94.54.48.63 - - [28/Jun/2026:23:01:12 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 10.0; x86) AppleWebKit/5 ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 18:37:18 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 14:37:12.529451 2026] [security2:error] [pid 12901:tid 12901] [client 94.54.48.63:31050] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|aandbnaturalfoods.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "aandbnaturalfoods.com"] [uri "/wp-json/wp/v2/users"] [unique_id "akFp2LgkJqLFNduIJpKstgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-28 03:42:13 (1 day ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 dynamix	2026-06-27 21:40:48 (2 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 19:38:36 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 15:38:31.222292 2026] [security2:error] [pid 7429:tid 7429] [client 94.54.48.63:32352] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|97films.media\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "97films.media"] [uri "/wp-json/wp/v2/users"] [unique_id "akAmt6fKAff9mgzTQ48FRgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WeekendWeb	2026-06-27 12:28:07 (2 days ago)	Wordpress Vunerability attack	Web App Attack
🇺🇸 TPI-Abuse	2026-06-27 05:04:15 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:225170) triggered by 94.54.48.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 01:04:07.738518 2026] [security2:error] [pid 14601:tid 14601] [client 94.54.48.63:32939] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|enriquejezik.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "enriquejezik.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aj9ZxwXQM4yIn4n6gPkdzQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-27 04:00:16 (2 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 4server	2026-06-26 17:12:58 (3 days ago)	[FriJun2619:12:55.9029432026][security2:error][pid2950631:tid2950674][client94.54.48.63:0]ModSecurit ... show more [FriJun2619:12:55.9029432026][security2:error][pid2950631:tid2950674][client94.54.48.63:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"solaristech.ch\"][uri\"/xmlrpc.php\"][unique_id\"aj6zF4gpCclxSNIq5ySZugAAAIg\"] show less	Port Scan Brute-Force Web App Attack

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 117.50.130.61

🇨🇳 223.73.10.132

🇱🇹 202.51.63.50

🇨🇷 186.177.88.38

🇧🇷 177.19.145.25

🇺🇸 107.150.101.57

🇨🇳 106.37.72.234

🇺🇿 84.54.70.21

🇱🇹 81.30.98.44

🇳🇱 45.148.10.151

🇬🇧 35.203.210.159

🇸🇬 4.193.98.138

🇩🇪 212.30.36.221

🇸🇾 188.132.150.226

🇮🇹 151.63.86.114

🇰🇷 121.168.83.124

🇦🇺 120.157.232.28

🇰🇷 120.29.140.188

🇨🇳 119.146.91.181

🇰🇿 95.56.207.205