JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 109.93.213.108

109.93.213.108 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 16%: ?

16%

ISP	Telekom Srbija, ADSL users
Usage Type	Fixed Line ISP
ASN	AS8400
Hostname(s)	109-93-213-108.dynamic.isp.telekom.rs
Domain Name	mts.rs
Country	🇷🇸 Serbia
City	Vladimirci, Central Serbia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 109.93.213.108

Whois 109.93.213.108

IP Abuse Reports for 109.93.213.108:

This IP address has been reported a total of 10 times from 7 distinct sources. 109.93.213.108 was first reported on September 7th 2022, and the most recent report was 21 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 masterguru	2026-06-27 19:36:28 (21 hours ago)	(xmlrpc) Failed xmlrpc access from 109.93.213.108 (RS/Serbia/109-93-213-108.dynamic.isp.telekom.rs): ... show more (xmlrpc) Failed xmlrpc access from 109.93.213.108 (RS/Serbia/109-93-213-108.dynamic.isp.telekom.rs): 5 in the last 3600 secs (0-122) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-27 19:02:02 (21 hours ago)	(mod_security) mod_security (id:240335) triggered by 109.93.213.108 (109-93-213-108.dynamic.isp.tele ... show more (mod_security) mod_security (id:240335) triggered by 109.93.213.108 (109-93-213-108.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 15:01:57.533191 2026] [security2:error] [pid 23930:tid 23930] [client 109.93.213.108:49352] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 109.93.213.108 (+1 hits since last alert)\|pharmaceuticalsalescareerhub.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pharmaceuticalsalescareerhub.com"] [uri "/xmlrpc.php"] [unique_id "akAeJQd_eGYFTqiYOrCt4gAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-22 19:53:18 (7 months ago)	scanning http requests from known botnet	Web App Attack
🇺🇸 TPI-Abuse	2023-12-14 13:15:47 (2 years ago)	(mod_security) mod_security (id:225170) triggered by 109.93.213.108 (109-93-213-108.dynamic.isp.tele ... show more (mod_security) mod_security (id:225170) triggered by 109.93.213.108 (109-93-213-108.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Dec 14 08:15:43.394951 2023] [security2:error] [pid 10701:tid 47465730471680] [client 109.93.213.108:63972] [client 109.93.213.108] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|whatismetamodern.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "whatismetamodern.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZXr__0Ae84sN1oNhxNCmzAAAARU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇦 URAN Publishing Service	2023-12-06 00:37:50 (2 years ago)	109.93.213.108 - - [06/Dec/2023:02:37:49 +0200] "GET /wp-login.php HTTP/1.1" 404 4776 "-" "Mozilla/5 ... show more 109.93.213.108 - - [06/Dec/2023:02:37:49 +0200] "GET /wp-login.php HTTP/1.1" 404 4776 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 109.93.213.108 - - [06/Dec/2023:02:37:49 +0200] "GET /xmlrpc.php HTTP/1.1" 404 366 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" ... show less	Web App Attack
🇺🇸 Ba-Yu	2023-11-23 12:59:04 (2 years ago)	WordPress hacking/exploits/scanning	Web Spam Hacking Brute-Force Exploited Host Web App Attack
🇮🇩 xveil	2023-04-16 19:09:27 (3 years ago)	2023-04-17T02:09:26.049186 mail-honeypot postfix/submission/smtpd[19231]: warning: 109-93-213-108.dy ... show more 2023-04-17T02:09:26.049186 mail-honeypot postfix/submission/smtpd[19231]: warning: 109-93-213-108.dynamic.isp.telekom.rs[109.93.213.108]: SASL PLAIN authentication failed: authentication failure ... show less	Brute-Force
🇮🇩 xveil	2023-04-16 13:26:33 (3 years ago)	2023-04-16T20:26:31.913447 mail-honeypot postfix/submission/smtpd[26323]: warning: 109-93-213-108.dy ... show more 2023-04-16T20:26:31.913447 mail-honeypot postfix/submission/smtpd[26323]: warning: 109-93-213-108.dynamic.isp.telekom.rs[109.93.213.108]: SASL PLAIN authentication failed: authentication failure ... show less	Brute-Force
🇮🇩 xveil	2023-04-16 01:46:03 (3 years ago)	2023-04-16T08:46:00.609703 mail-honeypot postfix/submission/smtpd[20490]: warning: 109-93-213-108.dy ... show more 2023-04-16T08:46:00.609703 mail-honeypot postfix/submission/smtpd[20490]: warning: 109-93-213-108.dynamic.isp.telekom.rs[109.93.213.108]: SASL PLAIN authentication failed: authentication failure ... show less	Brute-Force
🇻🇳 websase.com	2022-09-07 07:48:06 (3 years ago)	WordPress XMLRPC Brute Force Attacks	Brute-Force Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇿 219.89.198.191

🇩🇪 195.230.103.246

🇧🇷 177.11.190.160

🇹🇭 118.194.251.17

🇺🇸 98.92.0.216

🇫🇷 62.210.101.177

🇺🇸 45.33.40.18

🇺🇸 20.65.193.226

🇫🇮 2a00:1450:4010:c1c::12b

🇧🇷 177.11.190.159

🇧🇷 177.11.190.16

🇳🇱 142.93.225.156

🇭🇰 118.26.37.105

🇨🇳 111.26.167.36

🇨🇳 106.75.144.110

🇧🇬 79.124.49.174

🇳🇱 45.148.10.152

🇳🇱 195.178.110.188

🇬🇧 185.152.250.165

🇸🇬 185.150.0.21