๐บ๐ธ
TPI-Abuse
2026-07-18 22:12:47
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 93.137.104.69 (93-137-104-69.adsl.net.t-com.hr) ...
show more
(mod_security) mod_security (id:240335) triggered by 93.137.104.69 (93-137-104-69.adsl.net.t-com.hr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 18:12:40.778554 2026] [security2:error] [pid 19339:tid 19339] [client 93.137.104.69:59532] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.137.104.69 (+1 hits since last alert)|havilahmalone.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "havilahmalone.com"] [uri "/xmlrpc.php"] [unique_id "alv6WJJWewnNKL46WFq5hAAAAAo"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 19:06:05
(9 hours ago)
(mod_security) mod_security (id:240335) triggered by 93.137.104.69 (93-137-104-69.adsl.net.t-com.hr) ...
show more
(mod_security) mod_security (id:240335) triggered by 93.137.104.69 (93-137-104-69.adsl.net.t-com.hr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 15:06:00.496876 2026] [security2:error] [pid 7150:tid 7171] [client 93.137.104.69:49636] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.137.104.69 (+1 hits since last alert)|tomithai.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tomithai.com"] [uri "/xmlrpc.php"] [unique_id "alvOmNZXJuP9FnTQLlksuAAAAYI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 17:34:12
(10 hours ago)
(mod_security) mod_security (id:240335) triggered by 93.137.104.69 (93-137-104-69.adsl.net.t-com.hr) ...
show more
(mod_security) mod_security (id:240335) triggered by 93.137.104.69 (93-137-104-69.adsl.net.t-com.hr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 13:34:08.813116 2026] [security2:error] [pid 14732:tid 14732] [client 93.137.104.69:59314] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.137.104.69 (+1 hits since last alert)|rohanbyles.com.au|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rohanbyles.com.au"] [uri "/xmlrpc.php"] [unique_id "alu5ELXa3qzOjS6uym4EhAAAAA8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-07-18 16:25:15
(11 hours ago)
[SatJul1818:25:11.5975952026][security2:error][pid3340047:tid3340095][client93.137.104.69:0]ModSecur ...
show more
[SatJul1818:25:11.5975952026][security2:error][pid3340047:tid3340095][client93.137.104.69:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"life-live.ch\"][uri\"/xmlrpc.php\"][unique_id\"aluo52zIox-trc1F0Xu4xwAAAEw\"]
show less
Port Scan
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 15:18:07
(12 hours ago)
(mod_security) mod_security (id:240335) triggered by 93.137.104.69 (93-137-104-69.adsl.net.t-com.hr) ...
show more
(mod_security) mod_security (id:240335) triggered by 93.137.104.69 (93-137-104-69.adsl.net.t-com.hr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 18 11:18:04.585136 2026] [security2:error] [pid 22999:tid 22999] [client 93.137.104.69:63335] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.137.104.69 (+1 hits since last alert)|cmcnow.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cmcnow.net"] [uri "/xmlrpc.php"] [unique_id "aluZLG1csBhCmYIpfdyCFwAAAAM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-18 14:50:27
(13 hours ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-18 14:46:18
(13 hours ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
Anonymous
2026-07-18 11:43:21
(16 hours ago)
[ssd1.kdns.gr] httpd-xmlrpc-post: sites=www.nbmedical.gr; logs=/var/log/httpd/domains/nbmedical.gr.l ...
show more
[ssd1.kdns.gr] httpd-xmlrpc-post: sites=www.nbmedical.gr; logs=/var/log/httpd/domains/nbmedical.gr.log; samples=/xmlrpc.php
show less
Brute-Force
Web App Attack
๐บ๐ธ
IndigoRidge
2026-07-18 05:38:02
(22 hours ago)
93.137.104.69 - - [18/Jul/2026:01:35:55 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5564 "-" "WordPress.c ...
show more
93.137.104.69 - - [18/Jul/2026:01:35:55 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5564 "-" "WordPress.com; https://wordpress.com"
93.137.104.69 - - [18/Jul/2026:01:36:26 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5564 "-" "WordPress.com; https://wordpress.com"
93.137.104.69 - - [18/Jul/2026:01:37:08 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5564 "-" "WordPress.com; https://wordpress.com"
93.137.104.69 - - [18/Jul/2026:01:37:19 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5564 "-" "WordPress.com; https://wordpress.com"
93.137.104.69 - - [18/Jul/2026:01:38:01 -0400] "POST /xmlrpc.php HTTP/1.0" 403 5564 "-" "WordPress.com; https://wordpress.com"
...
show less
Web App Attack
๐ช๐ธ
masterguru
2026-07-18 04:04:25
(1 day ago)
(xmlrpc) Failed xmlrpc access from 93.137.104.69 (HR/Croatia/93-137-104-69.adsl.net.t-com.hr): 5 in ...
show more
(xmlrpc) Failed xmlrpc access from 93.137.104.69 (HR/Croatia/93-137-104-69.adsl.net.t-com.hr): 5 in the last 3600 secs (0-122)
show less
Hacking
๐ซ๐ท
dynamix
2026-07-18 01:45:57
(1 day ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-18 01:17:22
(1 day ago)
(mod_security) mod_security (id:240335) triggered by 93.137.104.69 (93-137-104-69.adsl.net.t-com.hr) ...
show more
(mod_security) mod_security (id:240335) triggered by 93.137.104.69 (93-137-104-69.adsl.net.t-com.hr): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 17 21:17:13.764981 2026] [security2:error] [pid 1602462:tid 1602462] [client 93.137.104.69:54217] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.137.104.69 (+1 hits since last alert)|oakvillenaturopathicclinic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "oakvillenaturopathicclinic.com"] [uri "/xmlrpc.php"] [unique_id "alrUGYOIfOj_zEuzvKuaRAAAABE"]
show less
Brute-Force
Bad Web Bot
Web App Attack