๐บ๐ธ
TPI-Abuse
2026-07-15 02:43:33
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 22:43:25.399857 2026] [security2:error] [pid 16448:tid 16448] [client 93.86.237.199:24614] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|coolcustomproducts.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "coolcustomproducts.com"] [uri "/xmlrpc.php"] [unique_id "albzzebDMULbXFNuQ1_DIQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-15 00:59:52
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 20:59:46.516813 2026] [security2:error] [pid 17287:tid 17289] [client 93.86.237.199:25117] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|campingcosmetics.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "campingcosmetics.com"] [uri "/xmlrpc.php"] [unique_id "albbgptYnodIuaNOcg-8rAAAAAA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 17:36:35
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 13:36:29.453791 2026] [security2:error] [pid 17395:tid 17395] [client 93.86.237.199:25011] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|38floorsupply.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "38floorsupply.com"] [uri "/xmlrpc.php"] [unique_id "alZznXJNVcOt6sXZfPvfEwAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 16:38:29
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 12:38:26.200363 2026] [security2:error] [pid 19897:tid 19897] [client 93.86.237.199:24746] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|lightbender.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lightbender.net"] [uri "/xmlrpc.php"] [unique_id "alZmAk9ew5ZT840S3PjINAAAAB4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 10:49:40
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 06:49:36.234435 2026] [security2:error] [pid 15953:tid 15953] [client 93.86.237.199:24749] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|desertautoworks.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "desertautoworks.com"] [uri "/xmlrpc.php"] [unique_id "alYUQJ7FcxqWaIekunhHIgAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 09:15:48
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 05:15:41.426476 2026] [security2:error] [pid 24737:tid 24737] [client 93.86.237.199:25339] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|agrollum.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "agrollum.com"] [uri "/xmlrpc.php"] [unique_id "alX-PWgyGURpa4azNGKeKgAAAAQ"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 05:45:56
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 01:45:49.120730 2026] [security2:error] [pid 17713:tid 17713] [client 93.86.237.199:25211] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|roguetechscene.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "roguetechscene.com"] [uri "/xmlrpc.php"] [unique_id "alXNDT48bvKa7TEG9oGrNQAAABA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 05:18:50
(3 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 01:18:42.551572 2026] [security2:error] [pid 25784:tid 25784] [client 93.86.237.199:25547] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|stacyfarm.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stacyfarm.com"] [uri "/xmlrpc.php"] [unique_id "alXGshoKQJjg37NyppS6SAAAAAk"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-14 04:14:59
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jul 14 00:14:56.090605 2026] [security2:error] [pid 2657:tid 2657] [client 93.86.237.199:25407] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|caddydad.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caddydad.com"] [uri "/xmlrpc.php"] [unique_id "alW3wKtFjG3nRA_CL4VCaQAAABM"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 21:54:05
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 17:53:58.783352 2026] [security2:error] [pid 2357865:tid 2357865] [client 93.86.237.199:24592] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|denkyusalesca.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "denkyusalesca.com"] [uri "/xmlrpc.php"] [unique_id "alVedqa-4eFtaNCId6ViUAAAAAE"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
ghostwarriors
2026-07-13 21:50:09
(4 days ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2026-07-13 21:20:08
(4 days ago)
Fail2Ban: WordPress XML-RPC brute-force attack detected.
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 19:52:52
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 15:52:47.911135 2026] [security2:error] [pid 8533:tid 8561] [client 93.86.237.199:25008] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|pref-realestate.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "pref-realestate.com"] [uri "/xmlrpc.php"] [unique_id "alVCD9KbJ7fKKLAzhMXbKwAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-13 18:34:20
(4 days ago)
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.teleko ...
show more
(mod_security) mod_security (id:240335) triggered by 93.86.237.199 (93-86-237-199.dynamic.isp.telekom.rs): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 13 14:34:14.853210 2026] [security2:error] [pid 26422:tid 26422] [client 93.86.237.199:25331] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 93.86.237.199 (+1 hits since last alert)|xcarsubscription.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "xcarsubscription.com"] [uri "/xmlrpc.php"] [unique_id "alUvpogL1FH6rOtsel5CcAAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ซ๐ท
dynamix
2026-07-13 18:27:18
(4 days ago)
WordPress XMLRPC Brute Force Attack
Brute-Force
Web App Attack