TPI-Abuse
2024-09-06 16:06:16
(1 week ago)
(mod_security) mod_security (id:210492) triggered by 172.70.46.13 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.46.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 06 12:06:03.870332 2024] [security2:error] [pid 19160:tid 19160] [client 172.70.46.13:50982] [client 172.70.46.13] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tek-front.com"] [uri "/core/.env.production"] [unique_id "Ztsoa6nH32XoREl6elL3pAAAAAI"] show less
Brute-Force
Bad Web Bot
Web App Attack
mawan
2024-09-02 01:08:41
(2 weeks ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
TPI-Abuse
2024-08-20 14:14:21
(3 weeks ago)
(mod_security) mod_security (id:240335) triggered by 172.70.46.13 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 172.70.46.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 10:14:13.398838 2024] [security2:error] [pid 2673783:tid 2673783] [client 172.70.46.13:37002] [client 172.70.46.13] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 136.144.190.69 (0+1 hits since last alert)|ruralcommunitycare.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ruralcommunitycare.org"] [uri "/xmlrpc.php"] [unique_id "ZsSktfUf3oSi6-_Gw8hyWQAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
Yepngo
2024-08-20 11:28:11
(3 weeks ago)
172.70.46.13 - - [20/Aug/2024:13:25:56 +0200] "POST /xmlrpc.php HTTP/2.0" 200 408 "-" "Mozilla/5.0 ( ... show more 172.70.46.13 - - [20/Aug/2024:13:25:56 +0200] "POST /xmlrpc.php HTTP/2.0" 200 408 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
172.70.46.13 - - [20/Aug/2024:13:28:10 +0200] "POST /xmlrpc.php HTTP/2.0" 200 408 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36"
... show less
Brute-Force
Web App Attack
mawan
2024-08-16 08:13:53
(1 month ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
URAN Publishing Service
2024-08-09 09:18:32
(1 month ago)
172.70.46.13 - - [09/Aug/2024:12:18:31 +0300] "GET /wp-includes/blocks/ HTTP/1.1" 404 282 "-" "pytho ... show more 172.70.46.13 - - [09/Aug/2024:12:18:31 +0300] "GET /wp-includes/blocks/ HTTP/1.1" 404 282 "-" "python-requests/2.27.1"
... show less
Web App Attack
URAN Publishing Service
2024-08-09 07:02:48
(1 month ago)
172.70.46.13 - - [09/Aug/2024:10:02:44 +0300] "GET /wp-admin/maint/ HTTP/1.1" 404 282 "-" "python-re ... show more 172.70.46.13 - - [09/Aug/2024:10:02:44 +0300] "GET /wp-admin/maint/ HTTP/1.1" 404 282 "-" "python-requests/2.27.1"
... show less
Web App Attack
URAN Publishing Service
2024-08-08 11:20:19
(1 month ago)
172.70.46.13 - - [08/Aug/2024:14:20:18 +0300] "GET /wp-admin/setup-config.php HTTP/1.1" 404 282 "-" ... show more 172.70.46.13 - - [08/Aug/2024:14:20:18 +0300] "GET /wp-admin/setup-config.php HTTP/1.1" 404 282 "-" "-"
172.70.46.13 - - [08/Aug/2024:14:20:18 +0300] "GET /wp-admin/install.php HTTP/1.1" 404 282 "-" "-"
... show less
Web App Attack
yukon.ca
2024-08-04 03:00:46
(1 month ago)
Web Server Enforcement Violation: Drupal Core Remote Code Execution (CVE-2018-7600)
Port:80
Hacking
Exploited Host
URAN Publishing Service
2024-07-31 21:24:09
(1 month ago)
172.70.46.13 - - [01/Aug/2024:00:20:18 +0300] "GET /wp-includes/customize/atomlib.php HTTP/1.1" 404 ... show more 172.70.46.13 - - [01/Aug/2024:00:20:18 +0300] "GET /wp-includes/customize/atomlib.php HTTP/1.1" 404 282 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
172.70.46.13 - - [01/Aug/2024:00:24:08 +0300] "GET /wp-admin/shell20211028.php HTTP/1.1" 404 282 "-" "Mozlila/5.0 (Linux; Android 7.0; SM-G892A Bulid/NRD90M; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/60.0.3112.107 Moblie Safari/537.36"
... show less
Web App Attack
ParaBug
2024-07-30 18:37:07
(1 month ago)
172.70.46.13 - - [30/Jul/2024:20:37:07 +0200] "GET /2020/wp-includes/wlwmanifest.xml HTTP/1.1" 403 3 ... show more 172.70.46.13 - - [30/Jul/2024:20:37:07 +0200] "GET /2020/wp-includes/wlwmanifest.xml HTTP/1.1" 403 399 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/95.0.4638.69 Safari/537.36"
... show less
Phishing
Brute-Force
Web App Attack
mawan
2024-07-29 07:52:59
(1 month ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
TPI-Abuse
2024-07-16 02:26:39
(2 months ago)
(mod_security) mod_security (id:210492) triggered by 172.70.46.13 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 172.70.46.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 15 22:26:34.915528 2024] [security2:error] [pid 27690] [client 172.70.46.13:22034] [client 172.70.46.13] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "antitribu.com"] [uri "/.env"] [unique_id "ZpXaWjXZo8xTic-af3mzVwAAAAE"] show less
Brute-Force
Bad Web Bot
Web App Attack
mawan
2024-07-13 05:19:25
(2 months ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
Yepngo
2024-07-10 13:51:34
(2 months ago)
172.70.46.13 - - [10/Jul/2024:15:13:40 +0200] "POST /wp-login.php HTTP/2.0" 200 9371 "-" "Mozilla/5. ... show more 172.70.46.13 - - [10/Jul/2024:15:13:40 +0200] "POST /wp-login.php HTTP/2.0" 200 9371 "-" "Mozilla/5.0"
172.70.46.13 - - [10/Jul/2024:15:51:34 +0200] "POST /wp-login.php HTTP/2.0" 200 9376 "-" "Mozilla/5.0"
... show less
Brute-Force
Web App Attack