speedtaq.com
2023-12-19 20:32:37
(1 year ago)
173.239.211.130 - - [19/Dec/2023:21:32:34 +0100] "GET /wp-content/plugins/Cache/Cache.php HTTP/1.1" ... show more 173.239.211.130 - - [19/Dec/2023:21:32:34 +0100] "GET /wp-content/plugins/Cache/Cache.php HTTP/1.1" 404 275222 "http://speedtaq.com//wp-content/plugins/Cache/Cache.php" "Go-http-client/1.1" show less
Bad Web Bot
Hirte
2023-12-19 13:35:29
(1 year ago)
ABV: Web Attack GET /autor-in/deon-meyer//wp-includes/css/dist/editor/fxp.php
Web Spam
Hacking
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-18 14:14:23
(1 year ago)
(mod_security) mod_security (id:240335) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 18 09:14:10.922749 2023] [security2:error] [pid 12239] [client 173.239.211.130:61549] [client 173.239.211.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 173.239.211.130 (+1 hits since last alert)|tedharris.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tedharris.com"] [uri "/xmlrpc.php"] [unique_id "ZYBTshVkJnmdFlH7GhwJLgAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
mnsf
2023-12-18 03:03:26
(1 year ago)
Too many Status 40X (98)
Request Overload (102)
Brute-Force
Web App Attack
TPI-Abuse
2023-12-18 02:32:03
(1 year ago)
(mod_security) mod_security (id:210492) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 17 21:31:59.325513 2023] [security2:error] [pid 25724] [client 173.239.211.130:64755] [client 173.239.211.130] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ferrarapanfitness.com"] [uri "/.env"] [unique_id "ZX-vH8a0UFujGMNeeU8sawAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-18 01:01:43
(1 year ago)
(mod_security) mod_security (id:240335) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 17 20:01:37.006391 2023] [security2:error] [pid 4491] [client 173.239.211.130:4697] [client 173.239.211.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 173.239.211.130 (+1 hits since last alert)|www.abilityengraving.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.abilityengraving.com"] [uri "/xmlrpc.php"] [unique_id "ZX-Z8YUG6RIHovq-qfB3tQAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
mawan
2023-12-17 15:59:16
(1 year ago)
Suspected of having performed illicit activity on LAX server.
Web App Attack
TPI-Abuse
2023-12-17 10:55:32
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 17 05:54:05.351256 2023] [security2:error] [pid 19321] [client 173.239.211.130:33431] [client 173.239.211.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.godcanuseyou.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.godcanuseyou.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZX7TTQ_1kX2_A5QBdiPXrAAAAAg"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-17 05:25:41
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 17 00:24:15.483078 2023] [security2:error] [pid 8629] [client 173.239.211.130:24887] [client 173.239.211.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.investorscalifornia.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.investorscalifornia.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZX6F_xU-JBG-Gr10qsb4pgAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
uhlhosting
2023-12-16 20:41:00
(1 year ago)
idleslidegloves.com 173.239.211.130 - - [16/Dec/2023:21:40:54.418563 +0100] "GET / HTTP/1.1" 403 199 ... show more idleslidegloves.com 173.239.211.130 - - [16/Dec/2023:21:40:54.418563 +0100] "GET / HTTP/1.1" 403 199 "-" "-" ZX4LVuX9OiILipHaVScirgAAAAM "-" /apache/20231216/20231216-2140/20231216-214054-ZX4LVuX9OiILipHaVScirgAAAAM 0 1730 md5:88f1d265c71ebf8f92b3ca0431d2a764
idleslidegloves.com 173.239.211.130 - - [16/Dec/2023:21:40:55.729972 +0100] "GET / HTTP/1.1" 403 199 "-" "-" ZX4LV-X9OiILipHaVScirwAAABE "-" /apache/20231216/20231216-2140/20231216-214055-ZX4LV-X9OiILipHaVScirwAAABE 0 1703 md5:954a4485d2c7a1eb275d1d36ae2d3031
idleslidegloves.com 173.239.211.130 - - [16/Dec/2023:21:40:57.144144 +0100] "GET / HTTP/1.1" 403 199 "-" "-" ZX4LWeX9OiILipHaVScisAAAAAQ "-" /apache/20231216/20231216-2140/20231216-214057-ZX4LWeX9OiILipHaVScisAAAAAQ 0 1753 md5:428c0fc4283315d6b069385c8438e41c
idleslidegloves.com 173.239.211.130 - - [16/Dec/2023:21:40:59.011531 +0100] "GET / HTTP/1.1" 403 199 "-" "-" ZX4LW-X9OiILipHaVScisQAAABM "-" /apache/20231216/20231216-2140/20231216-214059-ZX4LW-X9OiILipHaVScisQAAABM 0
... show less
DDoS Attack
Brute-Force
TPI-Abuse
2023-12-16 18:15:21
(1 year ago)
(mod_security) mod_security (id:240335) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 16 13:15:17.258608 2023] [security2:error] [pid 6270] [client 173.239.211.130:15931] [client 173.239.211.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 173.239.211.130 (+1 hits since last alert)|www.purewildoregon.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.purewildoregon.com"] [uri "/xmlrpc.php"] [unique_id "ZX3pNepEgkYUboHAzH8hzwAAAA8"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-16 16:22:30
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 16 11:22:06.635407 2023] [security2:error] [pid 11734] [client 173.239.211.130:54881] [client 173.239.211.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||investorsfundingusa.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "investorsfundingusa.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZX3OrgreiAwpwsfMhnWOuwAAAA0"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-16 12:26:47
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 16 07:26:39.561633 2023] [security2:error] [pid 5297:tid 47853973395200] [client 173.239.211.130:41269] [client 173.239.211.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ward-bergerhouse.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ward-bergerhouse.org"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZX2XfzfZhnNEGu_V1Cu7kQAAARY"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-16 07:37:05
(1 year ago)
(mod_security) mod_security (id:240335) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Dec 16 02:36:54.861093 2023] [security2:error] [pid 6071:tid 47608682804992] [client 173.239.211.130:64151] [client 173.239.211.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 173.239.211.130 (+1 hits since last alert)|honeyled.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "honeyled.com"] [uri "/xmlrpc.php"] [unique_id "ZX1TljzgIXroAn1zZ_XLpQAAAJA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2023-12-16 04:20:48
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in ... show more (mod_security) mod_security (id:225170) triggered by 173.239.211.130 (m49.asuswebstorage.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Dec 15 23:19:50.803265 2023] [security2:error] [pid 28908] [client 173.239.211.130:34677] [client 173.239.211.130] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.sparler.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.sparler.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "ZX0lZh_Rcycv2wluLmBz7AAAAAo"] show less
Brute-Force
Bad Web Bot
Web App Attack