TPI-Abuse
2024-08-16 07:57:21
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:210730) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 03:57:13.397711 2024] [security2:error] [pid 594:tid 594] [client 173.252.107.113:34948] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.phantomquailkennel.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.phantomquailkennel.com"] [uri "/[email protected] "] [unique_id "Zr8GWaqD7dB1YQZVTc6MLQAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sklurk
2024-08-16 07:34:56
(1 month ago)
Web App Attack
Web App Attack
Anonymous
2024-08-16 07:30:36
(1 month ago)
173.252.107.113 - - [16/Aug/2024:09:27:01 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/w ... show more 173.252.107.113 - - [16/Aug/2024:09:27:01 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/wp-content/uploads/2018/03/article.php?IdArticle=733123&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [16/Aug/2024:09:28:05 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/security-world/week-in-security/2019/01/week-security-january-7-13/article.php?IdArticle=2505459&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [16/Aug/2024:09:28:09 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/ransomware/2020/10/smart-coffee-maker-ransomware/rss.php?IdFeed=200&Tag=Threat&Page=2 HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [16/Aug/2024:09:28:47 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/wp-content/uploads/2018/01/article.php?IdArticle=8298051&No
... show less
Web App Attack
Anonymous
2024-08-16 03:17:04
(1 month ago)
Malicious activity detected
Hacking
Web App Attack
polido
2024-08-16 00:33:59
(1 month ago)
Unauthorized connection attempt to port 443 from 173.252.107.113
Port Scan
Anonymous
2024-08-15 21:25:57
(1 month ago)
173.252.107.113 - - [15/Aug/2024:23:23:57 +0200] "GET /blog/author/'https:/blog.malwarebytes.co ... show more 173.252.107.113 - - [15/Aug/2024:23:23:57 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/a-week-in-security/2020/09/a-round-up-of-the-previous-weeks-most-interesting-security-news-and-happenings/article.php?IdArticle=4534733&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:23:23:59 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/explained/2020/02/harnessing-the-power-of-identity-management-idaas-in-the-cloud/article.php?IdArticle=2455689&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:23:24:22 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/101/business/2018/03/building-an-incident-response-program-creating-the-framework/chromewebstore.google.com/article.php?IdArticle=4930822&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.1
... show less
Web App Attack
TPI-Abuse
2024-08-15 20:27:06
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 16:27:00.570520 2024] [security2:error] [pid 392645:tid 392657] [client 173.252.107.113:55108] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rpiusa.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rpiusa.net"] [uri "/wp-json/wp/v2/users/3"] [unique_id "Zr5klIO6t07uwTHFJTy9AAAAAMo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Mendip_Defender
2024-08-15 14:05:44
(1 month ago)
173.252.107.113 - - [15/Aug/2024:15:05:47 +0100] "GET /?p=2444 HTTP/1.0" 301 967 "-" "facebookextern ... show more 173.252.107.113 - - [15/Aug/2024:15:05:47 +0100] "GET /?p=2444 HTTP/1.0" 301 967 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
... show less
Bad Web Bot
Anonymous
2024-08-15 11:23:53
(1 month ago)
173.252.107.113 - - [15/Aug/2024:13:19:36 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/r ... show more 173.252.107.113 - - [15/Aug/2024:13:19:36 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/ransomware/2020/06/sodinokibi-ransomware-gang-auctions-off-stolen-data/article.php?IdArticle=8404250&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:13:20:28 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/wp-content/uploads/2019/03/article.php?IdArticle=936364&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:13:21:12 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/cybercrime/2018/09/emotet-rise-heavy-spam-campaign/index.php?IdFeed=160&Tag=Cloud HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:13:21:36 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/a-week-in-security/2019/12/a-week-in-security-december-23-29/index.ph
... show less
Web App Attack
Sklurk
2024-08-15 07:19:50
(1 month ago)
Web App Attack
Web App Attack
Anonymous
2024-08-15 01:16:54
(1 month ago)
173.252.107.113 - - [15/Aug/2024:03:15:14 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/w ... show more 173.252.107.113 - - [15/Aug/2024:03:15:14 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/wp-content/uploads/2018/03/article.php?IdArticle=6660243&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:03:15:22 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/malwarebytes-news/ctnt-report/2019/01/2019-state-malware-report-trojans-cryptominers-dominate-threat-landscape/article.php?IdArticle=8356176&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:03:15:59 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/article.php?IdArticle=2901009&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:03:16:20 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/a-week-in-security
... show less
Web App Attack
Anonymous
2024-08-14 15:14:11
(1 month ago)
173.252.107.113 - - [14/Aug/2024:17:11:21 +0200] "GET /blog/category/'https:/blog.malwarebytes. ... show more 173.252.107.113 - - [14/Aug/2024:17:11:21 +0200] "GET /blog/category/'https:/blog.malwarebytes.com/cybercrime/2019/01/two-factor-authentication-defeated-spotlight-2fas-latest-challenge/\x5C'https:/t.me/article.php?IdArticle=783311&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [14/Aug/2024:17:12:13 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/a-week-in-security/2019/09/a-week-in-security-september-16-22/article.php?IdArticle=4302958&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [14/Aug/2024:17:12:45 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/privacy-2/2019/06/hyperlink-auditing-where-has-my-option-to-disable-it-gone/article.php?IdArticle=8402304&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [14/Aug/2024:17:13:02 +0200] "GET /b
... show less
Web App Attack
TPI-Abuse
2024-08-14 12:40:14
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:210730) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 14 08:40:07.079864 2024] [security2:error] [pid 1310148:tid 1310148] [client 173.252.107.113:40152] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dailybeautysupply.com|F|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dailybeautysupply.com"] [uri "/store/c2/Hair_Care.html/&sa=U&ved=2ahUKEwiA89iT0uzzAhXVbCsKHbeFA2IQFnoECBsQAg&usg=AOvVaw1lKcn-WLWFamr6RcENDbdH/magmi/conf/magmi.ini"] [unique_id "Zrylp0hFeunZHneT2VeddQAAABI"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sklurk
2024-08-14 07:16:06
(1 month ago)
Web App Attack
Web App Attack
Anonymous
2024-08-14 05:10:47
(1 month ago)
173.252.107.113 - - [14/Aug/2024:07:09:10 +0200] "GET /blog/author/'https:/blog.malwarebytes.co ... show more 173.252.107.113 - - [14/Aug/2024:07:09:10 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/cybercrime/2019/05/whatsapp-fix-goes-live-after-targeted-attack-on-human-rights-lawyer/rss.php?IdFeed=200&Page=1 HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [14/Aug/2024:07:09:22 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/101/2019/03/new-research-finds-hospitals-are-easy-targets-for-phishing-attacks/article.php?IdArticle=7710213&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [14/Aug/2024:07:10:13 +0200] "GET /blog/category/'https:/blog.malwarebytes.com/podcast/2020/08/lock-and-code-s1ep13-monitoring-the-safety-of-parental-monitoring-apps-with-emory-roane/article.php?IdArticle=2890554&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [14/A
... show less
Web App Attack