TPI-Abuse
2024-08-14 01:48:30
(1 month ago)
(mod_security) mod_security (id:210730) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:210730) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 21:48:22.556529 2024] [security2:error] [pid 29749:tid 29773] [client 173.252.107.113:35446] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||dasperformance.com|F|2"] [data ".das performance.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "dasperformance.com"] [uri "/the-harley-davidson-twin-cam/W WW.DAS performance.com"] [unique_id "ZrwM5m3PmDqbZ7q7m2nppAAAAJQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-13 23:55:19
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 19:55:13.768346 2024] [security2:error] [pid 21099:tid 21099] [client 173.252.107.113:47432] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.cvoguemag.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cvoguemag.com"] [uri "/NewHome/wp-json/wp/v2/users/1"] [unique_id "ZrvyYcpfUVvCFoIABW49LwAAABY"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-13 19:09:10
(1 month ago)
173.252.107.113 - - [13/Aug/2024:21:04:11 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/a ... show more 173.252.107.113 - - [13/Aug/2024:21:04:11 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/a-week-in-security/2020/05/a-week-in-security-may-11-may-17/article.php?IdArticle=8376419&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [13/Aug/2024:21:04:27 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/101/2020/10/amazon-prime-day-8-tips-for-safer-shopping/index.php?Tag=Guideline&Story=Wannacry HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [13/Aug/2024:21:06:20 +0200] "GET /blog/category/'https:/blog.malwarebytes.com/wp-content/uploads/2020/02/article.php?IdArticle=5955957&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [13/Aug/2024:21:08:01 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/security-world/2019/04/a-week-in-security-april
... show less
Web App Attack
Anonymous
2024-08-13 09:03:24
(1 month ago)
173.252.107.113 - - [13/Aug/2024:10:58:56 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/1 ... show more 173.252.107.113 - - [13/Aug/2024:10:58:56 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/101/2019/04/how-gamers-can-protect-against-increasing-cyberthreats/article.php?IdArticle=8404318&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [13/Aug/2024:10:59:11 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/opinion/2020/05/the-best-test-for-an-edr-solution-is-one-that-works-for-you/article.php?IdArticle=8401598&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [13/Aug/2024:10:59:12 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/malwarebytes-news/2020/12/malwarebytes-detects-leaked-tools-from-fireeye-breach/article.php?IdArticle=8404428&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [13/Aug/2024:11:00:14 +0200] "GET /blog/author/'https:/blo
... show less
Web App Attack
TPI-Abuse
2024-08-13 07:44:09
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 13 03:44:05.525302 2024] [security2:error] [pid 20988:tid 20988] [client 173.252.107.113:49284] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.goodacoustic.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.goodacoustic.com"] [uri "/wordpress/wp-json/wp/v2/users/1"] [unique_id "ZrsOxWJm2Y13p2Mjul4rfgAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sklurk
2024-08-13 07:14:18
(1 month ago)
Web App Attack
Web App Attack
Mendip_Defender
2024-08-13 05:14:01
(1 month ago)
173.252.107.113 - - [13/Aug/2024:06:14:04 +0100] "GET /lending-a-hand-at-d-day-commemorations-in-wes ... show more 173.252.107.113 - - [13/Aug/2024:06:14:04 +0100] "GET /lending-a-hand-at-d-day-commemorations-in-weston-super-mare/feed/ HTTP/1.0" 200 2131 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
... show less
Bad Web Bot
Anonymous
2024-08-12 22:58:53
(1 month ago)
173.252.107.113 - - [13/Aug/2024:00:55:54 +0200] "GET /blog/category/'https:/blog.malwarebytes. ... show more 173.252.107.113 - - [13/Aug/2024:00:55:54 +0200] "GET /blog/category/'https:/blog.malwarebytes.com/privacy-2/2019/08/data-and-device-security-domestic-abuse-survivors/article.php?IdArticle=8410649&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [13/Aug/2024:00:56:09 +0200] "GET /blog/category/'https:/blog.malwarebytes.com/security-world/week-in-security/2019/10/a-week-in-security-october-21-27/article.php?IdArticle=2403465&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [13/Aug/2024:00:56:32 +0200] "GET /blog/author/chromewebstore.google.com/article.php?IdArticle=4065114&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [13/Aug/2024:00:56:48 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/threat-analysis/2018/09/mass-wordpress-compromises-tech-supp
... show less
Web App Attack
Anonymous
2024-08-12 12:55:49
(1 month ago)
173.252.107.113 - - [12/Aug/2024:14:52:50 +0200] "GET /blog/author/'https:/blog.malwarebytes.co ... show more 173.252.107.113 - - [12/Aug/2024:14:52:50 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/android/2020/02/new-variant-of-android-trojan-xhelper-reinfects-with-help-from-google-play/article.php?IdArticle=8400424&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [12/Aug/2024:14:53:03 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/a-week-in-security/2020/09/a-round-up-of-the-previous-weeks-most-interesting-security-news-and-happenings/article.php?IdArticle=8404728&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [12/Aug/2024:14:54:25 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/social-engineering/2019/06/fresh-video-games-site-welcomes-new-users-with-steam-phish/article.php?IdArticle=8538282&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webm
... show less
Web App Attack
Sklurk
2024-08-12 06:55:49
(1 month ago)
Web App Attack
Web App Attack
pa4080
2024-08-12 05:31:51
(1 month ago)
Detected by ModSecurity. Request URI: /wp-json/wp/v2/posts/10353
Web App Attack
Anonymous
2024-08-12 02:52:36
(1 month ago)
173.252.107.113 - - [12/Aug/2024:04:49:44 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/e ... show more 173.252.107.113 - - [12/Aug/2024:04:49:44 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/explained/2020/01/explained-the-strengths-and-weaknesses-of-the-zero-trust-model/article.php?IdArticle=3652865&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [12/Aug/2024:04:50:20 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/101/2019/04/how-gamers-can-protect-against-increasing-cyberthreats/article.php?IdArticle=5605467&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [12/Aug/2024:04:50:24 +0200] "GET /blog/tag/'/\x5C'https:/t.me/article.php?IdArticle=2148006&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [12/Aug/2024:04:50:25 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/101/2019/04/how-gamers-can-protect-against-increasing-
... show less
Web App Attack
TPI-Abuse
2024-08-11 22:27:50
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 11 18:27:46.821329 2024] [security2:error] [pid 5150:tid 5150] [client 173.252.107.113:53936] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.takemehomedogrescue.org|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.takemehomedogrescue.org"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zrk64ldz1s8a2ASAVBqwOAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-11 16:48:38
(1 month ago)
173.252.107.113 - - [11/Aug/2024:18:47:03 +0200] "GET /blog/author/'https:/t.me/article.php?IdA ... show more 173.252.107.113 - - [11/Aug/2024:18:47:03 +0200] "GET /blog/author/'https:/t.me/article.php?IdArticle=2112029&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [11/Aug/2024:18:47:04 +0200] "GET /blog/category/'https:/blog.malwarebytes.com/reports/2019/08/capital-one-breach-exposes-over-100-million-credit-card-applications/article.php?IdArticle=4341903&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [11/Aug/2024:18:47:25 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/security-world/2019/01/week-security-december-31-2018-january-6-2019/article.php?IdArticle=8402993&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [11/Aug/2024:18:47:27 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/android/2020/02/new-variant-of-android-trojan-
... show less
Web App Attack
polido
2024-08-11 15:32:18
(1 month ago)
Unauthorized connection attempt to port 443 from 173.252.107.113
Port Scan