Anonymous
2024-08-20 13:05:21
(1 month ago)
Malicious activity detected
Hacking
Web App Attack
TPI-Abuse
2024-08-20 12:35:27
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 20 08:35:21.368046 2024] [security2:error] [pid 30629:tid 30629] [client 173.252.107.113:57072] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.cityofhaleyville.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.cityofhaleyville.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "ZsSNiYDmXx0TEr46RWke5AAAABQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
Anonymous
2024-08-20 12:17:16
(1 month ago)
173.252.107.113 - - [20/Aug/2024:14:13:48 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/c ... show more 173.252.107.113 - - [20/Aug/2024:14:13:48 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/cybercrime/2019/01/two-factor-authentication-defeated-spotlight-2fas-latest-challenge/article.php?IdArticle=5815513&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [20/Aug/2024:14:14:30 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/article.php?IdArticle=4062062&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [20/Aug/2024:14:14:39 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/stalkerware/2019/07/helping-survivors-of-domestic-abuse-what-to-do-when-you-find-stalkerware/article.php?IdArticle=8288923&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [20/Aug/2024:14:15:45 +0200] "GET /blog/tag/'https:/b
... show less
Web App Attack
Sklurk
2024-08-20 07:47:47
(1 month ago)
Web App Attack
Web App Attack
Anonymous
2024-08-20 02:13:46
(1 month ago)
173.252.107.113 - - [20/Aug/2024:04:11:50 +0200] "GET /blog/author/'https:/blog.malwarebytes.co ... show more 173.252.107.113 - - [20/Aug/2024:04:11:50 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/business-2/2019/09/what-role-does-data-destruction-play-in-cybersecurity/article.php?IdArticle=8093237&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [20/Aug/2024:04:11:58 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/opinion/2020/02/why-managed-service-providers-msp-are-critical-for-business-continuity/article.php?IdArticle=8426086&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [20/Aug/2024:04:12:04 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/security-world/2019/01/week-security-january-21-27/article.php?IdArticle=3699782&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [20/Aug/2024:04:12:40 +0200] "GET /blog/t
... show less
Web App Attack
Anonymous
2024-08-19 16:11:32
(1 month ago)
173.252.107.113 - - [19/Aug/2024:18:07:45 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/s ... show more 173.252.107.113 - - [19/Aug/2024:18:07:45 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/security-world/2017/07/steelcon-mahkra-ni-orroz/index.php?IdFeed=37&Page=3 HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [19/Aug/2024:18:08:54 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/malwarebytes-news/2020/05/a-week-in-security-april-27-may-3-2/article.php?IdArticle=8549910&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [19/Aug/2024:18:09:32 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/threat-analysis/2021/01/retrohunting-apt37-north-korean-apt-used-vba-self-decode-technique-to-inject-rokrat/index.php?IdFeed=196&Tag=Ransomware HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [19/Aug/2024:18:10:19 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/cybercrime/
... show less
Web App Attack
TPI-Abuse
2024-08-19 09:15:05
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 19 05:14:56.111172 2024] [security2:error] [pid 886:tid 886] [client 173.252.107.113:59376] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.webflexdesign.co.uk|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.webflexdesign.co.uk"] [uri "/wp-json/wp/v2/users/6"] [unique_id "ZsMNEO17zXzA2EzwQmtcFQAAAAA"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-19 08:11:52
(1 month ago)
(mod_security) mod_security (id:225080) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:225080) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Aug 19 04:11:47.294269 2024] [security2:error] [pid 1417:tid 1417] [client 173.252.107.113:54686] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Match of "rx ^[\\\\d\\\\.ab]+$" against "ARGS_GET:C" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "143"] [id "225080"] [rev "1"] [msg "COMODO WAF: XSS vulnerability in Plupload before 2.1.9 or MediaElement.js before 2.21.0, as used in WordPress before 4.5.2 (CVE-2016-4566 & CVE-2016-4567)||cerrovictoria.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cerrovictoria.com"] [uri "/housingdeautor.com/WordPress/wp-includes/js/"] [unique_id "ZsL-Q0FTPe8Rvj00esTUcAAAAAs"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sklurk
2024-08-19 07:46:55
(1 month ago)
Web App Attack
Web App Attack
Cloutions
2024-08-19 07:38:00
(1 month ago)
Web attack and spam
Web Spam
Web App Attack
Cloutions
2024-08-19 07:38:00
(1 month ago)
Web attack and spam
Web Spam
Web App Attack
Anonymous
2024-08-19 06:07:09
(1 month ago)
173.252.107.113 - - [19/Aug/2024:08:03:44 +0200] "GET /blog/author/'https:/blog.malwarebytes.co ... show more 173.252.107.113 - - [19/Aug/2024:08:03:44 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/careers/2019/12/women-in-cybersecurity-wicys-veterans-program-bridge-skills-gap-diversify-sector/article.php?IdArticle=8406784&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [19/Aug/2024:08:03:57 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/cybercrime/2019/02/bogus-john-wick-3-ebooks/article.php?IdArticle=8321928&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [19/Aug/2024:08:05:41 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/security-world/week-in-security/2019/10/a-week-in-security-october-21-27/article.php?IdArticle=1371831&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [19/Aug/2024:08:05:41 +0200] "GET /blog/tag/'http
... show less
Web App Attack
ghostwarriors
2024-08-18 22:50:18
(1 month ago)
Webpage scraping
Brute-Force
Bad Web Bot
Web App Attack
ksol-hostmaster
2024-08-18 22:42:06
(1 month ago)
2024/08/19 00:42:05 [error] 52313#101281: *4874672 limiting requests, excess: 0.427 by zone "crawler ... show more 2024/08/19 00:42:05 [error] 52313#101281: *4874672 limiting requests, excess: 0.427 by zone "crawler", client: 173.252.107.113, server: crxforum.ksol.io, request: "GET /showTopic.php?topicId=565&action=showComment&commentUniqId=50f304ca1df48&seed=666a1b9f30989&fromWhere=showBookmarks HTTP/2.0", host: "crxforum.ksol.io"
... show less
Bad Web Bot
Anonymous
2024-08-18 20:02:44
(1 month ago)
173.252.107.113 - - [18/Aug/2024:22:00:05 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/s ... show more 173.252.107.113 - - [18/Aug/2024:22:00:05 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/security-world/2019/05/a-week-in-security-may-6-12/article.php?IdArticle=2235367&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [18/Aug/2024:22:00:35 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/a-week-in-security/2019/12/a-week-in-security-december-16-22/article.php?IdArticle=3700957&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [18/Aug/2024:22:01:28 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/podcast/2020/05/lock-and-code-s1ep7-sounding-the-trumpet-on-web-browser-privacy-with-pieter-arntz/article.php?IdArticle=8406889&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [18/Aug/2024:22:01:44 +0200] "GET /blog/tag/'https:/blog.m
... show less
Web App Attack