Sklurk
2024-08-17 07:40:52
(4 weeks ago)
Web App Attack
Web App Attack
Anonymous
2024-08-17 03:39:49
(4 weeks ago)
173.252.107.113 - - [17/Aug/2024:05:36:11 +0200] "GET /blog/author/'https:/blog.malwarebytes.co ... show more 173.252.107.113 - - [17/Aug/2024:05:36:11 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/a-week-in-security/2020/02/a-week-in-security-february-10-16/'https:/blog.malwarebytes.com/101/business/2018/03/building-an-incident-response-program-creating-the-framework/index.php?IdFeed=71&Page=11 HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [17/Aug/2024:05:36:17 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/cybercrime/2019/01/luas-data-ransom-the-hacker-who-cried-wolf/article.php?IdArticle=8412854&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [17/Aug/2024:05:36:56 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/wp-content/uploads/2018/03/article.php?IdArticle=8453103&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [17
... show less
Web App Attack
Anonymous
2024-08-16 17:36:07
(4 weeks ago)
173.252.107.113 - - [16/Aug/2024:19:33:04 +0200] "GET /blog/author/'https:/blog.malwarebytes.co ... show more 173.252.107.113 - - [16/Aug/2024:19:33:04 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/social-engineering/2020/07/new-deepfakes-using-gan-digital-fakery/article.php?IdArticle=8449419&NoRedirect HTTP/1.1" 482 0 "-" "meta-externalagent/1.1 (+https://developers.facebook.com/docs/sharing/webmasters/crawler)"
173.252.107.113 - - [16/Aug/2024:19:33:51 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/privacy-2/2020/08/data-accountability-and-transparency-act-2020/article.php?IdArticle=942937&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [16/Aug/2024:19:34:58 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/101/business/2018/03/building-an-incident-response-program-creating-the-framework/chromewebstore.google.com/index.php?IdFeed=76&Page=25 HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [16/Aug/2024:19:35:00 +0200] "GET /blog/t
... show less
Web App Attack
TPI-Abuse
2024-08-16 16:24:43
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 12:24:38.082731 2024] [security2:error] [pid 14411:tid 14411] [client 173.252.107.113:50142] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.highgroundsconsulting.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.highgroundsconsulting.com"] [uri "/Introduction/wp-json/wp/v2/users/1"] [unique_id "Zr99RpVuDYnbJWIMVsh2IgAAAAQ"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-16 09:45:46
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:210730) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 05:45:38.905373 2024] [security2:error] [pid 17737:tid 17737] [client 173.252.107.113:42730] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||www.coolwebsites.org|F|2"] [data ".djstore.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.coolwebsites.org"] [uri "/www.djstore.com"] [unique_id "Zr8fwljCv0gRHz6JydVtfgAAABE"] show less
Brute-Force
Bad Web Bot
Web App Attack
TPI-Abuse
2024-08-16 07:57:21
(4 weeks ago)
(mod_security) mod_security (id:210730) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:210730) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 16 03:57:13.397711 2024] [security2:error] [pid 594:tid 594] [client 173.252.107.113:34948] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||www.phantomquailkennel.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.phantomquailkennel.com"] [uri "/[email protected] "] [unique_id "Zr8GWaqD7dB1YQZVTc6MLQAAABU"] show less
Brute-Force
Bad Web Bot
Web App Attack
Sklurk
2024-08-16 07:34:56
(4 weeks ago)
Web App Attack
Web App Attack
Anonymous
2024-08-16 07:30:36
(4 weeks ago)
173.252.107.113 - - [16/Aug/2024:09:27:01 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/w ... show more 173.252.107.113 - - [16/Aug/2024:09:27:01 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/wp-content/uploads/2018/03/article.php?IdArticle=733123&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [16/Aug/2024:09:28:05 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/security-world/week-in-security/2019/01/week-security-january-7-13/article.php?IdArticle=2505459&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [16/Aug/2024:09:28:09 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/ransomware/2020/10/smart-coffee-maker-ransomware/rss.php?IdFeed=200&Tag=Threat&Page=2 HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [16/Aug/2024:09:28:47 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/wp-content/uploads/2018/01/article.php?IdArticle=8298051&No
... show less
Web App Attack
Anonymous
2024-08-16 03:17:04
(4 weeks ago)
Malicious activity detected
Hacking
Web App Attack
polido
2024-08-16 00:33:59
(4 weeks ago)
Unauthorized connection attempt to port 443 from 173.252.107.113
Port Scan
Anonymous
2024-08-15 21:25:57
(4 weeks ago)
173.252.107.113 - - [15/Aug/2024:23:23:57 +0200] "GET /blog/author/'https:/blog.malwarebytes.co ... show more 173.252.107.113 - - [15/Aug/2024:23:23:57 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/a-week-in-security/2020/09/a-round-up-of-the-previous-weeks-most-interesting-security-news-and-happenings/article.php?IdArticle=4534733&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:23:23:59 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/explained/2020/02/harnessing-the-power-of-identity-management-idaas-in-the-cloud/article.php?IdArticle=2455689&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:23:24:22 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/101/business/2018/03/building-an-incident-response-program-creating-the-framework/chromewebstore.google.com/article.php?IdArticle=4930822&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.1
... show less
Web App Attack
TPI-Abuse
2024-08-15 20:27:06
(4 weeks ago)
(mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 ... show more (mod_security) mod_security (id:225170) triggered by 173.252.107.113 (fwdproxy-rva-113.fbsv.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Aug 15 16:27:00.570520 2024] [security2:error] [pid 392645:tid 392657] [client 173.252.107.113:55108] [client 173.252.107.113] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.rpiusa.net|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.rpiusa.net"] [uri "/wp-json/wp/v2/users/3"] [unique_id "Zr5klIO6t07uwTHFJTy9AAAAAMo"] show less
Brute-Force
Bad Web Bot
Web App Attack
Mendip_Defender
2024-08-15 14:05:44
(4 weeks ago)
173.252.107.113 - - [15/Aug/2024:15:05:47 +0100] "GET /?p=2444 HTTP/1.0" 301 967 "-" "facebookextern ... show more 173.252.107.113 - - [15/Aug/2024:15:05:47 +0100] "GET /?p=2444 HTTP/1.0" 301 967 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
... show less
Bad Web Bot
Anonymous
2024-08-15 11:23:53
(4 weeks ago)
173.252.107.113 - - [15/Aug/2024:13:19:36 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/r ... show more 173.252.107.113 - - [15/Aug/2024:13:19:36 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/ransomware/2020/06/sodinokibi-ransomware-gang-auctions-off-stolen-data/article.php?IdArticle=8404250&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:13:20:28 +0200] "GET /blog/tag/'https:/blog.malwarebytes.com/wp-content/uploads/2019/03/article.php?IdArticle=936364&NoRedirect HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:13:21:12 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/cybercrime/2018/09/emotet-rise-heavy-spam-campaign/index.php?IdFeed=160&Tag=Cloud HTTP/1.1" 482 0 "-" "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)"
173.252.107.113 - - [15/Aug/2024:13:21:36 +0200] "GET /blog/author/'https:/blog.malwarebytes.com/a-week-in-security/2019/12/a-week-in-security-december-23-29/index.ph
... show less
Web App Attack
Sklurk
2024-08-15 07:19:50
(1 month ago)
Web App Attack
Web App Attack