JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 116.1.196.135

116.1.196.135 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 16%: ?

16%

ISP	CHINANET Guangxi province network
Usage Type	Fixed Line ISP
ASN	AS4134
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Nanning, Guangxi

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 116.1.196.135

Whois 116.1.196.135

IP Abuse Reports for 116.1.196.135:

This IP address has been reported a total of 9 times from 2 distinct sources. 116.1.196.135 was first reported on June 17th 2026, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 4server	2026-06-26 17:32:54 (23 hours ago)	[FriJun2619:32:48.2244312026][security2:error][pid1172612:tid1172631][client116.1.196.135:0]ModSecur ... show more [FriJun2619:32:48.2244312026][security2:error][pid1172612:tid1172631][client116.1.196.135:0]ModSecurity:Accessdeniedwithcode403$phase2$.Matchof\"rx$http://bsalsa\\\\\\\\.com\\|\^site24x7$\"against\"REQUEST_HEADERS:user-agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"comarcosa.com\"][uri\"/\"][unique_id\"aj63wPHyFYE1r46HMtDy5QAAANE\"]\,referer:https://comarcosa.com/ show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-23 02:45:15 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 22:44:59.938310 2026] [security2:error] [pid 7673:tid 7673] [client 116.1.196.135:1173] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|kaiyadunn.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kaiyadunn.com"] [uri "/"] [unique_id "ajnzKxR6L8a2xzVqSqaerwAAABs"], referer: http://kaiyadunn.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 23:46:43 (4 days ago)	(mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 19:46:35.948334 2026] [security2:error] [pid 30623:tid 30623] [client 116.1.196.135:3592] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.guardmagic.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.guardmagic.com"] [uri "/"] [unique_id "ajnJW8Dkm6MmTamK0_GWLgAAABE"], referer: https://www.guardmagic.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 02:12:11 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 22:12:07.628294 2026] [security2:error] [pid 6455:tid 6455] [client 116.1.196.135:1888] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|davisound.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "davisound.com"] [uri "/"] [unique_id "ajiZ991sw8jKclXDxiSgjwAAABc"], referer: https://davisound.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 19:43:08 (5 days ago)	(mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 15:43:02.282008 2026] [security2:error] [pid 25942:tid 25942] [client 116.1.196.135:4826] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.dave-curtis.com\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.dave-curtis.com"] [uri "/"] [unique_id "ajg-xu1FWghVXfpZQpHvbgAAAAc"], referer: http://www.dave-curtis.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 21:23:06 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 17:23:02.869583 2026] [security2:error] [pid 30298:tid 30298] [client 116.1.196.135:2925] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|meridianranchdrc.org\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "meridianranchdrc.org"] [uri "/"] [unique_id "ajRhtgER2VTJaZLiMG05GgAAAAU"], referer: https://meridianranchdrc.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 19:17:04 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 15:16:59.195299 2026] [security2:error] [pid 25177:tid 25188] [client 116.1.196.135:2097] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.peoplecomeup.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.peoplecomeup.net"] [uri "/"] [unique_id "ajREK3nh8CAtewGPnkBuiAAAAMg"], referer: http://www.peoplecomeup.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 21:47:09 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 17:47:02.357117 2026] [security2:error] [pid 10757:tid 10757] [client 116.1.196.135:2211] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|www.alameeran.net\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.alameeran.net"] [uri "/"] [unique_id "ajMV1szTJxAgJXBRZ1mcggAAAAE"], referer: http://www.alameeran.net/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 11:54:07 (1 week ago)	(mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210831) triggered by 116.1.196.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 07:53:59.700042 2026] [security2:error] [pid 18234:tid 18234] [client 116.1.196.135:0] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url\|user-Agent\|www\\\\.weblogs\\\\.com\|(?:jakart\|vi)a\|(google\|i{0,1}explorer{0,1}\\\\.exe\|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)\|\\\\bdatacha0s\\\\b\|; widows\|\\\\\\\\r\|a(?: href=\|d(?:sarobot\|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler\|\|ccamp.dev\|F\|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ccamp.dev"] [uri "/"] [unique_id "ajKK1xOZ9kPvjMi0dk86lQAAAAE"], referer: http://ccamp.dev/ show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.152

🇺🇸 147.185.132.143

🇺🇸 104.244.124.135

🇺🇸 93.152.5.169

🇳🇱 91.92.40.39

🇧🇬 79.124.56.238

🇺🇸 2607:f8b0:4004:1002::12a

🇳🇱 195.178.110.228

🇦🇺 170.64.154.53

🇺🇸 147.185.132.164

🇨🇳 121.196.227.86

🇭🇰 103.81.170.118

🇺🇸 3.95.38.74

🇺🇸 173.252.95.58

🇰🇷 121.188.193.96

🇨🇳 58.56.112.194

🇨🇳 8.138.104.235

🇨🇳 218.58.73.238

🇩🇪 213.209.159.228

🇳🇱 204.76.203.219