๐บ๐ธ
TPI-Abuse
2026-07-10 05:07:17
(16 hours ago)
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jul 10 01:07:08.708867 2026] [security2:error] [pid 27752:tid 27761] [client 116.113.28.66:38118] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||cheqs.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "cheqs.org"] [uri "/"] [unique_id "alB9_GAYOd3AZvEbMJWWCQAAAMc"], referer: https://cheqs.org/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-07 03:42:53
(3 days ago)
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jul 06 23:42:48.199590 2026] [security2:error] [pid 19638:tid 19638] [client 116.113.28.66:55113] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.champions-in-arms.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.champions-in-arms.com"] [uri "/"] [unique_id "akx1uF0APkttCWxr8R9FegAAAAw"], referer: http://www.champions-in-arms.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-16 08:12:39
(3 weeks ago)
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 04:12:35.136992 2026] [security2:error] [pid 18781:tid 18781] [client 116.113.28.66:15221] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||ramseysgalleryofstuff.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "ramseysgalleryofstuff.com"] [uri "/"] [unique_id "ajEFc1-lGXl2x_2Tu9felQAAAAc"], referer: http://ramseysgalleryofstuff.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-02 22:12:31
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 18:12:24.491060 2026] [security2:error] [pid 4670:tid 4670] [client 116.113.28.66:58970] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.daviddholt.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.daviddholt.com"] [uri "/index.htm"] [unique_id "ah9VSJWtEZQl8e1aSQRdgQAAAAU"], referer: http://www.daviddholt.com/index.htm
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-31 21:07:44
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 17:07:40.292392 2026] [security2:error] [pid 20536:tid 20536] [client 116.113.28.66:53831] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||mpservice.com.sv|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "mpservice.com.sv"] [uri "/"] [unique_id "ahyjHJyX4lgNmrxedSZAFwAAAAg"], referer: https://mpservice.com.sv/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐ฉ๐ช
4server
2026-05-22 22:26:47
(1 month ago)
[SatMay2300:26:43.1595352026][security2:error][pid17085:tid17152][client116.113.28.66:0]ModSecurity: ...
show more
[SatMay2300:26:43.1595352026][security2:error][pid17085:tid17152][client116.113.28.66:0]ModSecurity:Accessdeniedwithcode403\(phase2\).Matchof\"rx\(http://bsalsa\\\\\\\\.com\|\^site24x7\)\"against\"REQUEST_HEADERS:User-Agent\"required.[file\"/etc/apache2/conf.d/modsec_rules/20_asl_useragents.conf\"][line\"282\"][id\"330094\"][rev\"5\"][msg\"Atomicorp.comWAFRules:CompromisedUser-AgentAgentAttackblocked\"][severity\"CRITICAL\"][hostname\"www.mood4apps.com\"][uri\"/\"][unique_id\"ahDYI53Qzgst9XtjXIh1lQAAAIY\"]\,referer:http://www.mood4apps.com/
show less
Port Scan
Brute-Force
Web App Attack
๐จ๐ณ
ThreatBook.io
2026-05-15 00:28:25
(1 month ago)
ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/116.113.28.66
20 ...
show more
ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/116.113.28.66
2026-05-14 10:35:12 /sitemap.xml
show less
Web App Attack
๐จ๐ณ
ThreatBook.io
2026-05-07 01:10:53
(2 months ago)
ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/116.113.28.66
20 ...
show more
ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/116.113.28.66
2026-05-06 09:39:15 /sitemap.xml
show less
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-24 23:31:51
(2 months ago)
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 19:31:46.794535 2026] [security2:error] [pid 12264:tid 12264] [client 116.113.28.66:31575] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.seatbeltstatistics.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.seatbeltstatistics.org"] [uri "/"] [unique_id "aev9YgFfrOX_sSQOK885SwAAAAw"], referer: http://www.seatbeltstatistics.org/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-04-23 08:14:42
(2 months ago)
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 04:14:36.254096 2026] [security2:error] [pid 2649374:tid 2649374] [client 116.113.28.66:47485] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||pleasefixmycomputer.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "pleasefixmycomputer.com"] [uri "/"] [unique_id "aenU7Pklv31fD3vgtAQrkwAAAAE"], referer: http://pleasefixmycomputer.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-31 22:11:12
(5 months ago)
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 116.113.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 31 17:11:05.987957 2026] [security2:error] [pid 25566:tid 25566] [client 116.113.28.66:31535] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.drbolen.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.drbolen.com"] [uri "/"] [unique_id "aX59-SkAtk5_dcI_gJGLRwAAAAc"], referer: https://www.drbolen.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ณ
ThreatBook.io
2025-11-14 00:34:27
(7 months ago)
ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/116.113.28.66
20 ...
show more
ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/116.113.28.66
2025-11-13 09:56:08 /sitemap.xml
show less
Web App Attack
๐จ๐ณ
ThreatBook.io
2025-10-24 23:43:19
(8 months ago)
ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/116.113.28.66
20 ...
show more
ThreatBook Intelligence: vpn_proxy,Gateway more details on https://threatbook.io/ip/116.113.28.66
2025-10-24 03:18:38 /
show less
Web App Attack
๐จ๐ณ
ThreatBook.io
2025-09-05 00:16:03
(10 months ago)
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/116.113.28.66
2025-09-04 00 ...
show more
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/116.113.28.66
2025-09-04 00:29:44 /
2025-09-04 14:54:59 /config.json
show less
Web App Attack
๐จ๐ณ
ThreatBook.io
2025-07-28 23:50:05
(11 months ago)
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/116.113.28.66
2025-07-28 08 ...
show more
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/116.113.28.66
2025-07-28 08:27:32 /assets/img/touch-icon-192x192.png
show less
Web App Attack