This IP address has been reported a total of
38
times from
28 distinct
sources.
116.204.104.27 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -93.552 (Bad < -10 / Very Bad < -20 ...
show moreBot/Spam/Scrapper attack detected on www.handytreff.de - Score: -93.552 (Bad < -10 / Very Bad < -20 / Extreme < -35) | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.
show less
stkildashule.org.au:443 116.204.104.27 - - [23/Jun/2026:08:15:07 +1000] "GET /ip HTTP/1.1" 404 49598 ...
show morestkildashule.org.au:443 116.204.104.27 - - [23/Jun/2026:08:15:07 +1000] "GET /ip HTTP/1.1" 404 49598 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36"
...
show less
Web App Attack
Anonymous
Attribution: mikhail-smirnov-79830323 (LinkedIn/profile ID) employed by Angara Technologies Group (E ...
show moreAttribution: mikhail-smirnov-79830323 (LinkedIn/profile ID) employed by Angara Technologies Group (Explicitly identified himself as enemy a week before attack began) | Aggressive search filter manipulation / web scraper probe on port 443 | URI: Excessive filters used: /brands/kramer/amplifiers/shopby/manufacturer-kramer.html?SID=4a4ec38ff2032d0505b232d203765b12&dir=asc&mode=list&order=most_viewed&p=4&rating=6&stock=1 | UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/149.0.0.0 Safari/537.36 | (Magento Site)
show less
(mod_security) mod_security (id:100011) triggered by 116.204.104.27: 1 in the last 86400 secs; Ports ...
show more(mod_security) mod_security (id:100011) triggered by 116.204.104.27: 1 in the last 86400 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Wed Jun 10 22:58:28.691025 2026] [security2:error] [pid 1859163:tid 1859181] [remote 116.204.104.27:53324] ModSecurity: Access denied with code 403 (phase 1). Pattern match "(www\\\\.)?ftiaxtomonosou\\\\.gr" at SERVER_NAME. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "54"] [id "100011"] [msg "CSF-TRIGGER: Country Block CN/SG for ftiaxtomonosou.gr"] [hostname "www.ftiaxtomonosou.gr"] [uri "/tag/pellets/"] [unique_id "ainB5EcRGABfnax9yYgFBAAACA4"]
show less
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: CHALLENGE
Protocol: HTTP/1.1 (GET m ...
show moreTriggered Cloudflare WAF (firewallCustom) from CN.
Action taken: CHALLENGE
Protocol: HTTP/1.1 (GET method)
Endpoint: /ip
UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less