πΊπΈ
TPI-Abuse
2026-06-18 20:33:36
(3 weeks ago)
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 16:33:22.545734 2026] [security2:error] [pid 18380:tid 18380] [client 119.39.193.131:23919] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||craftammie.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "craftammie.com"] [uri "/"] [unique_id "ajRWEoSN53P_SsG48uP8XAAAAAk"], referer: http://craftammie.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-17 02:19:34
(4 weeks ago)
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 22:19:25.032115 2026] [security2:error] [pid 15019:tid 15019] [client 119.39.193.131:25531] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.dixieaire.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.dixieaire.com"] [uri "/"] [unique_id "ajIELbiIhFzvroVC48d-kQAAABQ"], referer: http://www.dixieaire.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-12 03:34:38
(1 month ago)
(mod_security) mod_security (id:949110) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:949110) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 23:34:26.055683 2026] [security2:error] [pid 23162:tid 23162] [client 119.39.193.131:24279] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.justinpenney.com"] [uri "/"] [unique_id "ait-Qj_Vy4EHxNfKn90wrAAAAAg"], referer: https://www.justinpenney.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-10 19:28:31
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 15:28:19.608598 2026] [security2:error] [pid 20401:tid 20401] [client 119.39.193.131:24292] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.btsalesrep.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.btsalesrep.com"] [uri "/"] [unique_id "aim60wmDRLfKICoV5BOj-QAAAAQ"], referer: http://www.btsalesrep.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-29 19:25:47
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 15:25:35.254481 2026] [security2:error] [pid 27302:tid 27302] [client 119.39.193.131:20935] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||syconline.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "syconline.com"] [uri "/"] [unique_id "ahnoLwMKzpgJGdU1VMe0OwAAAAA"], referer: http://syconline.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-25 01:59:46
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 21:59:36.794872 2026] [security2:error] [pid 2044:tid 2044] [client 119.39.193.131:20355] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||folkdancers.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "folkdancers.org"] [uri "/index.html"] [unique_id "ahOtCO5O4MaYlv3EIp04jwAAABE"], referer: http://folkdancers.org/index.html
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-23 21:14:15
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 23 17:14:04.393151 2026] [security2:error] [pid 17343:tid 17343] [client 119.39.193.131:24239] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||groz.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "groz.net"] [uri "/"] [unique_id "ahIYnGxhwbET9lLrI4mfRAAAAAA"], referer: http://groz.net/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-22 21:56:50
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 17:56:40.808063 2026] [security2:error] [pid 13792:tid 13792] [client 119.39.193.131:20308] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||cameronwv.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "cameronwv.com"] [uri "/"] [unique_id "ahDRGGa1wtpSZVCqVYMUjAAAAAI"], referer: https://cameronwv.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-22 20:55:59
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 16:55:50.924470 2026] [security2:error] [pid 24694:tid 24694] [client 119.39.193.131:21459] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||anthraxbooks.info|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "anthraxbooks.info"] [uri "/"] [unique_id "ahDC1iWvXqnTPlt4P3UUiAAAAAc"], referer: http://anthraxbooks.info/
show less
Brute-Force
Bad Web Bot
Web App Attack
π¨π³
ThreatBook.io
2026-05-12 22:44:28
(2 months ago)
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/119.39.193.131
2026-05-12 1 ...
show more
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/119.39.193.131
2026-05-12 16:12:43 /config.json
2026-05-12 22:36:30 /
show less
Web App Attack
π¨π³
ThreatBook.io
2026-05-10 22:44:18
(2 months ago)
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/119.39.193.131
2026-05-10 0 ...
show more
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/119.39.193.131
2026-05-10 07:30:12 /robots.txt
show less
Web App Attack
π¨π³
ThreatBook.io
2026-05-09 22:44:54
(2 months ago)
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/119.39.193.131
2026-05-09 1 ...
show more
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/119.39.193.131
2026-05-09 12:36:33 /favicon.ico
2026-05-09 10:42:48 /
show less
Web App Attack
πΊπΈ
TPI-Abuse
2026-01-28 01:41:35
(5 months ago)
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 119.39.193.131 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jan 27 20:41:26.313065 2026] [security2:error] [pid 4417:tid 4417] [client 119.39.193.131:3891] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||kirt.us|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "kirt.us"] [uri "/"] [unique_id "aXlpRujWoSAb3x0-q_rAmQAAAAE"], referer: http://kirt.us/
show less
Brute-Force
Bad Web Bot
Web App Attack