๐บ๐ธ
TPI-Abuse
2026-07-05 19:39:04
(8 hours ago)
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jul 05 15:38:57.752167 2026] [security2:error] [pid 4814:tid 4814] [client 120.239.28.140:15173] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.36hoursonly.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.36hoursonly.com"] [uri "/"] [unique_id "akqy0bsbc_ctA0BVHxXdiAAAAAc"], referer: http://www.36hoursonly.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-26 06:00:34
(1 week ago)
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 02:00:27.318273 2026] [security2:error] [pid 24169:tid 24169] [client 120.239.28.140:10591] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.bvnboysbasketball.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.bvnboysbasketball.com"] [uri "/"] [unique_id "aj4Ve7NqcYNzfJIQvCGkcAAAACs"], referer: http://www.bvnboysbasketball.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-21 19:08:15
(2 weeks ago)
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 15:08:08.064474 2026] [security2:error] [pid 23827:tid 23827] [client 120.239.28.140:4299] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.dentsville398.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.dentsville398.org"] [uri "/"] [unique_id "ajg2mMiLVhyuM_J50mfRwwAAAAY"], referer: http://www.dentsville398.org/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-19 23:39:38
(2 weeks ago)
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 19:39:32.799643 2026] [security2:error] [pid 437:tid 437] [client 120.239.28.140:10542] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.adoniahenterprises.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.adoniahenterprises.com"] [uri "/"] [unique_id "ajXTNB0QfhhSdCSkcxvD5QAAAAE"], referer: https://www.adoniahenterprises.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-04 19:52:44
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 15:52:39.816532 2026] [security2:error] [pid 13090:tid 13090] [client 120.239.28.140:4877] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.jillbauman.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.jillbauman.com"] [uri "/"] [unique_id "aiHXh8mQdBieb7u4hx5HyAAAAAA"], referer: https://www.jillbauman.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-30 19:52:21
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 15:52:14.972921 2026] [security2:error] [pid 16399:tid 16399] [client 120.239.28.140:5109] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||lukeschicago.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "lukeschicago.com"] [uri "/"] [unique_id "ahs_7k3LtWBOIMRSR30wmQAAAAA"], referer: https://lukeschicago.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-29 21:06:00
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 17:05:54.994566 2026] [security2:error] [pid 4836:tid 4836] [client 120.239.28.140:20277] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||airtechconsulting.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "airtechconsulting.com"] [uri "/"] [unique_id "ahn_shPUy1v27xs2FsMHaQAAAAU"], referer: https://airtechconsulting.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-22 18:48:33
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 14:48:29.177693 2026] [security2:error] [pid 25525:tid 25525] [client 120.239.28.140:9223] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||jiggajones.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "jiggajones.com"] [uri "/index.html"] [unique_id "ahCk_WFz6QO0p2wdAX1rrwAAAFc"], referer: https://jiggajones.com/index.html
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-17 10:24:24
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 06:24:18.229633 2026] [security2:error] [pid 20610:tid 20610] [client 120.239.28.140:1699] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||protonmultimedia.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "protonmultimedia.com"] [uri "/"] [unique_id "agmXUmSBHbtCytU6DlaQdQAAAAA"], referer: http://protonmultimedia.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-03-14 21:54:51
(3 months ago)
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Por ...
show more
(mod_security) mod_security (id:210831) triggered by 120.239.28.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 17:54:44.670124 2026] [security2:error] [pid 20570:tid 20570] [client 120.239.28.140:5238] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||alexetjeremy.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "alexetjeremy.com"] [uri "/"] [unique_id "abXZJGMwtT3UDCQA98brsAAAAAc"], referer: http://alexetjeremy.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ณ
ThreatBook.io
2025-11-18 00:52:51
(7 months ago)
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.140
2025-11-17 1 ...
show more
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.140
2025-11-17 12:39:29 /sitemap.xml
show less
Web App Attack
๐จ๐ณ
ThreatBook.io
2025-11-15 00:50:43
(7 months ago)
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.140
2025-11-14 2 ...
show more
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.140
2025-11-14 22:40:32 /
show less
Web App Attack
๐จ๐ณ
ThreatBook.io
2025-08-02 00:28:56
(11 months ago)
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.140
2025-08-01 0 ...
show more
ThreatBook Intelligence: Gateway more details on http://threatbook.io/ip/120.239.28.140
2025-08-01 07:25:37 /config.json
show less
Web App Attack
๐จ๐ณ
ThreatBook.io
2025-04-01 02:03:40
(1 year ago)
ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/120.239.28.140
2025- ...
show more
ThreatBook Intelligence: Zombie,Mobile more details on https://threatbook.io/ip/120.239.28.140
2025-03-31 11:56:04 /config.json
show less
Web App Attack