๐บ๐ธ
TPI-Abuse
2026-07-09 03:00:43
(3 days ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 23:00:38.644435 2026] [security2:error] [pid 442730:tid 442730] [client 120.82.83.126:23754] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.coffeewitheinstein.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.coffeewitheinstein.com"] [uri "/"] [unique_id "ak8O1gFI3vlgRXiC6dv0uAAAAAc"], referer: http://www.coffeewitheinstein.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-07-08 23:33:15
(4 days ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jul 08 19:33:07.897331 2026] [security2:error] [pid 10203:tid 10203] [client 120.82.83.126:20521] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.thelittleprince.net|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.thelittleprince.net"] [uri "/"] [unique_id "ak7eM0fYIJnCc2y5hPGykAAAAAw"], referer: http://www.thelittleprince.net/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 02:12:32
(2 weeks ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 22:12:28.655891 2026] [security2:error] [pid 27957:tid 27957] [client 120.82.83.126:55561] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||roachranch.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "roachranch.com"] [uri "/"] [unique_id "ajiaDLHmrQnGK1UEJtThuAAAABA"], referer: http://roachranch.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-22 01:43:30
(2 weeks ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 21:43:23.669946 2026] [security2:error] [pid 23224:tid 23224] [client 120.82.83.126:57208] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||yvonnebraden.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "yvonnebraden.com"] [uri "/"] [unique_id "ajiTO5LRmSoFptF8ZiZzywAAAB4"], referer: http://yvonnebraden.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-19 23:56:53
(3 weeks ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 19:56:49.764551 2026] [security2:error] [pid 2274:tid 2274] [client 120.82.83.126:55429] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.swcbsa.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.swcbsa.org"] [uri "/"] [unique_id "ajXXQTsXuhvOftDZmyhq8wAAAAI"], referer: https://www.swcbsa.org/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-19 21:48:57
(3 weeks ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 17:48:50.985704 2026] [security2:error] [pid 19546:tid 19546] [client 120.82.83.126:55945] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||allyne.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "allyne.com"] [uri "/"] [unique_id "ajW5QmhIAgzul9fBZyxe6gAAAA4"], referer: http://allyne.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-06-13 20:20:55
(4 weeks ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 16:20:48.841722 2026] [security2:error] [pid 15417:tid 15417] [client 120.82.83.126:26079] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||tribwatch.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "tribwatch.com"] [uri "/"] [unique_id "ai27oIdKnmKtokRpl66QuwAAABM"], referer: https://tribwatch.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-18 21:44:17
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 18 17:44:09.299218 2026] [security2:error] [pid 9072:tid 9072] [client 120.82.83.126:47991] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||caminorfoundation.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "caminorfoundation.org"] [uri "/"] [unique_id "aguIKeD5rGgvrnx83XNHeAAAAA8"], referer: http://caminorfoundation.org/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-18 21:15:27
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 18 17:15:21.263115 2026] [security2:error] [pid 26189:tid 26189] [client 120.82.83.126:46311] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||aquatech-ind.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "aquatech-ind.com"] [uri "/index.html"] [unique_id "aguBab7uTCjY9J66UnFiIgAAAAQ"], referer: http://aquatech-ind.com/index.html
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-05-18 20:17:09
(1 month ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 18 16:17:02.763853 2026] [security2:error] [pid 21749:tid 21749] [client 120.82.83.126:46952] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.shofarmusic.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.shofarmusic.com"] [uri "/"] [unique_id "agtzvlgzkJSXKY58b24w4QAAABQ"], referer: http://www.shofarmusic.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-02-21 18:46:11
(4 months ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 21 13:46:04.187204 2026] [security2:error] [pid 25031:tid 25031] [client 120.82.83.126:36945] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.alltecmachine.com|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.alltecmachine.com"] [uri "/"] [unique_id "aZn9bEKsN2Ki98EBCf3RVAAAAAc"], referer: https://www.alltecmachine.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐บ๐ธ
TPI-Abuse
2026-01-25 00:44:20
(5 months ago)
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:210831) triggered by 120.82.83.126 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 24 19:44:16.272361 2026] [security2:error] [pid 10800:tid 10800] [client 120.82.83.126:52358] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i:(?:^(?:microsoft url|user-Agent|www\\\\.weblogs\\\\.com|(?:jakart|vi)a|(google|i{0,1}explorer{0,1}\\\\.exe|(ms){0,1}ie( [0-9.]{1,}){0,1} {0,1}(compatible( browser){0,1}){0,1})$)|\\\\bdatacha0s\\\\b|; widows|\\\\\\\\r|a(?: href=|d(?:sarobot|vanced email extractor ..." at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "29"] [id "210831"] [rev "2"] [msg "COMODO WAF: Rogue web site crawler||www.circleinthesquare.org|F|4"] [data "User-Agent"] [severity "WARNING"] [tag "CWAF"] [tag "Agents"] [hostname "www.circleinthesquare.org"] [uri "/"] [unique_id "aXVnYDpVb6_lbMDj0bu-MQAAAAw"], referer: http://www.circleinthesquare.org/
show less
Brute-Force
Bad Web Bot
Web App Attack
๐จ๐ฆ
1gz
2026-01-24 22:34:06
(5 months ago)
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET metho ...
show more
Triggered Cloudflare WAF (firewallCustom) from CN.
Action taken: BLOCK
Protocol: HTTP/1.1 (GET method)
Endpoint: /
UA: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36
This report was generated by:
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
show less
Bad Web Bot
๐จ๐ณ
ThreatBook.io
2025-04-16 23:34:59
(1 year ago)
ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.82.83.126
2025-04- ...
show more
ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.82.83.126
2025-04-16 03:39:44 /
show less
Web App Attack
๐จ๐ณ
ThreatBook.io
2025-04-12 23:22:56
(1 year ago)
ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.82.83.126
2025-04- ...
show more
ThreatBook Intelligence: Zombie,Spam more details on https://threatbook.io/ip/120.82.83.126
2025-04-12 18:17:07 /
show less
Web App Attack