JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 94.130.22.227

94.130.22.227 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 50%: ?

50%

ISP	Hetzner Online GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS24940
Hostname(s)	s3.sitechai.com
Domain Name	hetzner.com
Country	🇩🇪 Germany
City	Falkenstein, Saxony

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 94.130.22.227

Whois 94.130.22.227

IP Abuse Reports for 94.130.22.227:

This IP address has been reported a total of 32 times from 22 distinct sources. 94.130.22.227 was first reported on May 5th 2024, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇪 Coolnagour	2026-06-13 08:37:54 (2 weeks ago)	http-probing: /wp-json/tutor/v1/students	Web App Attack
🇩🇪 FeG Deutschland	2026-06-13 01:08:26 (2 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 2	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 22:49:20 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 94.130.22.227 (s3.sitechai.com): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 94.130.22.227 (s3.sitechai.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 18:49:12.053098 2026] [security2:error] [pid 30476:tid 30476] [client 94.130.22.227:36810] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|xcarsubscription.com.bamedica.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "xcarsubscription.com.bamedica.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aiyM6Pw-H4ftTya_bcFnbgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-06-12 10:13:03 (2 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇩🇪 big-cloud.nl	2026-06-12 07:48:49 (2 weeks ago)	Try to access /haardhout-emmeloord//xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 06:11:51 (2 weeks ago)	(mod_security) mod_security (id:225170) triggered by 94.130.22.227 (s3.sitechai.com): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 94.130.22.227 (s3.sitechai.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 02:11:45.287573 2026] [security2:error] [pid 7529:tid 7529] [client 94.130.22.227:48294] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|avvmarchetticollini.it\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "avvmarchetticollini.it"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aiujIf6YvMyXXQ3SplTP4AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇽 octageeks.com	2026-06-08 04:18:29 (2 weeks ago)	Wordpress malicious attack:[octaflood]	Web App Attack
🇲🇹 Malta	2026-06-07 17:00:27 (2 weeks ago)	94.130.22.227 - - [07/Jun/2026:19:00:27 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 94.130.22.227 - - [07/Jun/2026:19:00:27 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:133.0) Gecko/20100101 Firefox/133.0" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇫🇷 tecnicorioja	2026-06-06 22:00:15 (3 weeks ago)	POST /xmlrpc.php [06/Jun/2026:04:12:00	Brute-Force Web App Attack
🇺🇸 xxkodedxx	2026-06-06 03:37:26 (3 weeks ago)	[Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. ... show more [Zorvexus edge-defense] GET .env / WordPress honeypot probe Trigger: 1× honeypot-get in 10m window. Active: 03:36:58→03:37:01 UTC Volume: 2 honeypot probe(s) Bait taken: /wp-login.php UA: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" Auto-banned 30d. zorvexus-banner. show less	Bad Web Bot Web App Attack
Anonymous	2026-06-05 23:20:43 (3 weeks ago)	Web attack blocked by Wordfence on kunstkringhenrijonas.nl (1 hit). Reported by CRMON.	Web App Attack
🇲🇹 Malta	2026-06-05 15:22:28 (3 weeks ago)	94.130.22.227 - - [05/Jun/2026:17:22:28 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 94.130.22.227 - - [05/Jun/2026:17:22:28 +0200] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/133.0.0.0 Safari/537.36" Brute-force password attempt show less	Hacking Web App Attack Brute-Force
🇺🇸 TPI-Abuse	2026-06-05 10:11:13 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 94.130.22.227 (s3.sitechai.com): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 94.130.22.227 (s3.sitechai.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 06:11:08.367348 2026] [security2:error] [pid 364:tid 364] [client 94.130.22.227:60876] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|comobarbershop.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "comobarbershop.com"] [uri "/wp-json/wp/v2/users/me"] [unique_id "aiKgvDykZdEKuxvMjk465AAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ELYAZ	2026-06-04 23:05:06 (3 weeks ago)	(y4) Failed scan -byebye- from 94.130.22.227 (DE/Germany/s3.sitechai.com): (CF_ENABLE)	Hacking
🇺🇸 TPI-Abuse	2026-06-02 23:59:10 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 94.130.22.227 (s3.sitechai.com): 1 in the last ... show more (mod_security) mod_security (id:225170) triggered by 94.130.22.227 (s3.sitechai.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 19:59:06.664306 2026] [security2:error] [pid 10583:tid 10583] [client 94.130.22.227:40570] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|f40ph.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "f40ph.org"] [uri "/wp-json/wp/v2/users"] [unique_id "ah9uSuOxM_eUpPijXOIWkwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇴 193.32.162.83

🇳🇱 91.92.40.237

🇩🇪 47.91.79.97

🇺🇸 47.85.102.89

🇺🇸 2604:a940:300:5b6:0:2b::

🇹🇼 198.235.24.83

🇹🇼 198.235.24.42

🇦🇷 181.116.220.251

🇧🇷 38.226.107.70

🇨🇳 27.24.107.62

🇯🇵 20.78.171.209

🇹🇼 1.161.107.109

🇧🇷 201.48.6.209

🇩🇪 172.217.33.220

🇮🇶 169.224.105.170

🇫🇷 31.36.163.95

🇧🇷 205.210.31.186

🇺🇸 165.154.255.63

🇩🇪 69.5.169.162

🇨🇳 58.58.130.22