JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 94.16.111.8

94.16.111.8 was found in our database!

This IP was reported 116 times. Confidence of Abuse is 90%: ?

90%

ISP	netcup GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS197540
Hostname(s)	vmi540.hostlegends.com
Domain Name	netcup.de
Country	🇩🇪 Germany
City	Nuremberg, Bavaria

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 94.16.111.8

Whois 94.16.111.8

IP Abuse Reports for 94.16.111.8:

This IP address has been reported a total of 116 times from 52 distinct sources. 94.16.111.8 was first reported on December 24th 2024, and the most recent report was 50 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 ger-stg-sifi1	2026-06-22 08:22:35 (50 minutes ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇩🇪 LRob.fr	2026-06-22 05:00:03 (4 hours ago)	Repeated 403 errors, blocked by Fail2ban in custom-403 jail	Bad Web Bot
🇩🇪 LRob.fr	2026-06-22 04:45:03 (4 hours ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 03:13:38 (5 hours ago)	(mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 23:13:31.676653 2026] [security2:error] [pid 31555:tid 31555] [client 94.16.111.8:43314] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.thingstodonude.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.thingstodonude.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajioW_phx3Fiezoj6jpmDQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-06-21 22:32:01 (10 hours ago)		Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 18:58:18 (14 hours ago)	(mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 14:58:10.959562 2026] [security2:error] [pid 29704:tid 29704] [client 94.16.111.8:39568] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.odinathletes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.odinathletes.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajg0QkWD9QYs9irfbbiPeQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-21 13:40:04 (19 hours ago)	(mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 21 09:39:58.809542 2026] [security2:error] [pid 20678:tid 20678] [client 94.16.111.8:41162] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|opticasprisma.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "opticasprisma.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajfprhGxi4B_pzl6GR9vFwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-20 18:35:15 (1 day ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-17 07:41:47 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 03:41:41.521898 2026] [security2:error] [pid 2380:tid 2391] [client 94.16.111.8:59294] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|leadingedgesupply.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "leadingedgesupply.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajJPtTXyCo8Bj6i6txIwrgAAAMg"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 NotCool	2026-06-17 03:21:21 (5 days ago)	[7200] (XMLRPC,WPLOGIN) Login failure/trigger from 94.16.111.8 (DE/Germany/vmi540.hostlegends.com): ... show more [7200] (XMLRPC,WPLOGIN) Login failure/trigger from 94.16.111.8 (DE/Germany/vmi540.hostlegends.com): 50 in the last 3600 secs show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-16 23:56:39 (5 days ago)	(mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 19:56:30.838422 2026] [security2:error] [pid 2884:tid 2884] [client 94.16.111.8:43522] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|shelbysmoak.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "shelbysmoak.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajHirkKzXMeeHFYHK8HUBgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Kenshin869	2026-06-16 23:29:36 (5 days ago)	Wordpress unauthorized access attempt	Brute-Force
🇫🇷 SpaceHost-Server	2026-06-15 22:33:29 (6 days ago)		Brute-Force Web App Attack
🇵🇱 lns.bz	2026-06-15 09:27:38 (6 days ago)	Web app attack [PL.Lu]	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-14 00:29:00 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the ... show more (mod_security) mod_security (id:225170) triggered by 94.16.111.8 (vmi540.hostlegends.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 20:28:56.728770 2026] [security2:error] [pid 29013:tid 29013] [client 94.16.111.8:58842] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.lajoze.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.lajoze.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ai31yI7qvt4eHlnyo6-frwAAAB8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 116 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 187.111.28.131

🇹🇭 118.194.250.31

🇷🇺 95.142.47.113

🇦🇿 212.47.133.7

🇫🇷 207.180.226.58

🇩🇪 193.124.20.250

🇧🇷 179.63.63.213

🇧🇷 179.49.92.162

🇺🇸 147.182.202.179

🇮🇳 117.247.65.196

🇳🇱 91.92.40.52

🇮🇷 85.198.19.251

🇩🇪 85.93.9.218

🇺🇸 64.62.156.122

🇺🇸 47.251.86.188

🇪🇬 41.38.96.28

🇮🇱 2.54.85.220

🇧🇷 216.28.246.71

🇺🇸 192.153.70.243

🇱🇺 185.6.233.156