πͺπΈ
gnom4ik
2026-02-21 10:46:17
(4 months ago)
ban-reviewer auto report; ip=94.16.121.91; scenario=http:scan; verdict=valid_ban; confidence=0.90; c ...
show more
ban-reviewer auto report; ip=94.16.121.91; scenario=http:scan; verdict=valid_ban; confidence=0.90; categories=14; active_decisions=2; lookback_decisions=2; nginx_requests=0; appsec_matches=0; auth_events=0; kernel_events=0; signals=IP flagged for 'http:scan' scenario; Port Scan (category 14) detected in abuseipdb_context; High frequency of IP-related decisions in lookback window
show less
Port Scan
πΊπΈ
TPI-Abuse
2026-02-18 16:02:54
(4 months ago)
(mod_security) mod_security (id:225170) triggered by 94.16.121.91 (this-is-a-tor-node---9.artikel5ev ...
show more
(mod_security) mod_security (id:225170) triggered by 94.16.121.91 (this-is-a-tor-node---9.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 18 11:02:46.510475 2026] [security2:error] [pid 19255:tid 19255] [client 94.16.121.91:41922] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||portlunchgroup.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "portlunchgroup.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aZXipsebpB0JfPG97zKPZQAAABI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
stinpriza
2026-02-15 19:13:00
(4 months ago)
Web App Attack
Web App Attack
πΊπΈ
TPI-Abuse
2026-02-10 19:29:06
(5 months ago)
(mod_security) mod_security (id:210492) triggered by 94.16.121.91 (this-is-a-tor-node---9.artikel5ev ...
show more
(mod_security) mod_security (id:210492) triggered by 94.16.121.91 (this-is-a-tor-node---9.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 10 14:29:01.363234 2026] [security2:error] [pid 32103:tid 32103] [client 94.16.121.91:60704] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.tyllo.com"] [uri "/.git/config"] [unique_id "aYuG_Vp9vSBmriOVB8Y1TgAAAAs"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
MarKup
2026-02-10 18:40:17
(5 months ago)
Multiple invalid 404 HTTP requests - Fail2Ban
Hacking
Web App Attack
π¦πΊ
oncord
2026-02-08 20:21:31
(5 months ago)
Form spam
Web Spam
πΊπΈ
Hmorrin
2026-02-07 12:16:13
(5 months ago)
Port Scan
πΊπΈ
Psycho Solutions LLC
2026-02-05 16:38:51
(5 months ago)
Detected Wordpress Scanning. - Request Method: GET - Target: {PC} wp-login.php - User Agent: N ...
show more
Detected Wordpress Scanning. - Request Method: GET - Target: {PC} wp-login.php - User Agent: N/A - Timestamp: 2/5/2026 4:38 pm (UTC-6)
show less
Web Spam
Hacking
Bad Web Bot
Web App Attack
π¦πΊ
oncord
2026-02-05 08:55:11
(5 months ago)
Form spam
Web Spam
π©πͺ
ger-stg-sifi1
2026-02-04 16:10:02
(5 months ago)
(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php
Web App Attack
π¨πΏ
unhfree.net
2026-02-04 14:42:52
(5 months ago)
Feb 4 13:06:45 canopus postfix/smtpd[286880]: NOQUEUE: reject: RCPT from this-is-a-tor-node---9.art ...
show more
Feb 4 13:06:45 canopus postfix/smtpd[286880]: NOQUEUE: reject: RCPT from this-is-a-tor-node---9.artikel5ev.de[94.16.121.91]: 554 5.7.1 <[email protected] >: Sender address rejected: Access denied; from=<[email protected] > to=<[email protected] > proto=ESMTP helo=<127.0.0.1>
Feb 4 13:16:51 canopus postfix/smtpd[287444]: NOQUEUE: reject: RCPT from this-is-a-tor-node---9.artikel5ev.de[94.16.121.91]: 554 5.7.1 <[email protected] >: Sender address rejected: Access denied; from=<[email protected] > to=<[email protected] > proto=ESMTP helo=<127.0.0.1>
Feb 4 13:25:14 canopus postfix/smtpd[287980]: NOQUEUE: reject: RCPT from this-is-a-tor-node---9.artikel5ev.de[94.16.121.91]: 554 5.7.1 <[email protected] >: Sender address rejected: Access denied; from=<[email protected] > to=<[email protected] > proto=ESMTP helo=<127.0.0.1>
Feb 4 14:09:32 canopus postfix/smtpd[290666]: NOQUEUE: reject: RCPT from this-is-a-tor-node---9.artikel5ev.de[94.16.121.91]: 554 5.7.1 <sendmail@
...
show less
Brute-Force
Exploited Host
πΊπΈ
TPI-Abuse
2026-02-04 01:44:52
(5 months ago)
(mod_security) mod_security (id:210350) triggered by 94.16.121.91 (this-is-a-tor-node---9.artikel5ev ...
show more
(mod_security) mod_security (id:210350) triggered by 94.16.121.91 (this-is-a-tor-node---9.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 03 20:44:45.718332 2026] [security2:error] [pid 12889:tid 12889] [client 94.16.121.91:55024] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found||agribrokers.net|F|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "agribrokers.net"] [uri "/xmlrpc.php"] [unique_id "aYKkjd0rSc11ZazSxyLdDgAAABU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
Hmorrin
2026-02-04 00:16:30
(5 months ago)
Port Scan
πΊπΈ
TPI-Abuse
2026-02-03 07:58:54
(5 months ago)
(mod_security) mod_security (id:225170) triggered by 94.16.121.91 (this-is-a-tor-node---9.artikel5ev ...
show more
(mod_security) mod_security (id:225170) triggered by 94.16.121.91 (this-is-a-tor-node---9.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 03 02:58:49.028695 2026] [security2:error] [pid 4282:tid 4300] [client 94.16.121.91:51524] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||ccgparquitectos.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ccgparquitectos.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aYGquQc05TEOxaibHOVLcgAAAFA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π¬π§
Greg Poulson
2026-02-02 15:33:36
(5 months ago)
Our website was hit by this DDOS at a rate of 12 in 5 minutes.
DDoS Attack
Web Spam
Brute-Force