JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 154.159.252.212

154.159.252.212 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 60%: ?

60%

ISP	Airtel Networks Kenya Limited
Usage Type	Mobile ISP
ASN	AS36926
Hostname(s)	212-252-159-154.r.airtelkenya.com
Domain Name	airtel.in
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 154.159.252.212

Whois 154.159.252.212

IP Abuse Reports for 154.159.252.212:

This IP address has been reported a total of 27 times from 19 distinct sources. 154.159.252.212 was first reported on September 23rd 2024, and the most recent report was 41 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-14 05:36:02 (41 minutes ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TAY	2026-06-14 05:06:24 (1 hour ago)	154.159.252.212 - - [14/Jun/2026:13:06:03 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5893 "-" "Jetpack b ... show more 154.159.252.212 - - [14/Jun/2026:13:06:03 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5893 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)" 154.159.252.212 - - [14/Jun/2026:13:06:13 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5893 "-" "Jetpack/12.5; WordPress/6.4; http://site78692734.com" 154.159.252.212 - - [14/Jun/2026:13:06:24 +0800] "POST /xmlrpc.php HTTP/1.1" 200 5893 "-" "WordPress.com; https://wordpress.com" ... show less	Brute-Force
Anonymous	2026-06-14 03:24:13 (2 hours ago)	Attac	Brute-Force
🇺🇸 integrantservices.com	2026-06-14 02:21:34 (3 hours ago)	(wordpress) Failed wordpress login from 154.159.252.212 (KE/Kenya/212-252-159-154.r.airtelkenya.com)	Brute-Force
Anonymous	2026-06-14 01:19:07 (4 hours ago)	WordPress Brute Force	Brute-Force
🇺🇸 TPI-Abuse	2026-06-13 22:50:06 (7 hours ago)	(mod_security) mod_security (id:240335) triggered by 154.159.252.212 (212-252-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.252.212 (212-252-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 18:50:00.146900 2026] [security2:error] [pid 742:tid 742] [client 154.159.252.212:28855] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.252.212 (+1 hits since last alert)\|knoxbestos.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "knoxbestos.com"] [uri "/xmlrpc.php"] [unique_id "ai3emC37T1BZBC24aOkNOgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-13 22:16:14 (8 hours ago)	[redacted] 154.159.252.212 - - [14/Jun/2026:00:15:30 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ... show more [redacted] 154.159.252.212 - - [14/Jun/2026:00:15:30 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" [redacted] 154.159.252.212 - - [14/Jun/2026:00:15:40 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.1)" [redacted] 154.159.252.212 - - [14/Jun/2026:00:15:50 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 154.159.252.212 - - [14/Jun/2026:00:16:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.1; http://site66750101.com" [redacted] 154.159.252.212 - - [14/Jun/2026:00:16:12 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-13 21:36:20 (8 hours ago)	(mod_security) mod_security (id:240335) triggered by 154.159.252.212 (212-252-159-154.r.airtelkenya. ... show more (mod_security) mod_security (id:240335) triggered by 154.159.252.212 (212-252-159-154.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 17:36:14.091358 2026] [security2:error] [pid 26170:tid 26187] [client 154.159.252.212:4483] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 154.159.252.212 (+1 hits since last alert)\|teritemme.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "teritemme.com"] [uri "/xmlrpc.php"] [unique_id "ai3NTkjLZh8-DShFbIxgdgAAAE8"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 security.rdmc.fr	2026-05-24 02:20:58 (3 weeks ago)	Port Scan Attack proto:TCP src:41159 dst:23	Port Scan
🇺🇸 RAP	2026-05-15 19:46:30 (4 weeks ago)	2026-05-15 19:46:30 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
🇧🇪 sauron-le-noir	2026-05-15 18:16:14 (4 weeks ago)	scan port : 23 from Kenya at Fri May 15 20:20:21 2026	Port Scan
🇬🇧 PeravixGroup	2026-05-15 17:19:11 (4 weeks ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
Anonymous	2026-04-28 20:41:47 (1 month ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
🇫🇷 security.rdmc.fr	2026-04-24 20:32:07 (1 month ago)	Port Scan Attack proto:TCP src:24000 dst:23	Port Scan
🇺🇸 MPL	2026-04-24 20:25:22 (1 month ago)	tcp/23 (2 or more attempts)	Port Scan

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇷 181.209.105.109

🇺🇸 162.216.149.143

🇳🇱 95.85.226.199

🇱🇺 64.89.161.56

🇳🇱 45.148.10.141

🇵🇪 38.250.148.0

🇺🇸 34.145.224.242

🇫🇷 2a09:bac5:33e0:1b4b::2b8:fc

🇲🇰 188.44.20.30

🇨🇳 180.97.50.202

🇭🇰 154.221.20.215

🇺🇸 103.143.238.100

🇷🇺 77.37.179.158

🇺🇸 66.132.172.221

🇦🇪 52.102.199.59

🇳🇱 46.151.178.13

🇧🇷 45.205.1.76

🇮🇳 34.180.58.20

🇩🇪 34.179.251.202

🇺🇸 3.142.99.129