JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 196.245.54.159

196.245.54.159 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 72%: ?

72%

ISP	SA
Usage Type	Data Center/Web Hosting/Transit
ASN	AS58065
Domain Name	fibergrid.co.za
Country	🇪🇸 Spain
City	Valencia, Valencia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 196.245.54.159

Whois 196.245.54.159

IP Abuse Reports for 196.245.54.159:

This IP address has been reported a total of 45 times from 29 distinct sources. 196.245.54.159 was first reported on February 23rd 2023, and the most recent report was 19 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-25 02:51:20 (19 hours ago)	(mod_security) mod_security (id:240335) triggered by 196.245.54.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.245.54.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 22:51:12.497402 2026] [security2:error] [pid 1151:tid 1184] [client 196.245.54.159:37533] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.245.54.159 (+1 hits since last alert)\|www.gilesrentalcars.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "www.gilesrentalcars.com"] [uri "/xmlrpc.php"] [unique_id "ajyXoIPw1BderthOwjxLEQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 QT	2026-06-25 02:37:41 (20 hours ago)	Unauthorised WordPress admin login attempted at 2026-06-25 12:37:41 +1000	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 02:25:52 (20 hours ago)	(mod_security) mod_security (id:240335) triggered by 196.245.54.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.245.54.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 22:25:46.393466 2026] [security2:error] [pid 1671:tid 1671] [client 196.245.54.159:24849] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.245.54.159 (+1 hits since last alert)\|briannalls.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "briannalls.com"] [uri "/xmlrpc.php"] [unique_id "ajyRqiDq7IYs2tu8G_w6eQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 pscriptos	2026-06-25 02:20:46 (20 hours ago)	{"ClientAddr":"196.245.54.159:33939","ClientHost":"196.245.54.159","ClientPort":"33939","ClientUsern ... show more {"ClientAddr":"196.245.54.159:33939","ClientHost":"196.245.54.159","ClientPort":"33939","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":119589957,"OriginContentSize":418,"OriginDuration":114939977,"OriginStatus":403,"Overhead":4649980,"RequestAddr":"www.cleveradmin.de","RequestContentSize":291,"RequestCount":1367871,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-06-25T04:19:47.127186739+02:00","StartUTC":"2026-06-25T02:19:47.127186739Z","TLSCipher":"TLS_AES_128_GCM_SHA256","TLSVersion":"1.3","entryPointName":"websecure","level":"info","msg":"","time":"2026-06-25T04:19:47+02:00"} {"ClientAddr":"196.245.54.159:27677","ClientHost":"196.245.54.159","ClientPort" ... show less	Brute-Force Web App Attack
🇫🇷 SpaceHost-Server	2026-06-25 02:18:24 (20 hours ago)	196.245.54.159 - - [25/Jun/2026:04:18:20 +0200] "POST /wp-login.php HTTP/1.1" 200 14292 "-" "Mozilla ... show more 196.245.54.159 - - [25/Jun/2026:04:18:20 +0200] "POST /wp-login.php HTTP/1.1" 200 14292 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36" 196.245.54.159 - - [25/Jun/2026:04:18:20 +0200] "POST /wp-login.php HTTP/1.1" 200 14292 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36" 196.245.54.159 - - [25/Jun/2026:04:18:23 +0200] "POST /wp-login.php HTTP/1.1" 200 14292 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36" show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 02:03:57 (20 hours ago)	(mod_security) mod_security (id:240335) triggered by 196.245.54.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.245.54.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 22:03:53.532461 2026] [security2:error] [pid 7187:tid 7187] [client 196.245.54.159:35615] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.245.54.159 (+1 hits since last alert)\|radicalchange.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "radicalchange.org"] [uri "/xmlrpc.php"] [unique_id "ajyMibGe9SbQezV0TW4xXAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 vaia.cloud	2026-06-25 01:58:01 (20 hours ago)	trying wp-login.php/xmlrpc.php 30 times in 1 minutes	Brute-Force Web App Attack
🇺🇸 masterguru	2026-06-25 01:45:45 (21 hours ago)	(XMLRPC) WP XMLPRC Attack 196.245.54.159 (ES/Spain/-): 10 in the last 3600 secs (0-173)	Hacking
🇩🇪 konseptit	2026-06-25 00:03:07 (22 hours ago)	(wordpress) Failed wordpress login from 196.245.54.159 (ES/Spain/-)	Brute-Force
🇦🇺 paulshipley.com.au	2026-06-24 23:51:08 (22 hours ago)	[Thu Jun 25 09:51:06.556720 2026] [security2:error] [pid 453393] [client 196.245.54.159:34713] [clie ... show more [Thu Jun 25 09:51:06.556720 2026] [security2:error] [pid 453393] [client 196.245.54.159:34713] [client 196.245.54.159] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/modsecurity/crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "dance4fitness.com.au"] [uri "/xmlrpc.php"] [unique_id "ajxtahvC_yxjieDyXzrzYAAAAAA"] ... show less	Web App Attack
🇧🇪 taivas.nl	2026-06-24 23:32:19 (23 hours ago)	Wordpress_login_attempts	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-24 23:27:11 (23 hours ago)	(mod_security) mod_security (id:240335) triggered by 196.245.54.159 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:240335) triggered by 196.245.54.159 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 19:27:07.027641 2026] [security2:error] [pid 13405:tid 13405] [client 196.245.54.159:53307] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 196.245.54.159 (+1 hits since last alert)\|market1st.bridgital.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "market1st.bridgital.com"] [uri "/xmlrpc.php"] [unique_id "ajxny6P_RW7rBhJDeYbWQQAAADY"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 KIsmay	2026-06-24 23:21:32 (23 hours ago)	Jun 24 19:20:29 www4 WPAudit[3082665]: 196.245.54.159 lemoncreekcampground.ca "Mozilla/5.0 (Windows ... show more Jun 24 19:20:29 www4 WPAudit[3082665]: 196.245.54.159 lemoncreekcampground.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36" sbd-admin:9876543210 FAIL Jun 24 19:20:32 www4 WPAudit[3082664]: 196.245.54.159 lemoncreekcampground.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36" sbd-admin:a123456 FAIL Jun 24 19:21:11 www4 WPAudit[3082664]: 196.245.54.159 lemoncreekcampground.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36" sbd-admin:qwe123 FAIL Jun 24 19:21:28 www4 WPAudit[3082666]: 196.245.54.159 lemoncreekcampground.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/136.0.0.0 Safari/537.36" sbd-admin:aaaaaa FAIL Jun 24 19:21:32 www4 WPAudit[3082661]: 196.245.54.159 lemoncreekcampground.ca "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 ... show less	Brute-Force Web App Attack
🇬🇧 consul.to	2026-06-21 18:12:16 (4 days ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 consul.to	2026-05-26 15:19:33 (4 weeks ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.246

🇺🇸 143.137.165.92

🇺🇸 143.137.165.81

🇧🇿 45.227.254.155

🇸🇬 35.240.150.235

🇨🇭 34.65.50.58

🇶🇦 34.18.133.4

🇫🇷 2a01:e0a:987:2e60:5c8a:d13f:b28d:6e3d

🇷🇴 193.46.255.86

🇩🇪 176.110.104.103

🇺🇸 162.216.150.35

🇺🇸 143.137.165.75

🇺🇸 143.137.165.69

🇺🇸 143.137.165.63

🇺🇸 143.137.165.60

🇫🇷 88.166.28.185

🇮🇳 52.140.124.214

🇳🇱 45.148.10.152

🇸🇬 43.172.198.181

🇬🇧 35.203.210.19