π«π·
ELYAZ
2026-07-01 17:55:12
(2 days ago)
(y4) Failed scan -byebye- from 45.159.21.212 (US/United States/-): (CF_ENABLE)
Hacking
π¦πΊ
AWW-Admin
2026-06-26 19:56:26
(6 days ago)
(wordpress) Failed wordpress login from 45.159.21.212 (US/United States/-)
Brute-Force
πΊπΈ
masterguru
2026-06-24 11:50:17
(1 week ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-169)
Hacking
πΊπΈ
TPI-Abuse
2026-06-11 00:18:34
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 45.159.21.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 45.159.21.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 20:18:30.858265 2026] [security2:error] [pid 1978:tid 1978] [client 45.159.21.212:54253] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||brent23.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "brent23.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ain-1iI4mtX-V2VJIglA7gAAABE"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-10 22:14:50
(3 weeks ago)
(mod_security) mod_security (id:225170) triggered by 45.159.21.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 45.159.21.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 18:14:43.020767 2026] [security2:error] [pid 21420:tid 21420] [client 45.159.21.212:17869] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||easygifting.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "easygifting.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ainh0w2L28l8Xz7o32u5LgAAAAU"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
ne1for23
2026-06-09 22:19:33
(3 weeks ago)
45.159.21.212 - - [09/Jun/2026:22:19:33 +0000] "POST /xmlrpc.php HTTP/1.1" 403 153 "-" "Apache-HttpC ...
show more
45.159.21.212 - - [09/Jun/2026:22:19:33 +0000] "POST /xmlrpc.php HTTP/1.1" 403 153 "-" "Apache-HttpClient/4.5.13 (Java/17.0.18)"
show less
Hacking
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-28 11:21:33
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 45.159.21.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 45.159.21.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 07:21:29.528627 2026] [security2:error] [pid 2365:tid 2365] [client 45.159.21.212:48057] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||austingrammer.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "austingrammer.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahglORyPyOB7WaabA-Ek6gAAAAU"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-16 00:29:50
(1 month ago)
(mod_security) mod_security (id:211030) triggered by 45.159.21.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:211030) triggered by 45.159.21.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 20:29:43.839684 2026] [security2:error] [pid 7959:tid 7959] [client 45.159.21.212:9403] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at ARGS. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "17"] [id "211030"] [rev "3"] [msg "COMODO WAF: LDAP Injection Attack||www.genesis-castle.com|F|2"] [data "Matched Data: ('~'||( found within ARGS: 0"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.genesis-castle.com"] [uri "/gallery/index.php"] [unique_id "age6d7SSKnBQHdjexibkDAAAAAc"]
show less
Brute-Force
Bad Web Bot
Web App Attack
π©πͺ
kjaerulff
2026-05-15 02:09:08
(1 month ago)
Failed Wordpress login using wp-login.php
Web App Attack
πΊπΈ
TPI-Abuse
2026-05-11 13:23:07
(1 month ago)
(mod_security) mod_security (id:225170) triggered by 45.159.21.212 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 45.159.21.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 09:23:01.700659 2026] [security2:error] [pid 30850:tid 30859] [client 45.159.21.212:11433] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||jab-us.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jab-us.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agHYNfXbx7D0nXQTsiph5gAAAQI"], referer: https://www.google.com
show less
Brute-Force
Bad Web Bot
Web App Attack
π³πΏ
Tripwire
2025-10-31 20:18:46
(8 months ago)
Wordpress login scanning
Brute-Force
Web App Attack
π©πͺ
LRob
2025-05-16 12:15:09
(1 year ago)
Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail
Bad Web Bot
Web App Attack
πΈπͺ
OnTheEdge
2025-02-03 13:01:45
(1 year ago)
Password spraying. Multiple unauthorized login attempts
Hacking
Web App Attack
π¨πΏ
lp
2025-01-31 19:21:25
(1 year ago)
Unauthorized VPN login attempts: 1 attempts were recorded from 45.159.21.212
2025-01-31T18:59:23+01: ...
show more
Unauthorized VPN login attempts: 1 attempts were recorded from 45.159.21.212
2025-01-31T18:59:23+01:00 vpn Access-Reject 'overtroubling' station: 45.159.21.212 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>'
show less
Brute-Force
Web App Attack
Anonymous
2022-03-19 22:30:00
(4 years ago)
Password Spary Attack
Brute-Force
Exploited Host