JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 45.159.21.25

45.159.21.25 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 10%: ?

10%

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46475
Domain Name	finegroupservers.com
Country	🇵🇱 Poland
City	Lublin, Lublin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 45.159.21.25

Whois 45.159.21.25

IP Abuse Reports for 45.159.21.25:

This IP address has been reported a total of 21 times from 8 distinct sources. 45.159.21.25 was first reported on July 21st 2023, and the most recent report was 10 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tilellit.pro	2026-06-28 08:30:04 (10 hours ago)	Fail2Ban banned 45.159.21.25 for security violations in jail wp-armour. Log: 2026/06/28 08:30:03 [er ... show more Fail2Ban banned 45.159.21.25 for security violations in jail wp-armour. Log: 2026/06/28 08:30:03 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 45.159.21.25 \| Target: wplogin" , client: 45.159.21.25, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇫🇷 tilellit.pro	2026-06-27 19:30:34 (23 hours ago)	Fail2Ban banned 45.159.21.25 for security violations in jail wp-armour. Log: 2026/06/27 19:30:34 [er ... show more Fail2Ban banned 45.159.21.25 for security violations in jail wp-armour. Log: 2026/06/27 19:30:34 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 45.159.21.25 \| Target: wplogin" , client: 45.159.21.25, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇫🇷 tilellit.pro	2026-06-27 09:50:22 (1 day ago)	Fail2Ban banned 45.159.21.25 for security violations in jail wp-armour. Log: 2026/06/27 09:50:21 [er ... show more Fail2Ban banned 45.159.21.25 for security violations in jail wp-armour. Log: 2026/06/27 09:50:21 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 45.159.21.25 \| Target: wplogin" , client: 45.159.21.25, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇺🇸 TPI-Abuse	2026-05-09 12:08:38 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 45.159.21.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 45.159.21.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 08:08:31.564582 2026] [security2:error] [pid 20524:tid 20558] [client 45.159.21.25:13775] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|transitionalcareservices.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "transitionalcareservices.com"] [uri "/wp-json/wp/v2/users"] [unique_id "af8jv5UXo8bkqx8iDDdHDQAAAJM"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-21 13:41:32 (6 months ago)	(mod_security) mod_security (id:210350) triggered by 45.159.21.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 45.159.21.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 21 08:41:24.657850 2025] [security2:error] [pid 22796:tid 22796] [client 45.159.21.25:55609] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|ursell.org\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "ursell.org"] [uri "/"] [unique_id "aUf5BK8jWV8xXkvRHZ_VDwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 Mugen	2025-06-11 17:55:09 (1 year ago)	Unauthorized VPN login attempts	Brute-Force
Anonymous	2025-03-31 14:24:52 (1 year ago)	This IP was involved in an brute force and password spray attack on 2025/03/31 09:22:03	Port Scan Brute-Force Exploited Host Web App Attack
Anonymous	2025-03-28 11:51:40 (1 year ago)	This IP was involved in an brute force and password spray attack on 2025/03/28 06:49:33	Port Scan Brute-Force Exploited Host Web App Attack
🇨🇦 wil.com	2025-03-28 08:35:29 (1 year ago)	GlobalProtect login attempts with user SHELBYB.	VPN IP Brute-Force
🇺🇸 TPI-Abuse	2025-02-27 23:44:08 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 45.159.21.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 45.159.21.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 27 18:44:04.365423 2025] [security2:error] [pid 4022:tid 4047] [client 45.159.21.25:63893] [client 45.159.21.25] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "fixatron.com"] [uri "/.env"] [unique_id "Z8D4xEQQpJHzkI7dInLyBAAAAFc"], referer: https://tasamm.com/about/fff25.html show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 OnTheEdge	2025-02-12 23:20:26 (1 year ago)	Password spraying. Multiple unauthorized login attempts	Hacking Web App Attack
🇸🇪 OnTheEdge	2025-02-11 05:20:49 (1 year ago)	Password spraying. Multiple unauthorized login attempts	Hacking Web App Attack
🇸🇪 OnTheEdge	2025-02-07 14:54:46 (1 year ago)	Password spraying. Multiple unauthorized login attempts	Hacking Web App Attack
🇨🇿 lp	2025-02-05 14:50:01 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 45.159.21.25 2025-02-05T14:24:23+01:0 ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 45.159.21.25 2025-02-05T14:24:23+01:00 vpn Access-Reject 'Abolitionism' station: 45.159.21.25 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇸🇪 OnTheEdge	2025-02-04 16:07:08 (1 year ago)	Password spraying. Multiple unauthorized login attempts	Hacking Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.175

🇪🇸 188.114.111.38

🇵🇰 43.246.222.44

242.2.145.132

🇺🇸 216.25.89.134

🇸🇬 188.166.251.103

🇳🇱 185.93.89.167

🇦🇷 181.25.199.142

🇫🇷 161.97.86.82

🇵🇰 103.26.86.197

🇳🇱 91.92.40.239

🇩🇪 64.226.126.224

🇳🇱 45.90.13.191

🇺🇸 20.163.15.207

🇸🇬 4.193.138.41

🇺🇸 205.210.31.101

🇺🇸 159.203.95.133

🇨🇳 115.190.174.127

🇨🇳 115.51.242.24

🇺🇸 104.206.57.38