JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 123.21.96.207

123.21.96.207 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 66%: ?

66%

ISP	Vietnam Posts and Telecommunications Group
Usage Type	Fixed Line ISP
ASN	AS45899
Domain Name	vnpt.com.vn
Country	🇻🇳 Viet Nam
City	Ho Chi Minh City, Ho Chi Minh City (HCMC)

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 123.21.96.207

Whois 123.21.96.207

IP Abuse Reports for 123.21.96.207:

This IP address has been reported a total of 26 times from 19 distinct sources. 123.21.96.207 was first reported on November 17th 2025, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 rh24	2026-06-08 09:44:25 (2 weeks ago)	(xmlrpc_405) XMLRPC-Bot 405 123.21.96.207 (VN/Vietnam/-)	Hacking
🇫🇷 masterguru	2026-06-07 09:55:03 (2 weeks ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 TPI-Abuse	2026-06-07 07:48:48 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 123.21.96.207 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 123.21.96.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 03:48:41.343068 2026] [security2:error] [pid 9330:tid 9330] [client 123.21.96.207:51031] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 123.21.96.207 (+1 hits since last alert)\|laecovillage.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "laecovillage.org"] [uri "/xmlrpc.php"] [unique_id "aiUiWQelfZ36X7Yq_sDGvgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-07 06:34:21 (2 weeks ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 lostswordfish.com	2026-06-06 13:06:04 (2 weeks ago)	Wordfence waf block on lostswordfish	Web App Attack
🇺🇸 TPI-Abuse	2026-06-06 08:21:58 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 123.21.96.207 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 123.21.96.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 04:21:52.715066 2026] [security2:error] [pid 13663:tid 13676] [client 123.21.96.207:56588] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 123.21.96.207 (+1 hits since last alert)\|jpdesign.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jpdesign.us"] [uri "/xmlrpc.php"] [unique_id "aiPYoE7bqLNc_f0eJT8uEQAAAQs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-06 07:38:43 (2 weeks ago)	(wordpress) Failed wordpress login from 123.21.96.207 (VN/Vietnam/Ho Chi Minh/Ho Chi Minh City/-/[re ... show more (wordpress) Failed wordpress login from 123.21.96.207 (VN/Vietnam/Ho Chi Minh/Ho Chi Minh City/-/[redacted]) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-06 07:10:40 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 123.21.96.207 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 123.21.96.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 03:10:35.738737 2026] [security2:error] [pid 26160:tid 26160] [client 123.21.96.207:60624] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 123.21.96.207 (+1 hits since last alert)\|churchbehindthewalls.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "churchbehindthewalls.com"] [uri "/xmlrpc.php"] [unique_id "aiPH6_j6HGxnIa8nCSvRIQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-06 06:36:40 (2 weeks ago)	Attac	Brute-Force
Anonymous	2026-06-06 06:06:30 (2 weeks ago)	(wordpress) Failed wordpress login from 123.21.96.207 (VN/Vietnam/-)	Brute-Force
🇳🇱 debestelapp	2026-06-05 10:55:07 (2 weeks ago)		Web App Attack
🇺🇸 TPI-Abuse	2026-06-05 10:06:38 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 123.21.96.207 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 123.21.96.207 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 05 06:06:33.652617 2026] [security2:error] [pid 30441:tid 30441] [client 123.21.96.207:53014] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 123.21.96.207 (+1 hits since last alert)\|fuentevictoria.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fuentevictoria.com"] [uri "/xmlrpc.php"] [unique_id "aiKfqdsPeczpLmi4PHbUYQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-05 10:04:49 (2 weeks ago)	Fail2ban filtered ...	Web App Attack
🇧🇾 lns.bz	2026-06-05 09:21:36 (2 weeks ago)	Banned for trying to access xmlrpc [BY]	Web App Attack
🇳🇱 wlt-blocker	2026-06-05 09:15:04 (2 weeks ago)	Unauthorized access to webpage admin	Web App Attack

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇳 197.5.145.102

🇩🇪 91.92.240.232

🇨🇳 82.157.53.173

🇧🇷 192.141.106.69

🇧🇷 189.15.10.179

🇺🇸 138.68.243.18

🇻🇳 125.212.244.35

🇭🇰 114.111.53.214

🇺🇸 104.234.53.43

🇹🇷 87.232.127.53

🇳🇵 49.244.71.94

🇳🇱 45.148.10.141

🇰🇷 1.222.42.237

🇮🇳 2405:201:5c0e:b81e:5402:2e10:742e:c200

🇸🇪 185.129.67.172

🇯🇵 161.33.0.240

🇸🇬 119.28.101.155

🇱🇻 81.30.98.44

🇸🇨 45.194.67.146

🇷🇴 2.57.122.177