JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 170.246.25.54

170.246.25.54 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 45%: ?

45%

ISP	RazaoInfo Internet Ltda
Usage Type	Fixed Line ISP
ASN	AS263077
Domain Name	razaoinfo.com.br
Country	🇧🇷 Brazil
City	Passo Fundo, Rio Grande do Sul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 170.246.25.54

Whois 170.246.25.54

IP Abuse Reports for 170.246.25.54:

This IP address has been reported a total of 10 times from 8 distinct sources. 170.246.25.54 was first reported on November 17th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-23 21:30:46 (4 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇧🇪 cmbplf	2026-06-23 20:30:21 (4 days ago)	3.093 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-23 17:46:28 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 170.246.25.54 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 170.246.25.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 23 13:46:23.029594 2026] [security2:error] [pid 5264:tid 5264] [client 170.246.25.54:60191] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 170.246.25.54 (+1 hits since last alert)\|guldunyayayinlari.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "guldunyayayinlari.com"] [uri "/xmlrpc.php"] [unique_id "ajrGb1fP84T54KOPm3mtmgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 NotCool	2026-06-23 17:07:37 (4 days ago)	(XMLRPC) WP XMLPRC Attack 170.246.25.54 (BR/Brazil/-): 50 in the last 3600 secs	Web App Attack
🇲🇾 Rizzy	2026-06-23 17:00:00 (4 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 22:26:32 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 170.246.25.54 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 170.246.25.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 18:26:27.463878 2026] [security2:error] [pid 11158:tid 11158] [client 170.246.25.54:61008] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 170.246.25.54 (+1 hits since last alert)\|enjoymycondos.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "enjoymycondos.com"] [uri "/xmlrpc.php"] [unique_id "ajMfEwJAgkkNFmfpSjS6kQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 debestelapp	2026-06-17 19:55:10 (1 week ago)		Web App Attack
🇩🇪 rh24	2026-06-17 18:38:44 (1 week ago)	(wordpress) Failed wordpress login from 170.246.25.54 (BR/Brazil/-): (CF_ENABLE)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-15 19:52:25 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 170.246.25.54 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 170.246.25.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 15:52:19.540718 2026] [security2:error] [pid 19210:tid 19210] [client 170.246.25.54:59987] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 170.246.25.54 (+1 hits since last alert)\|activethinkers.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "activethinkers.net"] [uri "/xmlrpc.php"] [unique_id "ajBX89hHvmmVVAGJHgSxuQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-17 22:22:55 (7 months ago)	scanning http requests from known botnet	Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇩 160.22.35.66

🇫🇷 51.77.158.34

🇺🇸 2607:f8b0:4023:100f::125

🇺🇸 205.210.31.58

🇺🇸 205.210.31.47

🇬🇧 194.50.235.157

🇺🇸 193.3.53.11

🇧🇷 186.209.16.122

🇺🇸 165.154.172.111

🇵🇪 161.132.54.218

🇫🇮 147.185.133.30

🇨🇳 123.245.84.150

🇮🇷 85.185.42.2

🇺🇸 65.78.83.100

🇭🇰 45.249.247.86

🇺🇸 23.153.217.31

🇨🇳 1.24.16.128

🇵🇰 223.123.35.47

🇨🇳 222.176.201.193

🇧🇷 205.210.31.219