JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 200.53.206.121

200.53.206.121 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 64%: ?

64%

ISP	Redfox Telecomunicações Ltda.
Usage Type	Fixed Line ISP
ASN	AS262807
Hostname(s)	200.53.206.121.redfoxtelecom.com.br
Domain Name	redfoxtelecom.com.br
Country	🇧🇷 Brazil
City	Guarulhos, Sao Paulo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 200.53.206.121

Whois 200.53.206.121

IP Abuse Reports for 200.53.206.121:

This IP address has been reported a total of 22 times from 12 distinct sources. 200.53.206.121 was first reported on May 7th 2026, and the most recent report was 8 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-21 00:54:49 (8 hours ago)	(mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.co ... show more (mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 20:54:42.333969 2026] [security2:error] [pid 28965:tid 28965] [client 200.53.206.121:23514] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 200.53.206.121 (+1 hits since last alert)\|newmooncafe.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "newmooncafe.com"] [uri "/xmlrpc.php"] [unique_id "ajc2UvRDWV0EpQcIq4JO3wAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-21 00:20:54 (9 hours ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 22:09:38 (11 hours ago)	(mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.co ... show more (mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 18:09:30.659299 2026] [security2:error] [pid 30041:tid 30041] [client 200.53.206.121:23203] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 200.53.206.121 (+1 hits since last alert)\|infinityartistsgroup.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "infinityartistsgroup.com"] [uri "/xmlrpc.php"] [unique_id "ajcPmvgaq96ketMFB8yXAgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 vaia.cloud	2026-06-20 20:43:07 (13 hours ago)	trying wp-login.php/xmlrpc.php 34 times in 1 minutes	Brute-Force Web App Attack
🇪🇸 alferez	2026-06-20 01:46:10 (1 day ago)	xmlrpc.php attack DOS	Hacking Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 00:21:52 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.co ... show more (mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 20:21:44.750561 2026] [security2:error] [pid 24094:tid 24094] [client 200.53.206.121:60460] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 200.53.206.121 (+1 hits since last alert)\|fltsiminc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fltsiminc.com"] [uri "/xmlrpc.php"] [unique_id "ajXdGIu0yTivU_GdFfrrEgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-18 01:34:32 (3 days ago)	(wordpress) Failed wordpress login from 200.53.206.121 (BR/Brazil/200.53.206.121.redfoxtelecom.com.b ... show more (wordpress) Failed wordpress login from 200.53.206.121 (BR/Brazil/200.53.206.121.redfoxtelecom.com.br): (CF_ENABLE) show less	Brute-Force
🇫🇷 dynamix	2026-06-17 19:03:20 (3 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 10:11:37 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.co ... show more (mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 06:11:30.415477 2026] [security2:error] [pid 19329:tid 19329] [client 200.53.206.121:40922] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 200.53.206.121 (+1 hits since last alert)\|globaldentalservices.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "globaldentalservices.com"] [uri "/xmlrpc.php"] [unique_id "ajJy0gS1OlIVL9uH3RvHQwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 00:12:45 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.co ... show more (mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 20:12:38.855968 2026] [security2:error] [pid 7549:tid 7568] [client 200.53.206.121:40070] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 200.53.206.121 (+1 hits since last alert)\|michaelrandon.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "michaelrandon.com"] [uri "/xmlrpc.php"] [unique_id "ajHmdopcQmcE6ZcBAJAaMQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 23:12:08 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.co ... show more (mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 19:12:00.447207 2026] [security2:error] [pid 6298:tid 6298] [client 200.53.206.121:3643] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 200.53.206.121 (+1 hits since last alert)\|calvaryadminservices.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "calvaryadminservices.com"] [uri "/xmlrpc.php"] [unique_id "ajHYQIyMYdYjcdSxm-rYNgAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 YF	2026-06-16 04:00:53 (5 days ago)	xmlrpc.php Potential DDoS or brute force	DDoS Attack Brute-Force
🇺🇸 TPI-Abuse	2026-06-15 22:29:03 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.co ... show more (mod_security) mod_security (id:240335) triggered by 200.53.206.121 (200.53.206.121.redfoxtelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 18:28:57.971919 2026] [security2:error] [pid 13085:tid 13085] [client 200.53.206.121:20436] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 200.53.206.121 (+1 hits since last alert)\|thebrotherhoodlounge.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "thebrotherhoodlounge.com"] [uri "/xmlrpc.php"] [unique_id "ajB8qUxJScWep2HXfimt4QAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-15 22:01:01 (5 days ago)	[server.tmg.gr] httpd-xmlrpc-post: sites=crisis-management2018.eu; logs=/var/log/httpd/domains/crisi ... show more [server.tmg.gr] httpd-xmlrpc-post: sites=crisis-management2018.eu; logs=/var/log/httpd/domains/crisis-management2018.eu.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-15 20:30:02 (5 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.105.44.118

🇹🇳 197.27.88.19

🇬🇧 195.140.214.19

🇮🇩 182.253.64.11

🇮🇷 85.133.193.72

🇨🇾 77.92.27.57

🇨🇦 62.169.135.134

🇨🇿 46.135.138.242

🇬🇧 35.203.211.176

🇧🇪 34.77.191.38

🇩🇪 194.88.98.94

🇩🇪 193.124.20.228

🇮🇳 192.178.119.26

🇳🇱 185.242.226.62

🇺🇸 173.239.218.171

🇯🇵 155.2.216.24

🇨🇳 115.190.126.68

🇨🇳 111.198.53.188

🇳🇱 91.92.40.28

🇳🇱 81.19.216.117