JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 171.6.243.21

171.6.243.21 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 47%: ?

47%

ISP	Triple T Broadband Public Company Limited
Usage Type	Fixed Line ISP
ASN	AS45758
Hostname(s)	mx-ll-171.6.243-21.dynamic.3bb.in.th
Domain Name	ais.th
Country	🇹🇭 Thailand
City	Phuket, Phuket

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 171.6.243.21

Whois 171.6.243.21

IP Abuse Reports for 171.6.243.21:

This IP address has been reported a total of 14 times from 8 distinct sources. 171.6.243.21 was first reported on November 26th 2020, and the most recent report was 9 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 SpaceHost-Server	2026-06-13 22:27:05 (9 hours ago)		Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 06:58:51 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.co ... show more (mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 02:58:42.216086 2026] [security2:error] [pid 8157:tid 8157] [client 171.6.243.21:50813] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 171.6.243.21 (+1 hits since last alert)\|rodzillacharters.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rodzillacharters.com"] [uri "/xmlrpc.php"] [unique_id "aiuuIvr9WcdCLhr17n5XQQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 05:23:43 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.in ... show more (mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 01:23:35.400799 2026] [security2:error] [pid 29737:tid 29737] [client 171.6.243.21:55338] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 171.6.243.21 (+1 hits since last alert)\|univey.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "univey.com"] [uri "/xmlrpc.php"] [unique_id "aiuX19Hg4Wbywl5zzuYsHwAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 03:19:04 (2 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 02:51:07 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.co ... show more (mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 22:51:03.844727 2026] [security2:error] [pid 15720:tid 15720] [client 171.6.243.21:55828] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 171.6.243.21 (+1 hits since last alert)\|kidswow.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kidswow.com"] [uri "/xmlrpc.php"] [unique_id "ait0F8s_efFtRke56y6A1wAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 02:48:06 (2 days ago)	[redacted] 171.6.243.21 - - [12/Jun/2026:04:47:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Wo ... show more [redacted] 171.6.243.21 - - [12/Jun/2026:04:47:21 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com" [redacted] 171.6.243.21 - - [12/Jun/2026:04:47:32 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com" [redacted] 171.6.243.21 - - [12/Jun/2026:04:47:43 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" [redacted] 171.6.243.21 - - [12/Jun/2026:04:47:54 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.5; WordPress 6.4)" [redacted] 171.6.243.21 - - [12/Jun/2026:04:48:05 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 08:45:23 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.in ... show more (mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 04:45:15.192397 2026] [security2:error] [pid 28711:tid 28711] [client 171.6.243.21:57546] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 171.6.243.21 (+1 hits since last alert)\|saynotoofland.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "saynotoofland.org"] [uri "/xmlrpc.php"] [unique_id "aip1m_EPCaI5TT72OLl0uAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-11 07:42:04 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.co ... show more (mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 03:42:00.034758 2026] [security2:error] [pid 15798:tid 15798] [client 171.6.243.21:60870] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 171.6.243.21 (+1 hits since last alert)\|crittergetterpestcontrol.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "crittergetterpestcontrol.com"] [uri "/xmlrpc.php"] [unique_id "aipmyGKT1N97a_SZTEC0RgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-11 07:09:42 (3 days ago)	[redacted] 171.6.243.21 - - [11/Jun/2026:09:08:50 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Wo ... show more [redacted] 171.6.243.21 - - [11/Jun/2026:09:08:50 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com" [redacted] 171.6.243.21 - - [11/Jun/2026:09:09:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com" [redacted] 171.6.243.21 - - [11/Jun/2026:09:09:18 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "WordPress.com; https://wordpress.com" [redacted] 171.6.243.21 - - [11/Jun/2026:09:09:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack/12.1; WordPress/6.2; http://site77911066.com" [redacted] 171.6.243.21 - - [11/Jun/2026:09:09:41 +0200] "POST /xmlrpc.php HTTP/1.1" 405 415 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)" ... show less	Hacking Web App Attack
Anonymous	2026-06-11 02:59:12 (3 days ago)	[da.kdns.gr] httpd-xmlrpc-post: sites=oro24.gr; logs=/var/log/httpd/domains/oro24.gr.log; samples=/x ... show more [da.kdns.gr] httpd-xmlrpc-post: sites=oro24.gr; logs=/var/log/httpd/domains/oro24.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 11:06:03 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.co ... show more (mod_security) mod_security (id:240335) triggered by 171.6.243.21 (mx-ll-171.6.243-21.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 07:05:55.181803 2026] [security2:error] [pid 27966:tid 27966] [client 171.6.243.21:49930] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 171.6.243.21 (+1 hits since last alert)\|whodatnation.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "whodatnation.com"] [uri "/xmlrpc.php"] [unique_id "ailFE0IscU_IsUQSxgngNQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-10 10:58:57 (3 days ago)	Web attack/malicious scanning detected	Web App Attack
🇫🇷 dynamix	2026-06-09 16:51:20 (4 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇩🇪 Hiffo	2020-11-26 03:33:31 (5 years ago)	1606379610 - 11/26/2020 09:33:30 Host: 171.6.243.21/171.6.243.21 Port: 445 TCP Blocked	Port Scan

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 185.197.195.216

🇻🇳 171.244.37.103

🇩🇪 167.94.146.42

🇺🇸 135.119.16.170

🇩🇪 104.207.50.193

🇵🇰 153.117.9.239

🇨🇳 124.222.229.150

🇺🇸 66.132.172.60

🇰🇿 37.151.47.27

🇳🇱 20.123.146.94

🇦🇺 20.5.130.110

🇮🇹 217.26.179.146

🇺🇸 172.104.210.105

🇺🇸 162.216.18.113

🇳🇱 77.83.39.53

🇳🇱 64.89.162.55

🇩🇪 51.75.151.240

🇭🇰 45.249.247.165

🇬🇧 35.203.210.32

🇺🇸 148.153.56.170