JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 223.204.115.204

223.204.115.204 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 60%: ?

60%

ISP	Triple T Broadband Public Company Limited
Usage Type	Fixed Line ISP
ASN	AS45758
Hostname(s)	mx-ll-223.204.115-204.dynamic.3bb.co.th
Domain Name	ais.th
Country	🇹🇭 Thailand
City	Bang Lamung, Chon Buri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 223.204.115.204

Whois 223.204.115.204

IP Abuse Reports for 223.204.115.204:

This IP address has been reported a total of 18 times from 14 distinct sources. 223.204.115.204 was first reported on June 10th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-17 15:58:09 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 223.204.115.204 (mx-ll-223.204.115-204.dynamic. ... show more (mod_security) mod_security (id:240335) triggered by 223.204.115.204 (mx-ll-223.204.115-204.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 11:58:03.569033 2026] [security2:error] [pid 20187:tid 20187] [client 223.204.115.204:58801] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.204.115.204 (+1 hits since last alert)\|eye7graphics.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "eye7graphics.com"] [uri "/xmlrpc.php"] [unique_id "ajLEC96zRgeK5Ht3OPq8UgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-17 14:21:32 (1 week ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 06:45:44 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 223.204.115.204 (mx-ll-223.204.115-204.dynamic. ... show more (mod_security) mod_security (id:240335) triggered by 223.204.115.204 (mx-ll-223.204.115-204.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 02:45:37.294107 2026] [security2:error] [pid 13938:tid 13938] [client 223.204.115.204:50008] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.204.115.204 (+1 hits since last alert)\|clayrivers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "clayrivers.com"] [uri "/xmlrpc.php"] [unique_id "ajJCkUYijsJtowCjoOax0AAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 05:13:26 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 223.204.115.204 (mx-ll-223.204.115-204.dynamic. ... show more (mod_security) mod_security (id:240335) triggered by 223.204.115.204 (mx-ll-223.204.115-204.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 01:13:19.001001 2026] [security2:error] [pid 28237:tid 28237] [client 223.204.115.204:56344] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.204.115.204 (+1 hits since last alert)\|verdeprofundo.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "verdeprofundo.net"] [uri "/xmlrpc.php"] [unique_id "ajIs7neUgONtBqXriM69gQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇭 thaizone.com	2026-06-17 05:12:58 (1 week ago)	Brute-forcing login against websites (D1-1) #1	Web App Attack Hacking
🇦🇺 QT	2026-06-16 12:00:36 (1 week ago)	Unauthorised WordPress admin login attempted at 2026-06-16 22:00:35 +1000	Web App Attack
🇳🇱 Site.eu	2026-06-16 08:15:43 (2 weeks ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-16 07:14:15 (2 weeks ago)	[redacted] 223.204.115.204 - - [16/Jun/2026:09:13:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" ... show more [redacted] 223.204.115.204 - - [16/Jun/2026:09:13:31 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 223.204.115.204 - - [16/Jun/2026:09:13:41 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 223.204.115.204 - - [16/Jun/2026:09:13:52 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 223.204.115.204 - - [16/Jun/2026:09:14:02 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 223.204.115.204 - - [16/Jun/2026:09:14:13 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 14:47:53 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 223.204.115.204 (mx-ll-223.204.115-204.dynamic. ... show more (mod_security) mod_security (id:240335) triggered by 223.204.115.204 (mx-ll-223.204.115-204.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 10:47:45.678052 2026] [security2:error] [pid 407:tid 407] [client 223.204.115.204:55542] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.204.115.204 (+1 hits since last alert)\|caymancline.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caymancline.com"] [uri "/xmlrpc.php"] [unique_id "ajAQkbgBE7tV-cdrtm0cFAAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-14 08:22:47 (2 weeks ago)	(xmlrpc_405) XMLRPC-Bot 405 223.204.115.204 (TH/Thailand/mx-ll-223.204.115-204.dynamic.3bb.co.th)	Hacking
🇱🇻 garmtech.com	2026-06-14 06:29:39 (2 weeks ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS	Web App Attack
🇩🇪 konseptit	2026-06-13 12:27:10 (2 weeks ago)	(wordpress) Failed wordpress login from 223.204.115.204 (TH/Thailand/mx-ll-223.204.115-204.dynamic.3 ... show more (wordpress) Failed wordpress login from 223.204.115.204 (TH/Thailand/mx-ll-223.204.115-204.dynamic.3bb.in.th) show less	Brute-Force
Anonymous	2026-06-13 11:24:17 (2 weeks ago)	(wordpress) Failed wordpress login from 223.204.115.204 (TH/Thailand/mx-ll-223.204.115-204.dynamic.3 ... show more (wordpress) Failed wordpress login from 223.204.115.204 (TH/Thailand/mx-ll-223.204.115-204.dynamic.3bb.co.th) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-12 14:59:22 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 223.204.115.204 (mx-ll-223.204.115-204.dynamic. ... show more (mod_security) mod_security (id:240335) triggered by 223.204.115.204 (mx-ll-223.204.115-204.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 10:59:15.821992 2026] [security2:error] [pid 4728:tid 4728] [client 223.204.115.204:56121] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.204.115.204 (+1 hits since last alert)\|stacyfarm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "stacyfarm.com"] [uri "/xmlrpc.php"] [unique_id "aiwewzPOzpRV2Mi6bYRxLQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 Progetto1	2026-06-12 13:20:02 (2 weeks ago)	Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 185.216.145.173

🇨🇴 190.5.200.98

🇳🇱 176.65.139.246

🇩🇪 164.92.181.204

🇺🇸 162.216.150.228

🇺🇸 151.240.65.105

🇵🇭 122.3.106.113

🇳🇬 102.88.114.167

🇱🇹 81.30.98.158

🇱🇺 64.89.161.82

🇨🇳 58.58.130.22

🇱🇹 45.227.254.170

🇳🇱 45.148.10.67

🇭🇰 223.197.186.7

🇰🇷 220.125.120.231

🇧🇪 198.235.24.209

🇹🇭 183.88.209.146

🇫🇮 147.185.133.202

🇹🇼 111.70.29.124

🇳🇱 91.92.40.237