JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 223.205.30.3

223.205.30.3 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 70%: ?

70%

ISP	Triple T Broadband Public Company Limited
Usage Type	Fixed Line ISP
ASN	AS45758
Hostname(s)	mx-ll-223.205.30-3.dynamic.3bb.in.th
Domain Name	ais.th
Country	🇹🇭 Thailand
City	Bang Lamung, Chon Buri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 223.205.30.3

Whois 223.205.30.3

IP Abuse Reports for 223.205.30.3:

This IP address has been reported a total of 22 times from 13 distinct sources. 223.205.30.3 was first reported on June 4th 2026, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 rh24	2026-06-10 06:10:56 (4 days ago)	(xmlrpc_405) XMLRPC-Bot 405 223.205.30.3 (TH/Thailand/mx-ll-223.205.30-3.dynamic.3bb.co.th)	Hacking
🇩🇪 pscriptos	2026-06-09 17:49:32 (5 days ago)	{"ClientAddr":"223.205.30.3:49674","ClientHost":"223.205.30.3","ClientPort":"49674","ClientUsername" ... show more {"ClientAddr":"223.205.30.3:49674","ClientHost":"223.205.30.3","ClientPort":"49674","ClientUsername":"-","DownstreamContentSize":418,"DownstreamStatus":403,"Duration":392281430,"OriginContentSize":418,"OriginDuration":389414101,"OriginStatus":403,"Overhead":2867329,"RequestAddr":"www.cleveradmin.de","RequestContentSize":716,"RequestCount":1672543,"RequestHost":"www.cleveradmin.de","RequestMethod":"POST","RequestPath":"/xmlrpc.php","RequestPort":"-","RequestProtocol":"HTTP/1.1","RequestScheme":"https","RetryAttempts":0,"RouterName":"cleveradmin-www-websecure@file","ServiceAddr":"172.16.80.10:80","ServiceName":"cleveradmin-www@file","ServiceURL":"http://172.16.80.10:80","StartLocal":"2026-06-09T19:49:11.388925984+02:00","StartUTC":"2026-06-09T17:49:11.388925984Z","TLSCipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","TLSVersion":"1.2","entryPointName":"websecure","level":"info","msg":"","time":"2026-06-09T19:49:11+02:00"} {"ClientAddr":"223.205.30.3:49674","ClientHost":"223.205.30.3","Clie ... show less	Brute-Force Web App Attack
🇳🇱 Site.eu	2026-06-09 14:17:44 (5 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-09 13:05:35 (5 days ago)		Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 12:38:43 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 223.205.30.3 (mx-ll-223.205.30-3.dynamic.3bb.in ... show more (mod_security) mod_security (id:240335) triggered by 223.205.30.3 (mx-ll-223.205.30-3.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 08:38:36.473999 2026] [security2:error] [pid 21052:tid 21052] [client 223.205.30.3:52944] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.205.30.3 (+1 hits since last alert)\|sizefinder.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sizefinder.com"] [uri "/xmlrpc.php"] [unique_id "aigJTP74ycwbwkMtmycnzwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-09 11:33:22 (5 days ago)	(wordpress) Failed wordpress login from 223.205.30.3 (TH/Thailand/Chon Buri/Pattaya/mx-ll-223.205.30 ... show more (wordpress) Failed wordpress login from 223.205.30.3 (TH/Thailand/Chon Buri/Pattaya/mx-ll-223.205.30-3.dynamic.3bb.in.th/[redacted]) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-09 10:03:43 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 223.205.30.3 (mx-ll-223.205.30-3.dynamic.3bb.in ... show more (mod_security) mod_security (id:240335) triggered by 223.205.30.3 (mx-ll-223.205.30-3.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 06:03:37.107803 2026] [security2:error] [pid 5437:tid 5437] [client 223.205.30.3:49801] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.205.30.3 (+1 hits since last alert)\|yogawithbubba.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "yogawithbubba.com"] [uri "/xmlrpc.php"] [unique_id "aifk-Xvs5HjjBja2TpfDLwAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 08:19:50 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 223.205.30.3 (mx-ll-223.205.30-3.dynamic.3bb.co ... show more (mod_security) mod_security (id:240335) triggered by 223.205.30.3 (mx-ll-223.205.30-3.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 04:19:43.668058 2026] [security2:error] [pid 25101:tid 25101] [client 223.205.30.3:49555] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.205.30.3 (+1 hits since last alert)\|honigcpa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "honigcpa.com"] [uri "/xmlrpc.php"] [unique_id "aifMnx8yqViVUI8xdDtbNgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-09 07:45:51 (5 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
Anonymous	2026-06-08 17:11:56 (6 days ago)	(wordpress) Failed wordpress login from 223.205.30.3 (TH/Thailand/mx-ll-223.205.30-3.dynamic.3bb.co. ... show more (wordpress) Failed wordpress login from 223.205.30.3 (TH/Thailand/mx-ll-223.205.30-3.dynamic.3bb.co.th) show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-08 15:01:05 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 223.205.30.3 (mx-ll-223.205.30-3.dynamic.3bb.in ... show more (mod_security) mod_security (id:240335) triggered by 223.205.30.3 (mx-ll-223.205.30-3.dynamic.3bb.in.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 11:01:00.675837 2026] [security2:error] [pid 30674:tid 30674] [client 223.205.30.3:50488] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.205.30.3 (+1 hits since last alert)\|michelehoop.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "michelehoop.com"] [uri "/xmlrpc.php"] [unique_id "aibZLBRSHd72-2i_0L6pQwAAAHA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 07:17:03 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 223.205.30.3 (mx-ll-223.205.30-3.dynamic.3bb.co ... show more (mod_security) mod_security (id:240335) triggered by 223.205.30.3 (mx-ll-223.205.30-3.dynamic.3bb.co.th): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 03:16:55.424554 2026] [security2:error] [pid 5413:tid 5413] [client 223.205.30.3:52204] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.205.30.3 (+1 hits since last alert)\|rajabarber.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rajabarber.com"] [uri "/xmlrpc.php"] [unique_id "aiZsZ0P68kCS0d-7DKET-AAAABk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-08 06:45:10 (6 days ago)	Attac	Brute-Force
Anonymous	2026-06-07 16:35:00 (1 week ago)	(wordpress) Failed wordpress login from 223.205.30.3 (TH/Thailand/mx-ll-223.205.30-3.dynamic.3bb.co. ... show more (wordpress) Failed wordpress login from 223.205.30.3 (TH/Thailand/mx-ll-223.205.30-3.dynamic.3bb.co.th) show less	Brute-Force
Anonymous	2026-06-07 13:44:17 (1 week ago)	[ns41.kdns.gr] httpd-xmlrpc-post: sites=jiotis.gr; logs=/var/log/httpd/domains/jiotis.gr.log; sample ... show more [ns41.kdns.gr] httpd-xmlrpc-post: sites=jiotis.gr; logs=/var/log/httpd/domains/jiotis.gr.log; samples=/xmlrpc.php show less	Brute-Force Web App Attack

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇾 2001:f40:925:26f:94b1:3002:654e:a2d3

🇺🇸 198.46.134.48

🇲🇽 189.203.190.153

🇳🇱 91.92.40.4

🇺🇸 64.83.12.240

🇭🇰 43.161.246.189

🇻🇳 14.177.234.24

🇬🇧 2a06:4880:2000::3f

🇹🇼 198.235.24.118

🇨🇳 180.153.236.197

🇺🇸 147.185.132.243

🇨🇳 121.204.153.162

🇨🇳 106.46.76.23

🇮🇳 103.182.132.154

🇰🇷 211.62.111.247

🇮🇳 115.96.181.136

🇺🇸 74.125.185.93

🇪🇸 51.170.34.82

🇨🇳 1.95.169.206

🇺🇸 209.38.70.156