JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 223.235.99.24

223.235.99.24 was found in our database!

This IP was reported 17 times. Confidence of Abuse is 64%: ?

64%

ISP	ABTS DELHI,
Usage Type	Fixed Line ISP
ASN	AS24560
Hostname(s)	abts-north-dynamic-24.99.235.223.airtelbroadband.in
Domain Name	airtel.in
Country	🇮🇳 India
City	Patna, Bihar

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 223.235.99.24

Whois 223.235.99.24

IP Abuse Reports for 223.235.99.24:

This IP address has been reported a total of 17 times from 12 distinct sources. 223.235.99.24 was first reported on February 13th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-20 16:01:25 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 223.235.99.24 (abts-north-dynamic-24.99.235.223 ... show more (mod_security) mod_security (id:240335) triggered by 223.235.99.24 (abts-north-dynamic-24.99.235.223.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 12:01:19.467906 2026] [security2:error] [pid 3494:tid 3494] [client 223.235.99.24:31252] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.235.99.24 (+1 hits since last alert)\|redlitephotos.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "redlitephotos.com"] [uri "/xmlrpc.php"] [unique_id "aja5T3hldfOvWyTBl2wXvQAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 14:30:28 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 223.235.99.24 (abts-north-dynamic-24.99.235.223 ... show more (mod_security) mod_security (id:240335) triggered by 223.235.99.24 (abts-north-dynamic-24.99.235.223.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 10:30:23.145148 2026] [security2:error] [pid 19088:tid 19088] [client 223.235.99.24:6675] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.235.99.24 (+1 hits since last alert)\|kentsavagelaw.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kentsavagelaw.com"] [uri "/xmlrpc.php"] [unique_id "ajaj_5MamrxRqG3faFK4-QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 BlueStem123	2026-06-20 08:01:00 (1 day ago)	Automated scanner targeting WordPress installations. Source produced sustained scanning activity exc ... show more Automated scanner targeting WordPress installations. Source produced sustained scanning activity exceeding 100 requests within a 60-minute window. show less	Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-20 06:09:22 (1 day ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
Anonymous	2026-06-20 03:06:04 (1 day ago)	Trying to access config files	Web App Attack
🇱🇻 garmtech.com	2026-06-20 02:19:39 (1 day ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS	Web App Attack
🇱🇻 garmtech.com	2026-06-20 02:08:24 (1 day ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)	Web App Attack
🇪🇸 SweetHoneyPress	2026-06-20 01:37:10 (1 day ago)	WordPress honeypot: POST to /xmlrpc.php \| event_id=790366 \| UA: Jetpack by WordPress.com	Web App Attack Brute-Force
🇪🇸 SweetHoneyPress	2026-06-20 01:22:09 (1 day ago)	WordPress honeypot: POST to /xmlrpc.php \| event_id=790275 \| UA: Jetpack/13.0; WordPress/6.2; http:// ... show more WordPress honeypot: POST to /xmlrpc.php \| event_id=790275 \| UA: Jetpack/13.0; WordPress/6.2; http://site90913766.com show less	Web App Attack Brute-Force
🇦🇺 screwlooseit.com.au	2026-06-19 08:41:31 (2 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC IN/India/abts-north-dynamic-24.99.235.223.airtelbroadband. ... show more Blocked by CSF 13 firewall - Rule: XMLRPC IN/India/abts-north-dynamic-24.99.235.223.airtelbroadband.in show less	Web App Attack
Anonymous	2026-06-19 05:38:05 (2 days ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
Anonymous	2026-06-19 03:36:27 (2 days ago)	(wordpress) Failed wordpress login from 223.235.99.24 (IN/India/abts-north-dynamic-24.99.235.223.air ... show more (wordpress) Failed wordpress login from 223.235.99.24 (IN/India/abts-north-dynamic-24.99.235.223.airtelbroadband.in) show less	Brute-Force
🇺🇸 Jason Howell	2026-06-19 03:03:40 (2 days ago)	223.235.99.24 - - [18/Jun/2026:22:02:22 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3217 "-" "Jetpack by ... show more 223.235.99.24 - - [18/Jun/2026:22:02:22 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3217 "-" "Jetpack by WordPress.com" 223.235.99.24 - - [18/Jun/2026:22:02:32 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3218 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)" 223.235.99.24 - - [18/Jun/2026:22:02:44 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3217 "-" "WordPress.com; https://wordpress.com" 223.235.99.24 - - [18/Jun/2026:22:02:54 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3218 "-" "Jetpack by WordPress.com" 223.235.99.24 - - [18/Jun/2026:22:03:39 -0500] "POST /xmlrpc.php HTTP/1.1" 200 3217 "-" "Jetpack/13.0; WordPress/6.2; http://site35820578.com" ... show less	Web App Attack
🇫🇷 dynamix	2026-06-19 02:33:31 (2 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 02:06:37 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 223.235.99.24 (abts-north-dynamic-24.99.235.223 ... show more (mod_security) mod_security (id:240335) triggered by 223.235.99.24 (abts-north-dynamic-24.99.235.223.airtelbroadband.in): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 22:06:31.882551 2026] [security2:error] [pid 11952:tid 11952] [client 223.235.99.24:14704] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 223.235.99.24 (+1 hits since last alert)\|billwegener.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "billwegener.net"] [uri "/xmlrpc.php"] [unique_id "ajSkJ4aKGGZdGfhXs-4VQQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 17 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 103.75.182.108

🇺🇸 2604:a880:400:d1:0:4:9e7a:1

🇬🇧 193.163.125.53

🇵🇱 185.238.72.3

🇵🇦 181.197.87.49

🇳🇱 178.16.55.50

🇨🇳 111.53.0.169

🇨🇳 106.15.238.36

🇩🇪 45.157.232.139

🇺🇸 44.20.1.56

🇺🇸 20.163.14.234

🇨🇳 223.73.64.232

🇩🇪 207.241.172.187

🇸🇻 190.150.64.241

🇨🇴 190.108.76.179

🇺🇸 147.185.132.229

🇻🇳 113.178.80.21

🇺🇦 91.90.11.145

🇮🇪 86.43.97.121

🇩🇪 69.5.169.54