Elevated Risk
IP 123.30.233.13, registered to VNPT Corp in Vietnam under ASN AS45899, is a high-risk address with a threat level of 8/10 that has generated 318 total abuse reports across automated honeypot sensors and community sources, indicating sustained and prolific malicious activity during April and May 2026.
The IP reputation data shows 318 distinct incident reports with an activity frequency rating of 8/10, sourced from 20 independent detection points: 11 automated honeypot sensors and 9 community-based reports. The dominant threat categories are consistent across the report set, with general hacking attempts (16 reports) and brute-force attacks (15 reports) leading the activity profile, followed by WordPress login brute-force attempts (10 reports), distributed denial-of-service activity (5 reports), WordPress plugin exploitation probes (1 report), and WordPress user enumeration attempts (1 report). The observed attack patterns include automated credential stuffing against authentication endpoints, basic authentication brute-force attempts via POST requests to root paths, and systematic WordPress REST API reconnaissance targeting user enumeration and plugin vulnerabilities.
The concentration of credential-based attacks and WordPress-focused vulnerability probing indicates an attacker deploying automated tooling to compromise web-facing authentication systems at scale. Brute-force and credential stuffing attacks systematically test username and password combinations to gain unauthorized administrative access, while the WordPress-specific reconnaissance attempts probe for outdated plugins and user disclosure that could facilitate targeted exploitation. A successful compromise of any targeted system could result in data exfiltration, malware deployment, or pivoting to internal network resources, representing a concrete and immediate risk to any exposed authentication interface.
Site operators should immediately block or rate-limit connections from this address at the firewall or load balancer level, particularly for any HTTP/HTTPS endpoints serving administrative interfaces. Implementing strict account lockout thresholds and multi-factor authentication on all remote authentication portals significantly reduces the effectiveness of credential attacks. Monitoring authentication logs for the observed patterns of root-path POST requests and WordPress REST API enumeration attempts enables early detection of ongoing targeting. Deploying intrusion prevention tools such as fail2ban can automatically identify and remediate brute-force activity in real time.
LK 
BG 
AU 
LT 
JP 
FR