JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 105.224.69.41

105.224.69.41 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 47%: ?

47%

ISP	Telkom Internet Broadband 105 224
Usage Type	Fixed Line ISP
ASN	AS37457
Hostname(s)	105-224-69-41.ti-dsl.telkomsa.net
Domain Name	telkom.co.za
Country	🇿🇦 South Africa
City	Pretoria, Gauteng

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 105.224.69.41

Whois 105.224.69.41

IP Abuse Reports for 105.224.69.41:

This IP address has been reported a total of 12 times from 9 distinct sources. 105.224.69.41 was first reported on November 25th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-29 01:33:02 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.ne ... show more (mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 21:32:57.385693 2026] [security2:error] [pid 7565:tid 7565] [client 105.224.69.41:56535] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.224.69.41 (+1 hits since last alert)\|newcastle91.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "newcastle91.org"] [uri "/xmlrpc.php"] [unique_id "akHLSXM-SfAvENCe5SViLAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-28 22:15:57 (1 day ago)	Blocked by CSF 13 firewall - Rule: XMLRPC ZA/South Africa/105-224-69-41.ti-dsl.telkomsa.net	Web App Attack
🇺🇸 cwytech	2026-06-27 18:57:18 (2 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wp-us-login-only-high.	Bad Web Bot Web App Attack
🇪🇸 masterguru	2026-06-27 16:11:08 (2 days ago)	(xmlrpc) Failed xmlrpc access from 105.224.69.41 (ZA/South Africa/105-224-69-41.ti-dsl.telkomsa.net) ... show more (xmlrpc) Failed xmlrpc access from 105.224.69.41 (ZA/South Africa/105-224-69-41.ti-dsl.telkomsa.net): 5 in the last 3600 secs (0-122) show less	Hacking
🇺🇸 TPI-Abuse	2026-06-26 23:31:53 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.ne ... show more (mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 19:31:45.421434 2026] [security2:error] [pid 17258:tid 17258] [client 105.224.69.41:63200] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.224.69.41 (+1 hits since last alert)\|kadinisi.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "kadinisi.org"] [uri "/xmlrpc.php"] [unique_id "aj8L4cEUsU7jwXSBV7UtjAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-26 16:06:19 (3 days ago)	(wordpress) Failed wordpress login from 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.net)	Brute-Force
🇧🇪 cmbplf	2026-06-26 05:33:27 (4 days ago)	3.397 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇫🇷 dynamix	2026-06-26 04:00:14 (4 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 01:20:38 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.ne ... show more (mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 21:20:31.033088 2026] [security2:error] [pid 28884:tid 28884] [client 105.224.69.41:55032] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.224.69.41 (+1 hits since last alert)\|goldcountrygermanamericanclub.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "goldcountrygermanamericanclub.org"] [uri "/xmlrpc.php"] [unique_id "aj3T3yPxp0VY0jMzCT-U-gAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 00:51:15 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.ne ... show more (mod_security) mod_security (id:240335) triggered by 105.224.69.41 (105-224-69-41.ti-dsl.telkomsa.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 20:51:08.360777 2026] [security2:error] [pid 27947:tid 27947] [client 105.224.69.41:56748] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 105.224.69.41 (+1 hits since last alert)\|activethinkers.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "activethinkers.net"] [uri "/xmlrpc.php"] [unique_id "aj3M_NnR3qx4ibnMgA6VXAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 VHosting	2025-12-23 11:24:16 (6 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
Anonymous	2025-11-25 05:37:58 (7 months ago)	scanning http requests from known botnet	Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 170.245.120.109

🇳🇱 159.183.225.35

🇭🇰 150.5.154.160

🇮🇳 122.171.22.255

🇳🇱 91.92.40.50

🇸🇬 68.178.160.25

🇫🇷 51.68.236.72

🇨🇳 42.238.176.221

🇳🇱 2a09:bac5:4e3d:15cd::22c:be

🇯🇵 2a09:bac5:4430:efa::17e:13a

🇮🇩 203.17.87.140

🇳🇱 195.178.110.30

🇳🇱 178.16.54.22

🇸🇬 172.71.124.229

🇺🇸 162.216.150.224

🇳🇱 77.83.39.32

🇶🇦 20.173.116.24

🇺🇸 218.30.53.46

🇩🇪 213.209.159.241

🇺🇸 191.102.187.145