JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.13.74.105

41.13.74.105 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 95%: ?

95%

ISP	Vodacom
Usage Type	Mobile ISP
ASN	AS29975
Hostname(s)	vc-nat-gp-n-41-13-74-105.umts.vodacom.co.za
Domain Name	vodacom.com
Country	🇿🇦 South Africa
City	Pretoria, Gauteng

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.13.74.105

Whois 41.13.74.105

IP Abuse Reports for 41.13.74.105:

This IP address has been reported a total of 23 times from 18 distinct sources. 41.13.74.105 was first reported on February 4th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-06-21 14:55:48 (1 day ago)	[SunJun2116:55:46.0642322026][security2:error][pid757184:tid757193][client41.13.74.105:0]ModSecurity ... show more [SunJun2116:55:46.0642322026][security2:error][pid757184:tid757193][client41.13.74.105:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"morgenstern-swiss.ch\"][uri\"/xmlrpc.php\"][unique_id\"ajf7cpxZft59LcLjE0r8JAAAAIU\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-06-21 13:15:08 (1 day ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2026-06-21 07:40:04 (1 day ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇩🇪 LRob.fr	2026-06-20 11:15:05 (2 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-19 21:47:58 (2 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
Anonymous	2026-06-19 06:21:38 (3 days ago)	[redacted] 41.13.74.105 - - [19/Jun/2026:08:20:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mo ... show more [redacted] 41.13.74.105 - - [19/Jun/2026:08:20:35 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/15.0.0.0 Safari/537.36" [redacted] 41.13.74.105 - - [19/Jun/2026:08:20:37 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 10.0; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/13.0.0.0 Safari/537.36" [redacted] 41.13.74.105 - - [19/Jun/2026:08:21:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Windows NT 6.2; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/88.0.0.0 Safari/537.36" [redacted] 41.13.74.105 - - [19/Jun/2026:08:21:03 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Safari/15.0.0.0 Safari/537.36" [redacted] 41.13.74.105 - - [19/Jun/2026:08:21:36 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Mozilla/5.0 (Linux; ... show less	Hacking Web App Attack
🇫🇷 SpaceHost-Server	2026-06-18 22:32:15 (3 days ago)		Brute-Force Web App Attack
🇩🇪 4server	2026-06-18 18:01:57 (4 days ago)	[ThuJun1820:01:56.3829312026][security2:error][pid609141:tid609157][client41.13.74.105:0]ModSecurity ... show more [ThuJun1820:01:56.3829312026][security2:error][pid609141:tid609157][client41.13.74.105:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"admin-services.ch\"][uri\"/xmlrpc.php\"][unique_id\"ajQylMP0KP4A_-UR21mycQAAAA0\"] show less	Port Scan Brute-Force Web App Attack
🇩🇪 paissangroup	2026-06-18 17:03:54 (4 days ago)	Multiple WAF Violations	Web App Attack
🇫🇮 inlink.ltd	2026-06-18 14:53:43 (4 days ago)	Known malicious PHP file or CMS probe	Web App Attack
🇧🇾 lns.bz	2026-06-18 13:49:50 (4 days ago)	Banned for trying to access xmlrpc [BY]	Web App Attack
Anonymous	2026-06-18 11:33:29 (4 days ago)	41.13.74.105 - - [18/Jun/2026:13:33:28 +0200] "POST / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT ... show more 41.13.74.105 - - [18/Jun/2026:13:33:28 +0200] "POST / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 6.3; arm64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.0.0 Safari/537.36" show less	Web App Attack
🇩🇪 konseptit	2026-06-18 08:27:42 (4 days ago)	(wordpress) Failed wordpress login from 41.13.74.105 (vc-nat-gp-n-41-13-74-105.umts.vodacom.co.za)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-18 07:30:25 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 41.13.74.105 (vc-nat-gp-n-41-13-74-105.umts.vod ... show more (mod_security) mod_security (id:225170) triggered by 41.13.74.105 (vc-nat-gp-n-41-13-74-105.umts.vodacom.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 03:30:20.747906 2026] [security2:error] [pid 24185:tid 24185] [client 41.13.74.105:42016] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|fusteriafontane.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fusteriafontane.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajOejCtTJfy7aJWoxzxSvwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-18 02:14:21 (4 days ago)	(mod_security) mod_security (id:225170) triggered by 41.13.74.105 (vc-nat-gp-n-41-13-74-105.umts.vod ... show more (mod_security) mod_security (id:225170) triggered by 41.13.74.105 (vc-nat-gp-n-41-13-74-105.umts.vodacom.co.za): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 22:14:15.297937 2026] [security2:error] [pid 27692:tid 27692] [client 41.13.74.105:38228] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|atidysort.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "atidysort.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajNUd-1nv6EuK2U6cr3nZwAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 213.124.148.22

🇺🇸 205.210.31.42

🇱🇹 185.169.4.181

🇨🇳 123.160.73.196

🇷🇺 109.173.91.189

🇪🇸 46.253.45.10

🇨🇦 46.202.235.203

🇺🇸 20.12.41.6

🇺🇸 216.180.246.224

🇩🇪 213.209.159.226

🇿🇼 197.155.225.93

🇸🇪 195.178.191.5

🇧🇩 182.48.80.240

🇪🇸 141.109.168.51

🇨🇳 113.205.237.210

🇭🇺 91.219.238.141

🇳🇱 89.21.67.148

🇨🇦 82.26.178.81

🇺🇸 74.125.181.150

🇺🇸 20.64.105.41