JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.142.0.48

41.142.0.48 was found in our database!

This IP was reported 71 times. Confidence of Abuse is 100%: ?

100%

ISP	ADSL_Maroc_telecom
Usage Type	Fixed Line ISP
ASN	AS36903
Domain Name	menara.ma
Country	🇲🇦 Morocco
City	Kenitra, Rabat-Sale-Kenitra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.142.0.48

Whois 41.142.0.48

IP Abuse Reports for 41.142.0.48:

This IP address has been reported a total of 71 times from 48 distinct sources. 41.142.0.48 was first reported on November 22nd 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-13 21:59:15 (4 days ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-12. show less	Web App Attack SSH Hacking
🇲🇽 octageeks.com	2026-06-13 04:16:19 (5 days ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-12 21:59:47 (5 days ago)	Auto-ban: >3000 req/min op 2026-06-12	Web App Attack SSH Hacking
🇫🇷 Little Iguana	2026-06-12 13:22:01 (5 days ago)	Attempt to hack Wordpress Login, XMLRPC or other login	Hacking
🇺🇸 interbiznw.com	2026-06-12 11:57:26 (5 days ago)	malicious-web-requests-vulnerability-scanning	Hacking Brute-Force Exploited Host Web App Attack
🇩🇪 MarkGGN	2026-06-12 11:41:46 (5 days ago)	Web attack. 41.142.0.48 - - [12/Jun/2026:13:41:44 +0200] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 ... show more Web attack. 41.142.0.48 - - [12/Jun/2026:13:41:44 +0200] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/141 Safari/537.36" 41.142.0.48 - - [12/Jun/2026:13:41:45 +0200] "GET /.env HTTP/1.1" 444 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/141 Safari/537.36" show less	Web App Attack
🇬🇧 consul.to	2026-06-12 11:19:15 (5 days ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 09:49:56 (5 days ago)	(mod_security) mod_security (id:210492) triggered by 41.142.0.48 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:210492) triggered by 41.142.0.48 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 05:49:52.177433 2026] [security2:error] [pid 5132:tid 5132] [client 41.142.0.48:28198] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "edenberg.com"] [uri "/.env"] [unique_id "aivWQM0mmhNafIyAvwDiWgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 09:12:56 (5 days ago)	(caddyscan) Scanner path probe from 41.142.0.48 (MA/Morocco/-): 5 in the last 3600 secs; Ports: ; D ... show more (caddyscan) Scanner path probe from 41.142.0.48 (MA/Morocco/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 41.142.0.48 - - [12/Jun/2026:08:23:28 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 41.142.0.48 - - [12/Jun/2026:08:32:26 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 41.142.0.48 - - [12/Jun/2026:08:39:42 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 41.142.0.48 - - [12/Jun/2026:08:59:05 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 41.142.0.48 - - [12/Jun/2026:09:12:51 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇩🇪 lumbermatt_de	2026-06-12 08:27:05 (5 days ago)	Vulnerability exploit attack detected	Web App Attack
🇩🇪 ger-stg-sifi1	2026-06-12 08:22:06 (5 days ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
Anonymous	2026-06-12 08:12:15 (5 days ago)	Try to connect to Port_Scan_443_stealth	Port Scan
🇩🇪 IVski	2026-06-12 07:25:40 (5 days ago)	IVski WAF \| Sensitive file probe detected - looking for .env	Port Scan Brute-Force Web App Attack
Anonymous	2026-06-12 07:15:19 (5 days ago)	(caddyscan) Scanner path probe from 41.142.0.48 (MA/Morocco/-): 5 in the last 3600 secs; Ports: ; D ... show more (caddyscan) Scanner path probe from 41.142.0.48 (MA/Morocco/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 41.142.0.48 - - [12/Jun/2026:06:16:47 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 41.142.0.48 - - [12/Jun/2026:06:18:08 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 41.142.0.48 - - [12/Jun/2026:06:40:50 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 41.142.0.48 - - [12/Jun/2026:07:04:51 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 41.142.0.48 - - [12/Jun/2026:07:15:17 +0000] "GET /.env HTTP/1.1" show less	Port Scan
Anonymous	2026-06-12 06:55:13 (5 days ago)	41.142.0.48 - - [12/Jun/2026:06:55:12 +0000] "GET /.env HTTP/1.1" 404 7030 "-" "Mozilla/5.0 (Windows ... show more 41.142.0.48 - - [12/Jun/2026:06:55:12 +0000] "GET /.env HTTP/1.1" 404 7030 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Chrome/141 Safari/537.36" ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 71 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇽 187.190.35.163

🇳🇱 45.148.10.157

🇷🇴 2.57.122.238

🇧🇪 198.235.24.224

🇺🇸 198.46.253.100

🇺🇸 184.105.247.219

🇲🇴 182.93.50.90

🇩🇪 167.94.146.33

🇦🇹 152.53.0.56

🇮🇳 103.54.179.166

🇺🇸 100.28.153.226

🇷🇴 80.94.92.182

🇨🇳 39.105.218.153

🇺🇸 20.118.233.189

🇺🇸 18.221.179.104

🇮🇩 182.8.66.132

🇺🇸 172.203.134.70

🇱🇹 141.98.11.41

🇧🇬 95.87.248.223

🇺🇸 47.77.211.73