JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.209.10.54

41.209.10.54 was found in our database!

This IP was reported 83 times. Confidence of Abuse is 49%: ?

49%

ISP	MTN Business Kenya
Usage Type	Fixed Line ISP
ASN	AS9129
Domain Name	mtnbusiness.co.ke
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.209.10.54

Whois 41.209.10.54

IP Abuse Reports for 41.209.10.54:

This IP address has been reported a total of 83 times from 49 distinct sources. 41.209.10.54 was first reported on August 4th 2024, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Vegascosmetics	2026-06-08 09:28:41 (1 day ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated encoding. Vegas Security	DDoS Attack Hacking Bad Web Bot
Anonymous	2026-05-28 22:40:12 (1 week ago)	Web App Attack, Hacking	Hacking Web App Attack
🇦🇺 PetePK	2026-05-22 04:59:02 (2 weeks ago)	Probed 1 time(s): TCP/23	Port Scan
🇨🇦 DRI	2026-05-21 22:51:20 (2 weeks ago)	Unsolicited TCP traffic on Honeypot, srcport=46194 dstport=23	Port Scan Hacking
🇺🇸 RAP	2026-05-21 12:36:16 (2 weeks ago)	2026-05-21 12:36:16 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
🇬🇧 PeravixGroup	2026-05-18 09:44:44 (3 weeks ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
🇩🇪 milcraft.nl	2026-05-18 02:01:35 (3 weeks ago)	Suspicious WooCommerce query combination detected. Not default available on websites. Matched combi ... show more Suspicious WooCommerce query combination detected. Not default available on websites. Matched combi patterns: filter_, add-to-cart=, orderby=, product_count=. Activity is consistent with high-volume request abuse. show less	DDoS Attack Web App Attack
🇺🇸 MPL	2026-05-10 04:29:35 (4 weeks ago)	tcp/23 (2 or more attempts)	Port Scan
🇺🇸 xmission.com	2026-05-08 21:35:07 (1 month ago)	Blocked by UFW (TCP on 23) Source port: 34910 TTL: 42 Packet length: 60 TOS: 0x00 This report (for ... show more Blocked by UFW (TCP on 23) Source port: 34910 TTL: 42 Packet length: 60 TOS: 0x00 This report (for 41.209.10.54) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Hacking Brute-Force
🇬🇧 PeravixGroup	2026-05-08 17:15:10 (1 month ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
🇬🇧 PeravixGroup	2026-05-05 16:30:08 (1 month ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
🇫🇷 vtchost.com	2026-04-29 09:56:12 (1 month ago)	requested honeypot page - ignored robots.txt - possible botnet ...	Bad Web Bot
🇦🇺 MAGIC	2026-04-29 01:15:18 (1 month ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2026-04-27 16:17:37 (1 month ago)	2026-04-27T18:17:36.662808+02:00 soli-gate cyrus/imaps[3857792]: badlogin: [41.209.10.54] plaintext ... show more 2026-04-27T18:17:36.662808+02:00 soli-gate cyrus/imaps[3857792]: badlogin: [41.209.10.54] plaintext ([email protected]) [SASL(-13): authentication failure: checkpass failed] ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-24 17:38:28 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 41.209.10.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 41.209.10.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 13:38:21.207921 2026] [security2:error] [pid 1095348:tid 1095348] [client 41.209.10.54:56744] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|wryemusings.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "wryemusings.com"] [uri "/ESTemplate.ini"] [unique_id "aeuqjdP31Dk82WNYJg0uPQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 83 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 195.206.182.202

🇷🇴 92.118.39.32

🇺🇸 20.55.90.128

🇪🇬 197.246.107.201

🇦🇿 188.253.213.227

🇺🇸 165.154.172.73

🇧🇷 118.26.105.116

🇳🇱 95.85.226.199

🇫🇷 91.196.152.35

🇵🇷 72.50.5.168

🇩🇪 43.228.157.9

🇺🇸 43.162.112.238

🇬🇧 35.203.211.127

🇺🇸 20.168.7.169

🇺🇸 3.213.226.45

🇷🇴 2.57.122.177

🇦🇹 213.147.164.60

🇫🇮 204.168.191.223

🇲🇩 188.212.1.221

🇮🇳 182.66.213.59