JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.210.155.254

41.210.155.254 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 56%: ?

56%

ISP	3G, 4G,5G MOBILE-NETWORK
Usage Type	Mobile ISP
ASN	AS20294
Hostname(s)	h1bfe.n1.ips.mtn.co.ug
Domain Name	mtn.com
Country	🇺🇬 Uganda
City	Kampala, Central Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.210.155.254

Whois 41.210.155.254

IP Abuse Reports for 41.210.155.254:

This IP address has been reported a total of 20 times from 12 distinct sources. 41.210.155.254 was first reported on May 4th 2024, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-29 07:41:54 (6 hours ago)	(mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 03:41:49.342238 2026] [security2:error] [pid 10826:tid 10826] [client 41.210.155.254:26344] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.210.155.254 (+1 hits since last alert)\|tcit.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "tcit.org"] [uri "/xmlrpc.php"] [unique_id "akIhvdbzQWzSCWJlqXsc7AAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-06-26 08:27:49 (3 days ago)	3.794 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-26 07:50:46 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 03:50:42.215172 2026] [security2:error] [pid 31761:tid 31761] [client 41.210.155.254:14353] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.210.155.254 (+1 hits since last alert)\|savingspools.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "savingspools.com"] [uri "/xmlrpc.php"] [unique_id "aj4vUgriIgKSuVvcj01t0wAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 06:27:19 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 02:27:15.363345 2026] [security2:error] [pid 3840:tid 3840] [client 41.210.155.254:53549] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.210.155.254 (+1 hits since last alert)\|designingdestinynow.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "designingdestinynow.com"] [uri "/xmlrpc.php"] [unique_id "aj4bw8RqH6odwi68HHXBIwAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-25 13:46:42 (4 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 12:48:38 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 08:48:34.506323 2026] [security2:error] [pid 7621:tid 7621] [client 41.210.155.254:37806] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.210.155.254 (+1 hits since last alert)\|smoothiessoupssalads.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "smoothiessoupssalads.com"] [uri "/xmlrpc.php"] [unique_id "aj0jogEDZL9-fp4h0_V_1QAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 09:50:18 (4 days ago)	(mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 05:50:10.686846 2026] [security2:error] [pid 16919:tid 16919] [client 41.210.155.254:61337] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.210.155.254 (+1 hits since last alert)\|brbcoin.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "brbcoin.com"] [uri "/xmlrpc.php"] [unique_id "ajz50icGwvjDGq5d86DxiQAAAGA"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-25 09:49:26 (4 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇳🇱 debestelapp	2026-06-25 07:40:04 (4 days ago)		Web App Attack
🇩🇪 konseptit	2026-06-25 07:16:00 (4 days ago)	(wordpress) Failed wordpress login from 41.210.155.254 (UG/Uganda/h1bfe.n1.ips.mtn.co.ug)	Brute-Force
🇪🇸 masterguru	2026-06-25 06:44:34 (4 days ago)	(xmlrpc) Failed xmlrpc access from 41.210.155.254 (UG/Uganda/h1bfe.n1.ips.mtn.co.ug): 5 in the last ... show more (xmlrpc) Failed xmlrpc access from 41.210.155.254 (UG/Uganda/h1bfe.n1.ips.mtn.co.ug): 5 in the last 3600 secs (0-122) show less	Hacking
🇫🇷 applemooz	2026-06-22 13:41:42 (1 week ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-22 07:56:56 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in t ... show more (mod_security) mod_security (id:240335) triggered by 41.210.155.254 (h1bfe.n1.ips.mtn.co.ug): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 03:56:49.776424 2026] [security2:error] [pid 11723:tid 11723] [client 41.210.155.254:55556] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.210.155.254 (+1 hits since last alert)\|fadcometal.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fadcometal.com"] [uri "/xmlrpc.php"] [unique_id "ajjqwYVNf46_CjUEXJcMswAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 rh24	2026-06-22 05:49:26 (1 week ago)	(wordpress) Failed wordpress login from 41.210.155.254 (UG/Uganda/h1bfe.n1.ips.mtn.co.ug): (CF_ENAB ... show more (wordpress) Failed wordpress login from 41.210.155.254 (UG/Uganda/h1bfe.n1.ips.mtn.co.ug): (CF_ENABLE) show less	Brute-Force
🇮🇩 hermawan	2026-06-21 10:47:31 (1 week ago)	[Sun Jun 21 17:47:30.746542 2026] [security2:error] [pid 1361346:tid 140110224332480] [client 41.210 ... show more [Sun Jun 21 17:47:30.746542 2026] [security2:error] [pid 1361346:tid 140110224332480] [client 41.210.155.254:54676] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.yahoo.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.yahoo.go.id found within REQUEST_HEADERS:Referer: https://www.yahoo.go.id/ request_line = GET /index.php/e-buletin-untuk-kota-dan-kabupaten-di-provinsi-jawa-timur HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/e-buletin-untuk-kota-dan-kabupaten-di-provinsi-jawa-timur"] [unique_id "ajfBQvAovbqmpdNrBglTWgAFRBQ"], referer https://www.yahoo.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1361367] [NNKgQEGUX0A] [ajfBQvAovbqmpdNrBglTWgAFRBQ] keep_alive=[1] [2026-06-21 17:47:30.746548] [R:ajfBQvAovbqmpdNrBglTWgAFRBQ] UA:'Mozilla/5.0 (Android 13; Mobile; ... show less	Email Spam Hacking

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇴 200.105.141.172

🇧🇷 191.252.201.107

🇯🇵 152.32.145.49

🇮🇳 103.190.7.203

🇬🇧 82.16.221.216

🇭🇰 43.155.125.36

🇸🇪 20.190.181.4

🇻🇳 165.99.16.135

🇷🇺 89.175.104.146

🇩🇪 85.215.121.209

🇺🇸 74.125.179.27

🇨🇳 8.134.159.4

🇺🇸 216.73.160.211

🇧🇷 164.163.36.95

🇺🇸 164.92.106.15

🇮🇳 103.249.4.35

🇭🇰 103.243.26.174

🇻🇳 103.60.242.169

🇳🇱 91.92.40.49

🇨🇦 52.138.10.154