JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.248.105.138

41.248.105.138 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 82%: ?

82%

ISP	ADSL_Maroc_telecom
Usage Type	Fixed Line ISP
ASN	AS36903
Domain Name	menara.ma
Country	🇲🇦 Morocco
City	Rabat, Rabat-Sale-Kenitra

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.248.105.138

Whois 41.248.105.138

IP Abuse Reports for 41.248.105.138:

This IP address has been reported a total of 26 times from 19 distinct sources. 41.248.105.138 was first reported on May 29th 2026, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 zXero	2026-06-09 13:00:52 (2 days ago)	Fail2Ban automatic report - jail: no-wordpress	Brute-Force SSH DDoS Attack
🇨🇦 zXero	2026-06-03 12:36:53 (1 week ago)	Fail2Ban automatic report - jail: no-wordpress	Brute-Force SSH DDoS Attack
Anonymous	2026-06-01 08:22:30 (1 week ago)	Blocked: Reason='Suspicious traffic score=60 (review-based detection)'; Requests=20	Hacking
🇳🇱 homeshowdomain.nl	2026-05-30 21:59:35 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-29. show less	Web App Attack SSH Hacking
🇨🇱 SinaiCL	2026-05-30 20:28:13 (1 week ago)	Automated Nginx block. Attack type: Scan for config files. Total malicious requests: 1 across multip ... show more Automated Nginx block. Attack type: Scan for config files. Total malicious requests: 1 across multiple servers. show less	Bad Web Bot
🇳🇱 homeshowdomain.nl	2026-05-29 21:59:35 (1 week ago)	Auto-ban: >3000 req/min op 2026-05-29	Web App Attack SSH Hacking
🇳🇱 Site.eu	2026-05-29 21:49:55 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-05-29 21:27:22 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 41.248.105.138 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 41.248.105.138 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 17:27:13.976389 2026] [security2:error] [pid 13378:tid 13378] [client 41.248.105.138:52557] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|www.campos.tv\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.campos.tv"] [uri "/wp-json/wp/v2/users/"] [unique_id "ahoEsdGI2IDoLaDJ0MWYUgAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 dbmwebdesign	2026-05-29 17:00:13 (1 week ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇫🇷 SpaceHost-Server	2026-05-29 16:38:23 (1 week ago)	41.248.105.138 - - [29/May/2026:18:38:20 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4983 "-" "Mozilla/5 ... show more 41.248.105.138 - - [29/May/2026:18:38:20 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4983 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" 41.248.105.138 - - [29/May/2026:18:38:21 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4983 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" 41.248.105.138 - - [29/May/2026:18:38:22 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4983 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" show less	Hacking Web App Attack
🇫🇷 SpaceHost-Server	2026-05-29 16:23:14 (1 week ago)	41.248.105.138 - - [29/May/2026:18:23:11 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4983 "-" "Mozilla/5 ... show more 41.248.105.138 - - [29/May/2026:18:23:11 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4983 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" 41.248.105.138 - - [29/May/2026:18:23:12 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4983 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" 41.248.105.138 - - [29/May/2026:18:23:13 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4983 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" show less	Hacking Web App Attack
🇩🇪 SCHAPPY	2026-05-29 16:14:37 (1 week ago)	Brute-force attack to identify web exploits	Brute-Force Web App Attack
Anonymous	2026-05-29 16:11:12 (1 week ago)	[redacted] 41.248.105.138 - - [29/May/2026:18:11:07 +0200] "POST //xmlrpc.php HTTP/1.1" 200 403 "-" ... show more [redacted] 41.248.105.138 - - [29/May/2026:18:11:07 +0200] "POST //xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" [redacted] 41.248.105.138 - - [29/May/2026:18:11:07 +0200] "POST //xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" [redacted] 41.248.105.138 - - [29/May/2026:18:11:08 +0200] "POST //xmlrpc.php HTTP/1.1" 200 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" [redacted] 41.248.105.138 - - [29/May/2026:18:11:08 +0200] "POST //xmlrpc.php HTTP/1.1" 200 404 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" [redacted] 41.248.105.138 - - [29/May/2026:18:11:09 +0200] "POST //xmlrpc.php HTTP/1.1" 200 404 "-" "Mozilla/5.0 (Windows NT 10.0; ... show less	Hacking Web App Attack
🇫🇷 SpaceHost-Server	2026-05-29 16:08:12 (1 week ago)	41.248.105.138 - - [29/May/2026:18:08:09 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4970 "-" "Mozilla/5 ... show more 41.248.105.138 - - [29/May/2026:18:08:09 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4970 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" 41.248.105.138 - - [29/May/2026:18:08:10 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4970 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" 41.248.105.138 - - [29/May/2026:18:08:11 +0200] "POST //xmlrpc.php HTTP/1.1" 200 4983 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0 Safari/537.36" show less	Hacking Web App Attack
🇩🇪 grassau.com	2026-05-29 15:55:25 (1 week ago)	(wordpress) Failed wordpress login from 41.248.105.138 (MA/Morocco/Oujda-Angad/Oujda/-)	Brute-Force

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇺🇸 165.22.8.7

🇺🇸 153.75.83.238

🇮🇳 122.164.81.10

🇨🇳 116.208.215.179

🇱🇹 81.30.98.144

🇺🇸 68.235.46.118

🇺🇸 68.235.46.114

🇳🇱 45.156.87.34

🇳🇱 45.153.34.186

🇰🇷 211.46.188.16

🇺🇸 172.236.106.113

🇻🇳 152.32.163.183

🇩🇪 151.243.11.35

🇰🇷 118.37.214.187

🇨🇳 115.190.249.177

🇹🇭 49.231.192.36

🇮🇹 45.91.20.8

🇸🇪 45.83.220.211

🇺🇸 34.123.134.194