JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.248.236.27

41.248.236.27 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 34%: ?

34%

ISP	ADSL_Maroc_telecom
Usage Type	Fixed Line ISP
ASN	AS36903
Domain Name	menara.ma
Country	🇲🇦 Morocco
City	Casablanca, Casablanca-Settat

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.248.236.27

Whois 41.248.236.27

IP Abuse Reports for 41.248.236.27:

This IP address has been reported a total of 8 times from 5 distinct sources. 41.248.236.27 was first reported on June 25th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-26 11:59:48 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 41.248.236.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 41.248.236.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 07:59:40.823856 2026] [security2:error] [pid 27445:tid 27445] [client 41.248.236.27:61188] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.248.236.27 (+1 hits since last alert)\|hsoftwaresystems.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "hsoftwaresystems.net"] [uri "/xmlrpc.php"] [unique_id "aj5prPJtcaLlSYk1Qt6yCAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇴 INTEQ	2026-06-26 11:26:28 (1 day ago)	Web attack from 41.248.236.27	Web App Attack
🇳🇱 sernate	2026-06-26 09:18:44 (2 days ago)	(XMLRPC) WP XMLPRC Attack 41.248.236.27 (MA/Morocco/-): 5 in the last 3600 secs; Ports: ; Direction ... show more (XMLRPC) WP XMLPRC Attack 41.248.236.27 (MA/Morocco/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-26 03:05:38 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 41.248.236.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 41.248.236.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 23:05:31.336086 2026] [security2:error] [pid 3679:tid 3679] [client 41.248.236.27:27545] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.248.236.27 (+1 hits since last alert)\|fatcaverecords.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fatcaverecords.com"] [uri "/xmlrpc.php"] [unique_id "aj3se4e8mvV9pn1eA2GeYAAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 02:04:25 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 41.248.236.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 41.248.236.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 22:04:17.824643 2026] [security2:error] [pid 28729:tid 28729] [client 41.248.236.27:6367] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.248.236.27 (+1 hits since last alert)\|rodzillacharters.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "rodzillacharters.com"] [uri "/xmlrpc.php"] [unique_id "aj3eIbBk9LR1Y5VXgxSa3QAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-26 02:01:13 (2 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 23:47:12 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 41.248.236.27 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 41.248.236.27 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 19:47:04.313978 2026] [security2:error] [pid 28492:tid 28492] [client 41.248.236.27:25865] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.248.236.27 (+1 hits since last alert)\|riser-astrology.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "riser-astrology.com"] [uri "/xmlrpc.php"] [unique_id "aj29-JjCkf-VbLaDa1E6tQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Dave Hansen	2026-06-25 23:46:38 (2 days ago)	(wordpress) Failed wordpress login from 41.248.236.27 (MA/Morocco/-)	Brute-Force

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 185.242.3.226

🇩🇪 185.30.32.114

🇷🇺 5.140.212.184

🇨🇭 209.99.190.113

🇩🇪 194.88.98.120

🇨🇴 186.31.95.163

🇮🇳 185.244.8.233

🇻🇳 171.225.199.25

🇯🇵 160.251.202.50

🇨🇳 115.221.235.204

🇧🇷 45.4.64.183

🇵🇪 38.172.131.199

🇨🇱 201.223.104.6

🇧🇪 198.235.24.135

🇿🇦 196.192.181.202

🇳🇱 178.16.53.241

🇲🇦 160.177.232.116

🇸🇦 95.186.96.70

🇸🇦 51.36.174.197

🇱🇹 45.227.254.170