AbuseIPDB » 41.60.161.173
41.60.161.173
This IP was reported 8 times. Confidence of
Abuse
is 43% : ?
ISP
Liquid Telecommunications Operations Limited
Usage Type
Fixed Line ISP
ASN
AS30844
Domain Name
liquid.tech
Country
πΏπ²
Zambia
City
Lusaka, Lusaka Province
IP info including ISP, Usage Type, and Location provided
by IPInfo . Updated weekly.
IP Abuse Reports for 41.60.161.173 :
This IP address has been reported a total of
8
times from
6 distinct
sources.
41.60.161.173 was first reported on
June 6th 2026 , and the most recent report was
3 hours ago
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
2026-06-07 14:51:05
(3 hours ago)
Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1
Hacking
Web App Attack
π«π·
applemooz
2026-06-07 13:49:05
(4 hours ago)
WordPress XMLRPC Brute Force Attacks
...
Brute-Force
Web App Attack
π«π·
masterguru
2026-06-07 12:47:24
(5 hours ago)
xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)
Hacking
πΊπΈ
TPI-Abuse
2026-06-07 12:18:35
(5 hours ago)
(mod_security) mod_security (id:240335) triggered by 41.60.161.173 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 41.60.161.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 08:18:29.551717 2026] [security2:error] [pid 3981:tid 3981] [client 41.60.161.173:52889] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.60.161.173 (+1 hits since last alert)|versallis.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "versallis.com"] [uri "/xmlrpc.php"] [unique_id "aiVhlWkTedEqg_DEijtP5QAAAAI"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 10:48:02
(7 hours ago)
(mod_security) mod_security (id:240335) triggered by 41.60.161.173 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 41.60.161.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 06:47:58.308660 2026] [security2:error] [pid 22992:tid 22992] [client 41.60.161.173:55267] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.60.161.173 (+1 hits since last alert)|churchbehindthewalls.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "churchbehindthewalls.com"] [uri "/xmlrpc.php"] [unique_id "aiVMXoA2c9m3Slv2NRyFewAAACA"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-06-07 09:44:15
(8 hours ago)
(mod_security) mod_security (id:240335) triggered by 41.60.161.173 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:240335) triggered by 41.60.161.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 05:44:09.545325 2026] [security2:error] [pid 965:tid 1120] [client 41.60.161.173:61079] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)|Source 41.60.161.173 (+1 hits since last alert)|morganswarsong.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "morganswarsong.com"] [uri "/xmlrpc.php"] [unique_id "aiU9acsSqwNjsbofQU9lywAAAQ4"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
integrantservices.com
2026-06-06 17:17:53
(1 day ago)
(wordpress) Failed wordpress login from 41.60.161.173 (ZM/Zambia/-)
Brute-Force
πΊπΈ
graphics-muse.org
2026-06-06 16:49:33
(1 day ago)
Sat Jun 06 10:49:00.755179 202641.60.161.173 - - [06/Jun/2026:10:49:10 -0600] "POST /xmlrpc.php HTTP ...
show more
Sat Jun 06 10:49:00.755179 202641.60.161.173 - - [06/Jun/2026:10:49:10 -0600] "POST /xmlrpc.php HTTP/1.1" 200 403
Sat Jun 06 10:49:00.755179 202641.60.161.173 - - [06/Jun/2026:10:49:10 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3241 "-" "Jetpack by WordPress.com"
Sat Jun 06 10:49:19.050669 202641.60.161.173 - - [06/Jun/2026:10:49:21 -0600] "POST /xmlrpc.php HTTP/1.1" 200 403
Sat Jun 06 10:49:19.050669 202641.60.161.173 - - [06/Jun/2026:10:49:21 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3242 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.3)"
Sat Jun 06 10:49:32.069432 202641.60.161.173 - - [06/Jun/2026:10:49:31 -0600] "POST /xmlrpc.php HTTP/1.1" 200 447
Sat Jun 06 10:49:32.069432 202641.60.161.173 - - [06/Jun/2026:10:49:31 -0600] "POST /xmlrpc.php HTTP/1.1" 200 3379 "-" "WordPress.com; https://wordpress.com"
...
show less
Brute-Force
Web App Attack
Showing 1 to
8
of 8 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown π©
Recently Reported IPs: