JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 41.84.202.25

41.84.202.25 was found in our database!

This IP was reported 120 times. Confidence of Abuse is 84%: ?

84%

ISP	Bandwidth and Cloud Services Group Ltd
Usage Type	Fixed Line ISP
ASN	AS37273
Domain Name	bcs-ea.com
Country	🇺🇬 Uganda
City	Kira, Central Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 41.84.202.25

Whois 41.84.202.25

IP Abuse Reports for 41.84.202.25:

This IP address has been reported a total of 120 times from 48 distinct sources. 41.84.202.25 was first reported on February 26th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 10:12:17 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 41.84.202.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 41.84.202.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 06:12:10.255739 2026] [security2:error] [pid 627:tid 627] [client 41.84.202.25:26326] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.84.202.25 (+1 hits since last alert)\|superzilla.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "superzilla.com"] [uri "/xmlrpc.php"] [unique_id "aivbenmGPvfV3BajfCgFbAAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 10:10:13 (2 days ago)	Attac	Brute-Force
🇳🇱 Site.eu	2026-06-12 09:14:06 (2 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇧🇪 cmbplf	2026-06-11 22:11:11 (2 days ago)	2.230 requests from abuseipdb.com blacklisted IP (1yr10mos1d)	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-11 20:47:29 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 41.84.202.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 41.84.202.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 16:47:22.187484 2026] [security2:error] [pid 17967:tid 17980] [client 41.84.202.25:1792] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.84.202.25 (+1 hits since last alert)\|sparkhypnotherapy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sparkhypnotherapy.com"] [uri "/xmlrpc.php"] [unique_id "aise2l189Qxg4lJc0rjtTwAAAMo"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Lunix	2026-06-11 07:41:14 (3 days ago)		Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 15:48:17 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 41.84.202.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 41.84.202.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 11:48:09.647584 2026] [security2:error] [pid 17285:tid 17285] [client 41.84.202.25:10787] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.84.202.25 (+1 hits since last alert)\|modalsoftware.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "modalsoftware.com"] [uri "/xmlrpc.php"] [unique_id "aimHOY8me0FMeLRoQvEyyQAAADI"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 screwlooseit.com.au	2026-06-10 13:30:50 (3 days ago)	Blocked by CSF 13 firewall - Rule: XMLRPC UG/Uganda/-	Web App Attack
Anonymous	2026-06-10 11:47:35 (3 days ago)	[redacted] 41.84.202.25 - - [10/Jun/2026:13:46:51 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Je ... show more [redacted] 41.84.202.25 - - [10/Jun/2026:13:46:51 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.2)" [redacted] 41.84.202.25 - - [10/Jun/2026:13:47:02 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 41.84.202.25 - - [10/Jun/2026:13:47:12 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" [redacted] 41.84.202.25 - - [10/Jun/2026:13:47:23 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "WordPress.com; https://wordpress.com" [redacted] 41.84.202.25 - - [10/Jun/2026:13:47:34 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 13.0; WordPress 6.2)" ... show less	Hacking Web App Attack
Anonymous	2026-06-10 10:16:10 (3 days ago)	Attac	Brute-Force
🇳🇱 Site.eu	2026-06-09 18:43:43 (4 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇳🇱 Site.eu	2026-06-07 17:58:51 (6 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇪🇸 masterguru	2026-06-07 09:58:00 (1 week ago)	(xmlrpc) Failed xmlrpc access from 41.84.202.25 (UG/Uganda/-): 5 in the last 3600 secs (0-122)	Hacking
🇺🇸 TPI-Abuse	2026-06-06 17:54:26 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 41.84.202.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 41.84.202.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 06 13:54:19.709614 2026] [security2:error] [pid 26350:tid 26350] [client 41.84.202.25:19061] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 41.84.202.25 (+1 hits since last alert)\|incrp.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "incrp.org"] [uri "/xmlrpc.php"] [unique_id "aiRey7-EvBv1TZMr1l1iQwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-05 11:33:55 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH

Showing 1 to 15 of 120 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 193.37.32.67

🇨🇳 171.38.67.128

🇺🇸 152.232.102.79

🇮🇳 150.241.244.100

🇨🇳 122.13.25.186

🇭🇰 118.193.44.184

🇳🇱 91.92.40.13

🇱🇹 45.227.254.170

🇮🇩 34.101.39.197

🇨🇳 14.103.112.103

🇺🇸 138.197.200.106

🇭🇰 123.58.213.128

🇮🇳 122.166.49.42

🇭🇰 122.10.115.18

🇨🇳 115.190.60.214

🇨🇳 112.27.38.203

🇷🇺 95.71.239.185

🇻🇳 58.186.79.180

🇳🇱 45.148.10.240

🇬🇧 35.189.73.253