JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.0.18.198

102.0.18.198 was found in our database!

This IP was reported 102 times. Confidence of Abuse is 31%: ?

31%

ISP	Allocated to Airtel Kenya Mobile Broadband and Fixed internet
Usage Type	Fixed Line ISP
ASN	AS36926
Hostname(s)	198-18-0-102.r.airtelkenya.com
Domain Name	airtel.in
Country	🇰🇪 Kenya
City	Kerugoya, Kirinyaga County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.0.18.198

Whois 102.0.18.198

IP Abuse Reports for 102.0.18.198:

This IP address has been reported a total of 102 times from 49 distinct sources. 102.0.18.198 was first reported on February 18th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 leithzz	2026-06-06 13:07:04 (1 day ago)	Report by Cloudflare.Time: 2026-06-06T13:06:32Z	DDoS Attack
🇨🇦 leithzz	2026-05-31 19:19:24 (1 week ago)	Report by Cloudflare.Time: 2026-05-31T19:18:51Z	DDoS Attack
🇷🇴 Fn4ticHz	2026-05-29 02:43:07 (1 week ago)	DDoS blocked via ZeroGuard.ID	DDoS Attack Exploited Host
🇮🇹 VHosting	2026-05-27 11:33:32 (1 week ago)	Detected attack and reported by a human	Brute-Force Web App Attack SSH DDoS Attack Exploited Host Bad Web Bot
🇫🇷 MatStef132	2026-05-22 14:04:45 (2 weeks ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇷🇴 Fn4ticHz	2026-05-09 14:13:38 (4 weeks ago)	Repeated DDoS targeted -- ZeroGuard X ManagedSRV	DDoS Attack Exploited Host
🇺🇸 Vano Ganzzz	2026-05-03 08:19:34 (1 month ago)	Triggered Cloudflare WAF (l7ddos) from KE. Action taken: BLOCK ASN: 36926 (Airtel Networks Kenya Lim ... show more Triggered Cloudflare WAF (l7ddos) from KE. Action taken: BLOCK ASN: 36926 (Airtel Networks Kenya Limited) Protocol: HTTP/2 (GET method) Endpoint: / Timestamp: 2026-05-03T08:19:34Z Ray ID: 9f5dd76d69bbfe95 UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.0 Safari/605.1.15 show less	DDoS Attack Bad Web Bot
🇺🇸 MPL	2026-04-30 09:04:54 (1 month ago)	tcp/23 (2 or more attempts)	Port Scan
🇩🇪 NoaQT	2026-04-05 22:06:21 (2 months ago)	102.0.18.198 - - [05/Apr/2026:16:42:29 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.pinterest ... show more 102.0.18.198 - - [05/Apr/2026:16:42:29 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.pinterest.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 102.0.18.198 - - [05/Apr/2026:16:51:49 +0200] "GET /web/login HTTP/1.1" 499 0 "https://blog.FxysOs.us/news" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 102.0.18.198 - - [05/Apr/2026:16:51:49 +0200] "GET /web/login HTTP/1.1" 499 0 "https://blog.FxysOs.us/news" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" ... show less	DDoS Attack
🇩🇪 NoaQT	2026-04-05 15:54:30 (2 months ago)	102.0.18.198 - - [05/Apr/2026:17:49:42 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.google.co ... show more 102.0.18.198 - - [05/Apr/2026:17:49:42 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.google.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 102.0.18.198 - - [05/Apr/2026:17:51:25 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.reddit.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 102.0.18.198 - - [05/Apr/2026:17:51:25 +0200] "GET /web/login HTTP/1.1" 499 0 "https://www.reddit.com/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 102.0.18.198 - - [05/Apr/2026:17:53:29 +0200] "GET /web/login HTTP/1.1" 499 0 "https://app.mega-hub.biz/services" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36" 102.0.18.198 - - [05/Apr/2026:17:53:29 +0200] "GET /web/login HTTP/1.1" 499 0 "https://app.mega-hub.biz/services" "Mozilla/5.0 (Macintosh; Int ... show less	DDoS Attack
🇫🇮 Shaik Sai Meera	2026-04-04 20:50:28 (2 months ago)	IM360 WAF: LDAP Injection Attack	FTP Brute-Force Port Scan SSH
🇺🇸 kosada.com	2026-03-26 02:45:07 (2 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
Anonymous	2026-03-24 10:20:10 (2 months ago)	\| [Dangerous/Kenya] Aggressive IP 102.0.18.198 (~30 hits). Type: DoS Defender- Web server 400 error ... show more \| [Dangerous/Kenya] Aggressive IP 102.0.18.198 (~30 hits). Type: DoS Defender- Web server 400 error code show less	Web App Attack Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-03-14 19:11:03 (2 months ago)	(mod_security) mod_security (id:210730) triggered by 102.0.18.198 (198-18-0-102.r.airtelkenya.com): ... show more (mod_security) mod_security (id:210730) triggered by 102.0.18.198 (198-18-0-102.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Mar 14 15:10:56.773642 2026] [security2:error] [pid 1054:tid 1054] [client 102.0.18.198:33274] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|icansayit.com\|F\|2"] [data ".lnk"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "icansayit.com"] [uri "/icsi/FTP Commander.lnk"] [unique_id "abWywMIo8D9DTGEFPyGzkAAAABg"], referer: https://icansayit.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 EGP Abuse Dept	2026-03-11 13:58:10 (2 months ago)	Scanning for port/service exploits on tpc-003.mach3builders.nl	Port Scan Hacking

Showing 1 to 15 of 102 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.224.128.16

🇫🇷 163.5.241.50

🇺🇸 162.216.149.50

🇨🇳 113.221.97.208

🇻🇳 103.48.192.48

🇩🇪 47.245.130.205

🇫🇷 46.16.202.73

🇧🇷 45.169.200.254

🇨🇳 14.103.120.147

🇩🇪 155.117.127.104

🇪🇬 197.36.218.231

🇫🇷 194.163.163.123

🇲🇽 186.96.145.241

🇲🇩 185.163.193.109

🇫🇷 167.86.119.92

🇮🇳 139.59.86.13

🇸🇬 109.123.239.244

🇮🇩 103.118.82.254

🇺🇸 98.83.178.66

🇻🇳 79.108.218.58