JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.0.3.218

102.0.3.218 was found in our database!

This IP was reported 288 times. Confidence of Abuse is 77%: ?

77%

ISP	Allocated to Airtel Kenya Mobile Broadband and Fixed internet
Usage Type	Fixed Line ISP
ASN	AS36926
Hostname(s)	218-3-0-102.r.airtelkenya.com
Domain Name	airtel.in
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.0.3.218

Whois 102.0.3.218

IP Abuse Reports for 102.0.3.218:

This IP address has been reported a total of 288 times from 119 distinct sources. 102.0.3.218 was first reported on September 21st 2023, and the most recent report was 17 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 librebit	2026-06-21 03:12:47 (17 hours ago)	Brute force	Brute-Force
Anonymous	2026-06-20 18:14:21 (1 day ago)	(wordpress) Failed wordpress login from 102.0.3.218 (KE/Kenya/218-3-0-102.r.airtelkenya.com)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-20 17:45:38 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 102.0.3.218 (218-3-0-102.r.airtelkenya.com): 1 ... show more (mod_security) mod_security (id:240335) triggered by 102.0.3.218 (218-3-0-102.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 13:45:31.470054 2026] [security2:error] [pid 28128:tid 28128] [client 102.0.3.218:37745] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.0.3.218 (+1 hits since last alert)\|dogarttoday.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dogarttoday.com"] [uri "/xmlrpc.php"] [unique_id "ajbRu4bt_dYLIZFeSNMo5wAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-20 15:59:06 (1 day ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-20 13:26:44 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 102.0.3.218 (218-3-0-102.r.airtelkenya.com): 1 ... show more (mod_security) mod_security (id:240335) triggered by 102.0.3.218 (218-3-0-102.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 09:26:38.806829 2026] [security2:error] [pid 30189:tid 30189] [client 102.0.3.218:64727] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.0.3.218 (+1 hits since last alert)\|abeltours.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "abeltours.com"] [uri "/xmlrpc.php"] [unique_id "ajaVDnOH64NLw4ERxIr2xQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-20 07:18:55 (1 day ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 TPI-Abuse	2026-06-17 21:02:51 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 102.0.3.218 (218-3-0-102.r.airtelkenya.com): 1 ... show more (mod_security) mod_security (id:240335) triggered by 102.0.3.218 (218-3-0-102.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 17:02:46.071271 2026] [security2:error] [pid 7161:tid 7161] [client 102.0.3.218:58448] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.0.3.218 (+1 hits since last alert)\|iostation.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "iostation.com"] [uri "/xmlrpc.php"] [unique_id "ajMLdgKab8wNT2J19gyZUgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 14:45:22 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 102.0.3.218 (218-3-0-102.r.airtelkenya.com): 1 ... show more (mod_security) mod_security (id:240335) triggered by 102.0.3.218 (218-3-0-102.r.airtelkenya.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 15 10:45:17.231563 2026] [security2:error] [pid 9452:tid 9452] [client 102.0.3.218:47545] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.0.3.218 (+1 hits since last alert)\|cmcnow.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "cmcnow.net"] [uri "/xmlrpc.php"] [unique_id "ajAP_UP6EtQS6uJyqmbIHAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-13 04:30:32 (1 week ago)	Botnet activity. Attribution: Angara Technologies Group / mikhail-smirnov-79830322 \| Attack Signatur ... show more Botnet activity. Attribution: Angara Technologies Group / mikhail-smirnov-79830322 \| Attack Signature Blocked: /wishlist/index/add/product/280/form_key/jYQJJ8rovuGJKmi0/ \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gec... show less	Hacking Bad Web Bot Web App Attack
🇬🇧 djboddington	2026-06-04 20:12:48 (2 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-bad-user-agent	Web App Attack Bad Web Bot
🇫🇷 security.rdmc.fr	2026-06-04 12:33:46 (2 weeks ago)	Port Scan Attack proto:TCP src:10697 dst:23	Port Scan
🇬🇧 PeravixGroup	2026-06-04 10:37:09 (2 weeks ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
🇮🇩 David Koswari	2026-06-04 05:42:00 (2 weeks ago)	REQ_BLOCKED_ACL	DDoS Attack FTP Brute-Force Ping of Death Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇩🇪 SMARTNET	2026-05-27 06:03:53 (3 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: f9eee327-63b9-4c70-8845-0c5f5dde9bdb	DDoS Attack
🇬🇧 PeravixGroup	2026-05-24 09:03:58 (4 weeks ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force

Showing 1 to 15 of 288 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 185.247.137.194

🇧🇷 177.44.191.61

🇳🇬 165.154.11.247

🇬🇭 156.38.121.48

🇫🇮 147.185.133.61

🇨🇳 115.190.155.149

🇷🇴 80.94.92.186

🇺🇸 191.96.150.31

🇺🇸 172.234.218.210

🇳🇱 152.42.149.132

🇨🇳 124.251.110.186

🇧🇿 45.227.254.156

🇨🇳 120.227.20.108

🇺🇸 67.61.15.92

🇨🇳 62.234.19.235

🇨🇳 60.191.221.172

🇦🇺 27.32.45.241

🇬🇧 195.206.182.207

🇰🇷 175.214.123.177

🇬🇧 165.154.174.206