JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.135.169.143

102.135.169.143 was found in our database!

This IP was reported 51 times. Confidence of Abuse is 92%: ?

92%

ISP	POA INTERNET KENYA LIMITED
Usage Type	Fixed Line ISP
ASN	AS328331
Domain Name	poainternet.net
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.135.169.143

Whois 102.135.169.143

IP Abuse Reports for 102.135.169.143:

This IP address has been reported a total of 51 times from 25 distinct sources. 102.135.169.143 was first reported on October 14th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-21 12:50:44 (3 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇪🇸 masterguru	2026-06-21 08:26:51 (3 days ago)	(xmlrpc) Failed xmlrpc access from 102.135.169.143 (KE/Kenya/-): 5 in the last 3600 secs (0-122)	Hacking
🇺🇸 cwytech	2026-06-20 06:55:28 (4 days ago)	Fleet-wide ban from the Ghostfleet 👻. Triggered by scenario: cwy/wordpress-xmlrpc-bf-high.	Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-19 14:36:56 (5 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇲🇾 Rizzy	2026-06-19 14:35:45 (5 days ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇫🇷 masterguru	2026-06-19 06:11:04 (5 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇺🇸 TPI-Abuse	2026-06-18 14:30:01 (6 days ago)	(mod_security) mod_security (id:240335) triggered by 102.135.169.143 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.135.169.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 10:29:55.265079 2026] [security2:error] [pid 9861:tid 9861] [client 102.135.169.143:61019] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.135.169.143 (+1 hits since last alert)\|customhumanrobots.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "customhumanrobots.com"] [uri "/xmlrpc.php"] [unique_id "ajQA46zKxmLnpTEbNDnYGgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 13:24:13 (6 days ago)		Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-18 12:41:55 (6 days ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇫🇷 applemooz	2026-06-18 12:41:24 (6 days ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 18:31:47 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.135.169.143 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.135.169.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 14:31:40.807223 2026] [security2:error] [pid 25834:tid 25834] [client 102.135.169.143:65073] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.135.169.143 (+1 hits since last alert)\|laura-stone.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "laura-stone.com"] [uri "/xmlrpc.php"] [unique_id "ajLoDBtg0jPvsDmHUoQMoAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 Site.eu	2026-06-16 17:54:43 (1 week ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇺🇸 TPI-Abuse	2026-06-16 10:56:16 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.135.169.143 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.135.169.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 06:56:12.577763 2026] [security2:error] [pid 7519:tid 7519] [client 102.135.169.143:54757] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.135.169.143 (+1 hits since last alert)\|dragonflytunes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "dragonflytunes.com"] [uri "/xmlrpc.php"] [unique_id "ajErzN9XvhbSbtvRRS96EQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 09:01:37 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.135.169.143 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.135.169.143 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 05:01:30.767225 2026] [security2:error] [pid 29021:tid 29021] [client 102.135.169.143:64001] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.135.169.143 (+1 hits since last alert)\|josephshv.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "josephshv.com"] [uri "/xmlrpc.php"] [unique_id "ajEQ6nhbOVu0u0G9pzOUMAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-16 06:15:02 (1 week ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack

Showing 1 to 15 of 51 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.139.218

🇨🇳 112.18.182.202

🇭🇰 20.24.67.103

🇺🇸 205.210.31.58

🇺🇸 193.3.53.10

🇺🇸 191.101.33.115

🇧🇷 179.189.196.48

🇦🇲 176.32.193.16

🇮🇩 163.7.0.179

🇫🇮 62.60.152.192

🇳🇱 45.142.193.53

🇩🇪 45.135.194.31

🇳🇱 195.178.110.228

🇳🇱 176.65.132.17

🇺🇸 172.234.218.210

🇨🇳 14.103.112.109

🇳🇱 2001:67c:2564:a120::132

🇨🇳 101.35.210.242

🇨🇦 85.217.149.41

🇫🇷 85.217.140.40