JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.203.209.213

102.203.209.213 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 30%: ?

30%

ISP	Savanna Fibre Limited
Usage Type	Fixed Line ISP
ASN	AS329415
Domain Name	savannafibre.com
Country	🇺🇬 Uganda
City	Kampala, Central Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.203.209.213

Whois 102.203.209.213

IP Abuse Reports for 102.203.209.213:

This IP address has been reported a total of 10 times from 6 distinct sources. 102.203.209.213 was first reported on May 15th 2026, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇴 jlouisbiz	2026-06-03 23:08:56 (6 hours ago)	2026-06-03T23:08:38.429892+00:00 comm.rcdrun.com auth[1039697]: pam_unix(dovecot:auth): authenticati ... show more 2026-06-03T23:08:38.429892+00:00 comm.rcdrun.com auth[1039697]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.203.209.213 2026-06-03T23:08:48.329818+00:00 comm.rcdrun.com auth[1039766]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.203.209.213 2026-06-03T23:08:55.382774+00:00 comm.rcdrun.com auth[1039766]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.203.209.213 ... show less	Brute-Force
🇳🇴 jlouisbiz	2026-06-03 22:07:56 (7 hours ago)	2026-06-03T22:07:37.363761+00:00 comm.rcdrun.com auth[1037493]: pam_unix(dovecot:auth): authenticati ... show more 2026-06-03T22:07:37.363761+00:00 comm.rcdrun.com auth[1037493]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.203.209.213 2026-06-03T22:07:46.534512+00:00 comm.rcdrun.com auth[1037493]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.203.209.213 2026-06-03T22:07:55.475998+00:00 comm.rcdrun.com auth[1037493]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.203.209.213 ... show less	Brute-Force
🇳🇴 jlouisbiz	2026-06-03 16:39:43 (13 hours ago)	2026-06-03T16:39:24.736982+00:00 comm.rcdrun.com auth[1025008]: pam_unix(dovecot:auth): authenticati ... show more 2026-06-03T16:39:24.736982+00:00 comm.rcdrun.com auth[1025008]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.203.209.213 2026-06-03T16:39:33.457309+00:00 comm.rcdrun.com auth[1025008]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.203.209.213 2026-06-03T16:39:42.381478+00:00 comm.rcdrun.com auth[1025008]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.203.209.213 ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-05-17 16:52:13 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 102.203.209.213 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.203.209.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 12:52:09.650428 2026] [security2:error] [pid 20275:tid 20275] [client 102.203.209.213:29245] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.203.209.213 (+1 hits since last alert)\|humbliaslaw.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "humbliaslaw.com"] [uri "/xmlrpc.php"] [unique_id "agnyORPxDrlJzoHGJemwugAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-17 07:17:18 (2 weeks ago)	Attac	Brute-Force
Anonymous	2026-05-17 07:15:33 (2 weeks ago)	[redacted] 102.203.209.213 - - [17/May/2026:09:14:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" ... show more [redacted] 102.203.209.213 - - [17/May/2026:09:14:39 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpress.com" [redacted] 102.203.209.213 - - [17/May/2026:09:14:49 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com" medx-day.de 102.203.209.213 - - [17/May/2026:09:14:43 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.3)" [redacted] 102.203.209.213 - - [17/May/2026:09:14:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpress.com" medx-day.de 102.203.209.213 - - [17/May/2026:09:14:53 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpress.com" [redacted] 102.203.209.213 - - [17/May/2026:09:15:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpress.com" medx-day.de 102.203.209.213 - - [17/May/2026:09:15:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 418 "-" "WordPress.com; https://wordpre ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-05-17 06:50:45 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 102.203.209.213 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.203.209.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 02:50:38.624904 2026] [security2:error] [pid 2821:tid 2821] [client 102.203.209.213:29271] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.203.209.213 (+1 hits since last alert)\|theamarals.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theamarals.com"] [uri "/xmlrpc.php"] [unique_id "agllPoISXqmTsx9Ic1z3pQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 15:04:59 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 102.203.209.213 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.203.209.213 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 11:04:54.939230 2026] [security2:error] [pid 24568:tid 24568] [client 102.203.209.213:28882] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.203.209.213 (+1 hits since last alert)\|ssion.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "ssion.com"] [uri "/xmlrpc.php"] [unique_id "agiHlktnXDG6egHEDFMw6AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 lostswordfish.com	2026-05-16 13:36:04 (2 weeks ago)	Wordfence waf block on madesimpleskincare	Web App Attack
🇱🇻 garmtech.com	2026-05-15 09:08:50 (2 weeks ago)	IM360 WAF: Rate limit exceeded for XMLRPC DoS (fault code)	Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 199.231.163.19

🇯🇵 101.36.104.242

🇩🇪 213.209.159.225

🇳🇱 185.223.235.29

🇳🇱 185.107.80.93

🇺🇸 157.55.39.204

🇳🇱 89.21.67.160

🇳🇱 81.19.216.114

🇳🇱 81.19.216.106

🇺🇸 66.132.186.203

🇫🇷 31.58.102.154

🇻🇳 171.237.178.82

🇻🇳 152.32.163.183

🇰🇷 118.33.113.91

🇹🇼 111.70.27.30

🇩🇪 64.89.163.162

🇩🇪 43.228.157.8

🇬🇧 35.203.210.127

🇩🇪 2400:cb00:930:1000:6a06:e7ca:cdc0:2c47

🇩🇪 213.209.159.241