JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.203.209.252

102.203.209.252 was found in our database!

This IP was reported 15 times. Confidence of Abuse is 43%: ?

43%

ISP	Savanna Fibre Limited
Usage Type	Fixed Line ISP
ASN	AS329415
Domain Name	savannafibre.com
Country	🇺🇬 Uganda
City	Kampala, Central Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.203.209.252

Whois 102.203.209.252

IP Abuse Reports for 102.203.209.252:

This IP address has been reported a total of 15 times from 8 distinct sources. 102.203.209.252 was first reported on May 27th 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 dynamix	2026-06-10 15:51:58 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 12:53:34 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 08:53:26.325325 2026] [security2:error] [pid 25613:tid 25613] [client 102.203.209.252:30274] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.203.209.252 (+1 hits since last alert)\|writebetweenthelines.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "writebetweenthelines.com"] [uri "/xmlrpc.php"] [unique_id "aileRhU5udZCdlv1NHdHcgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-10 07:40:19 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 10 03:40:14.146065 2026] [security2:error] [pid 30705:tid 30705] [client 102.203.209.252:53716] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.203.209.252 (+1 hits since last alert)\|iplayriichi.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "iplayriichi.com"] [uri "/xmlrpc.php"] [unique_id "aikU3vawF_P4lBAKAV6N3AAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-10 00:11:03 (1 week ago)	Bot / scanning and/or hacking attempts: POST /xmlrpc.php HTTP/1.1	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-09 13:49:34 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 09:49:27.228673 2026] [security2:error] [pid 16010:tid 16010] [client 102.203.209.252:3564] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.203.209.252 (+1 hits since last alert)\|d-sinema.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "d-sinema.com"] [uri "/xmlrpc.php"] [unique_id "aigZ541WVnUnxd2RraquHQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-06-09 12:46:19 (1 week ago)	(wordpress) Failed wordpress login from 102.203.209.252 (UG/Uganda/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-08 21:36:31 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 17:36:25.417563 2026] [security2:error] [pid 10962:tid 10962] [client 102.203.209.252:11928] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.203.209.252 (+1 hits since last alert)\|isslv.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "isslv.net"] [uri "/xmlrpc.php"] [unique_id "aic12WBtqu89iAyDJnrw0AAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇲🇾 Rizzy	2026-06-08 21:32:04 (1 week ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 20:01:24 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 16:01:20.627017 2026] [security2:error] [pid 31205:tid 31205] [client 102.203.209.252:3521] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.203.209.252 (+1 hits since last alert)\|localpetsitters.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "localpetsitters.com"] [uri "/xmlrpc.php"] [unique_id "aicfkEHDjTL0E5kZIlz4mQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Marc	2026-06-08 17:14:08 (1 week ago)	102.203.209.252 - - [08/Jun/2026:19:13:46 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3720 "-" "Jetpack b ... show more 102.203.209.252 - - [08/Jun/2026:19:13:46 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3720 "-" "Jetpack by WordPress.com (Jetpack 12.0; WordPress 6.4)" 102.203.209.252 - - [08/Jun/2026:19:13:56 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3720 "-" "Jetpack by WordPress.com" 102.203.209.252 - - [08/Jun/2026:19:14:07 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3719 "-" "Jetpack by WordPress.com" show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 16:29:58 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 12:29:50.783877 2026] [security2:error] [pid 1082:tid 1082] [client 102.203.209.252:3494] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.203.209.252 (+1 hits since last alert)\|newhopepetgrooming.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "newhopepetgrooming.com"] [uri "/xmlrpc.php"] [unique_id "aibt_ginOL5TnboUew9aqAAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-08 14:34:51 (1 week ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 12:34:03 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.203.209.252 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 08:33:59.855019 2026] [security2:error] [pid 2076:tid 2076] [client 102.203.209.252:11964] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.203.209.252 (+1 hits since last alert)\|frogdesignmexico.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "frogdesignmexico.com"] [uri "/xmlrpc.php"] [unique_id "aia2t-y2In8kIZOvxfTyMAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 grassau.com	2026-06-08 09:20:53 (1 week ago)	(wordpress) Failed wordpress login from 102.203.209.252 (UG/Uganda/Kampala District/Kampala/-)	Brute-Force
🇩🇪 SMARTNET	2026-05-27 06:03:53 (3 weeks ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 5b730afc-5cec-4742-843f-18085cc64e5c	DDoS Attack

Showing 1 to 15 of 15 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.178.110.30

🇳🇱 45.148.10.147

🇺🇸 44.160.167.23

🇨🇳 14.29.214.161

🇩🇪 47.91.76.73

🇬🇧 35.203.210.199

🇺🇸 20.163.60.205

🇰🇷 222.108.39.109

🇹🇼 111.70.32.8

🇨🇦 85.217.149.46

🇳🇱 80.82.68.8

🇺🇸 44.248.229.176

🇺🇸 44.181.172.130

🇨🇭 20.250.43.245

🇺🇸 2602:80d:1008::58

🇧🇷 200.2.29.48

🇭🇰 165.154.1.18

🇫🇷 158.220.125.127

🇫🇮 94.183.234.128

🇩🇪 87.106.210.86