JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.209.111.122

102.209.111.122 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 11%: ?

11%

ISP	Savanna Fibre Naguru
Usage Type	Fixed Line ISP
ASN	AS329415
Domain Name	savannafibre.com
Country	🇺🇬 Uganda
City	Kampala, Central Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.209.111.122

Whois 102.209.111.122

IP Abuse Reports for 102.209.111.122:

This IP address has been reported a total of 12 times from 9 distinct sources. 102.209.111.122 was first reported on December 6th 2025, and the most recent report was 4 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇴 jlouisbiz	2026-06-24 06:40:10 (4 hours ago)	2026-06-24T06:39:50.757664+00:00 comm.rcdrun.com auth[2111504]: pam_unix(dovecot:auth): authenticati ... show more 2026-06-24T06:39:50.757664+00:00 comm.rcdrun.com auth[2111504]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.122 2026-06-24T06:40:00.475907+00:00 comm.rcdrun.com auth[2111504]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.122 2026-06-24T06:40:09.420111+00:00 comm.rcdrun.com auth[2111546]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.122 ... show less	Brute-Force
🇳🇴 jlouisbiz	2026-06-24 05:39:00 (5 hours ago)	2026-06-24T05:38:39.766050+00:00 comm.rcdrun.com auth[2108143]: pam_unix(dovecot:auth): authenticati ... show more 2026-06-24T05:38:39.766050+00:00 comm.rcdrun.com auth[2108143]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.122 2026-06-24T05:38:50.375718+00:00 comm.rcdrun.com auth[2108319]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.122 2026-06-24T05:38:59.621979+00:00 comm.rcdrun.com auth[2108319]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.122 ... show less	Brute-Force
🇩🇪 Vegascosmetics	2026-06-10 09:13:20 (2 weeks ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security	DDoS Attack Hacking Exploited Host
🇫🇷 dynamix	2026-04-24 13:57:24 (1 month ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-04-24 13:29:50 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 102.209.111.122 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.209.111.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 09:29:43.220517 2026] [security2:error] [pid 29483:tid 29483] [client 102.209.111.122:13819] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.209.111.122 (+1 hits since last alert)\|nuewines.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "nuewines.com"] [uri "/xmlrpc.php"] [unique_id "aetwRzCK2rBqe4pAMl-Z2wAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-24 12:48:48 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 102.209.111.122 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.209.111.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Apr 24 08:48:43.375197 2026] [security2:error] [pid 589809:tid 589809] [client 102.209.111.122:65210] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.209.111.122 (+1 hits since last alert)\|desarrollosdecolima.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "desarrollosdecolima.com"] [uri "/xmlrpc.php"] [unique_id "aetmq5IqOi8Dr5vC_z2WDgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 applemooz	2026-04-24 09:52:21 (2 months ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
Anonymous	2026-04-24 09:05:02 (2 months ago)	Blocked: Reason='Vulnerability probing — PHP scan detected (150/60 min)'; Requests=150	Port Scan
🇺🇸 TPI-Abuse	2026-04-23 21:46:56 (2 months ago)	(mod_security) mod_security (id:240335) triggered by 102.209.111.122 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.209.111.122 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 17:46:51.931665 2026] [security2:error] [pid 11965:tid 12039] [client 102.209.111.122:53452] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.209.111.122 (+1 hits since last alert)\|theyogicat.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theyogicat.com"] [uri "/xmlrpc.php"] [unique_id "aeqTSxDMt2fcbBZA09VxvQAAAQc"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇭 MLCloud	2026-01-09 14:55:33 (5 months ago)	Honeypot hit: Unauthorized connection attempt detected on 23/TELNET	Port Scan Hacking
🇮🇹 VHosting	2025-12-23 11:23:03 (6 months ago)	Detected attack and reported by a human	DDoS Attack Brute-Force Bad Web Bot Exploited Host Web App Attack SSH
Anonymous	2025-12-06 01:12:06 (6 months ago)	botnet	DDoS Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇰 188.44.20.33

🇨🇳 122.224.240.99

🇳🇱 176.65.139.181

🇿🇦 102.209.184.46

🇫🇷 85.217.140.49

🇺🇸 71.6.134.235

🇺🇸 71.6.134.234

🇫🇷 64.204.13.215

🇩🇪 45.43.62.37

🇨🇳 8.153.38.116

🇯🇵 194.5.48.104

🇭🇰 152.32.240.167

🇮🇳 123.108.206.3

🇺🇸 91.230.168.228

🇺🇸 47.251.59.83

🇹🇷 212.252.73.26

🇺🇸 207.90.244.17

🇩🇪 185.220.100.251

🇨🇳 123.182.51.133

🇻🇳 103.176.20.115