JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.209.111.173

102.209.111.173 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 30%: ?

30%

ISP	Savanna Fibre Naguru
Usage Type	Fixed Line ISP
ASN	AS329415
Domain Name	savannafibre.com
Country	🇺🇬 Uganda
City	Kampala, Central Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.209.111.173

Whois 102.209.111.173

IP Abuse Reports for 102.209.111.173:

This IP address has been reported a total of 13 times from 11 distinct sources. 102.209.111.173 was first reported on September 8th 2025, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-07 18:24:38 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 102.209.111.173 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.209.111.173 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 14:24:31.812205 2026] [security2:error] [pid 6278:tid 6278] [client 102.209.111.173:49736] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.209.111.173 (+1 hits since last alert)\|michelehoop.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "michelehoop.com"] [uri "/xmlrpc.php"] [unique_id "aiW3X9R7F84CAuD7ZuTDsQAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Tha_14	2026-06-07 16:24:28 (3 days ago)	Limit on login attempts is reached	Brute-Force
🇫🇷 masterguru	2026-06-07 14:50:45 (3 days ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (88010-201)	Hacking
🇩🇪 filstal.org	2026-05-14 22:02:26 (3 weeks ago)	Automated bot: spoofed/impossible user-agent, web scraping or automated request patterns detected. U ... show more Automated bot: spoofed/impossible user-agent, web scraping or automated request patterns detected. UA: Mozilla/5.0 (Windows NT 4.0; wal-ET; rv:1.9.2.20) Gecko/4826-08-08 09:04:04.905624 Firefox/3.8 show less	Bad Web Bot Web App Attack
🇳🇴 jlouisbiz	2026-04-22 09:42:34 (1 month ago)	2026-04-22T09:42:11.789073+00:00 comm.rcdrun.com auth[154471]: pam_unix(dovecot:auth): authenticatio ... show more 2026-04-22T09:42:11.789073+00:00 comm.rcdrun.com auth[154471]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.173 2026-04-22T09:42:28.699603+00:00 comm.rcdrun.com auth[154471]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.173 2026-04-22T09:42:33.432970+00:00 comm.rcdrun.com auth[154471]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.173 ... show less	Brute-Force
🇳🇴 jlouisbiz	2026-04-22 08:37:22 (1 month ago)	2026-04-22T08:35:26.972202+00:00 comm.rcdrun.com auth[150791]: pam_unix(dovecot:auth): authenticatio ... show more 2026-04-22T08:35:26.972202+00:00 comm.rcdrun.com auth[150791]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.173 2026-04-22T08:37:10.559183+00:00 comm.rcdrun.com auth[150791]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.173 2026-04-22T08:37:20.793799+00:00 comm.rcdrun.com auth[150791]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.173 ... show less	Brute-Force
🇳🇴 jlouisbiz	2026-04-22 07:34:02 (1 month ago)	2026-04-22T07:33:40.868117+00:00 comm.rcdrun.com auth[148310]: pam_unix(dovecot:auth): authenticatio ... show more 2026-04-22T07:33:40.868117+00:00 comm.rcdrun.com auth[148310]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.173 2026-04-22T07:33:50.638293+00:00 comm.rcdrun.com auth[148310]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.173 2026-04-22T07:34:00.043824+00:00 comm.rcdrun.com auth[148310]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser=caesark rhost=102.209.111.173 ... show less	Brute-Force
🇩🇪 FeG Deutschland	2026-03-26 06:24:01 (2 months ago)	Mail: - login with unknown user - bruteforce	Brute-Force
🇳🇱 maxxsense	2026-03-25 00:41:48 (2 months ago)	102.209.111.173 (UG/Uganda/-), 12 distributed imapd attacks on account [redacted]	Brute-Force
🇺🇸 matt	2026-03-02 21:10:08 (3 months ago)	DDOS attack with query parameters attempting to overload WordPress site.	DDoS Attack
🇪🇸 el-brujo	2026-03-01 07:27:12 (3 months ago)	Cloudflare WAF: Request Path: / Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Wind ... show more Cloudflare WAF: Request Path: / Request Query: Host: foro.elhacker.net userAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Action: block Source: firewallManaged ASN Description: Savanna-Fibre-Limited Country: UG Method: GET Timestamp: 2026-03-01T07:27:12Z ruleId: 8629bb58defe4193ab4d493c7bd2d8fa. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇪🇸 librebit	2025-10-25 20:16:13 (7 months ago)	Listed IP in blacklist by postfix/dnsblog	Spoofing
🇷🇸 Smel	2025-09-08 02:49:11 (9 months ago)	Mail/25/465/587-993/995 Probe, Reject, BadAuth, Hack, SPAM -	Email Spam Hacking Brute-Force

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 167.172.156.156

🇺🇸 124.198.131.39

🇳🇱 104.248.94.33

🇷🇴 80.94.92.184

🇯🇵 47.91.2.219

🇬🇧 213.166.84.56

🇧🇷 189.59.171.239

🇮🇳 182.18.139.237

🇳🇱 176.65.139.130

🇰🇷 175.203.117.50

🇹🇭 154.197.69.64

🇧🇮 154.117.199.56

🇳🇱 104.248.93.163

🇳🇱 104.248.93.111

🇳🇱 104.248.92.92

🇺🇸 103.143.231.24

🇮🇩 103.101.216.218

🇭🇰 103.101.207.131

🇮🇩 103.100.84.116

🇺🇸 73.79.164.249