JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.209.111.217

102.209.111.217 was found in our database!

This IP was reported 6 times. Confidence of Abuse is 25%: ?

25%

ISP	Savanna Fibre Naguru
Usage Type	Fixed Line ISP
ASN	AS329415
Domain Name	savannafibre.com
Country	🇺🇬 Uganda
City	Kampala, Central Region

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.209.111.217

Whois 102.209.111.217

IP Abuse Reports for 102.209.111.217:

This IP address has been reported a total of 6 times from 6 distinct sources. 102.209.111.217 was first reported on April 29th 2026, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-06-11 08:12:51 (23 hours ago)	[Thu Jun 11 15:12:48.577374 2026] [security2:error] [pid 1508202:tid 139768558937792] [client 102.20 ... show more [Thu Jun 11 15:12:48.577374 2026] [security2:error] [pid 1508202:tid 139768558937792] [client 102.209.111.217:41385] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.bing.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.bing.go.id found within REQUEST_HEADERS:Referer: https://www.bing.go.id/ request_line = GET /index.php HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php"] [unique_id "aipuABVlFj5sXNgxwc0dkwAByxg"], referer https://www.bing.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1508290] [HbPz7LXax4E] [aipuABVlFj5sXNgxwc0dkwAByxg] keep_alive=[1] [2026-06-11 15:12:48.577377] [R:aipuABVlFj5sXNgxwc0dkwAByxg] UA:'Mozilla/5.0 (Linux; Android 14; Pixel 6 Pro) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.6261.119 Mobile Safari/537.36 OPR/81.2.4292.78581' Host ... show less	Email Spam Hacking
🇺🇸 TPI-Abuse	2026-05-05 10:19:40 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 102.209.111.217 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:240335) triggered by 102.209.111.217 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 05 06:19:33.082480 2026] [security2:error] [pid 30746:tid 30746] [client 102.209.111.217:36128] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.209.111.217 (+1 hits since last alert)\|waterspell.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "waterspell.net"] [uri "/xmlrpc.php"] [unique_id "afnENYZEkCM2XPO-ks3i8wAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Apache	2026-05-04 21:26:01 (1 month ago)	(mod_security) mod_security (id:240335) triggered by 102.209.111.217 (UG/Uganda/-): 5 in the last 30 ... show more (mod_security) mod_security (id:240335) triggered by 102.209.111.217 (UG/Uganda/-): 5 in the last 300 secs show less	Brute-Force Web App Attack
🇨🇭 4server	2026-05-04 06:43:28 (1 month ago)	[MonMay0408:43:23.8369492026][security2:error][pid194527:tid194801][client102.209.111.217:0]ModSecur ... show more [MonMay0408:43:23.8369492026][security2:error][pid194527:tid194801][client102.209.111.217:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"367\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"sesael.ch\"][uri\"/xmlrpc.php\"][unique_id\"afhACwNmmRfHrBB8CN7lYwAAAQU\"] show less	Hacking Web App Attack
🇧🇪 cmbplf	2026-05-03 20:43:52 (1 month ago)	2.171 requests with url.path */xmlrpc.php	Brute-Force Bad Web Bot
🇩🇪 HERA - Operations	2026-04-29 22:48:34 (1 month ago)	scelly - searching for vulnerable scripts: xmlrpc.php 2026/04/29 22:48:33	Web App Attack

Showing 1 to 6 of 6 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.62.32.180

🇨🇦 148.113.190.153

🇺🇸 91.230.168.5

🇱🇹 81.30.98.49

🇺🇸 45.33.7.4

🇬🇧 35.203.211.43

🇫🇷 167.86.117.136

🇭🇰 139.5.108.170

🇨🇳 115.190.81.215

🇸🇪 94.255.255.26

🇫🇷 91.231.89.159

🇫🇷 85.217.140.2

🇪🇸 84.120.22.250

🇮🇪 54.78.56.166

🇱🇹 45.227.254.170

🇧🇷 45.164.251.67

🇳🇱 45.148.10.141

🇫🇷 5.196.71.131

🇮🇳 4.240.106.247

🇰🇷 220.80.223.144