JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 102.210.28.78

102.210.28.78 was found in our database!

This IP was reported 36 times. Confidence of Abuse is 44%: ?

44%

ISP	Vilcom_Networks_Limited_Home
Usage Type	Fixed Line ISP
ASN	AS329014
Domain Name	vilcom.co.ke
Country	🇰🇪 Kenya
City	Eldoret, Uasin Gishu County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 102.210.28.78

Whois 102.210.28.78

IP Abuse Reports for 102.210.28.78:

This IP address has been reported a total of 36 times from 19 distinct sources. 102.210.28.78 was first reported on July 24th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Vegascosmetics	2026-06-29 14:55:11 (1 day ago)	(Kingcopy.org-AI-IDS-Report):IP automatically blocked after obfuscated redirect. Vegas Security	DDoS Attack Hacking Exploited Host
🇺🇸 kosada.com	2026-06-29 09:39:15 (1 day ago)	Web bot: denial-of-service flood	DDoS Attack Bad Web Bot
🇺🇸 integrantservices.com	2026-06-20 19:33:12 (1 week ago)	(wordpress) Failed wordpress login from 102.210.28.78 (KE/Kenya/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-20 17:43:58 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 102.210.28.78 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 102.210.28.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 13:43:54.760344 2026] [security2:error] [pid 18247:tid 18268] [client 102.210.28.78:55919] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.210.28.78 (+1 hits since last alert)\|michaelrandon.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "michaelrandon.com"] [uri "/xmlrpc.php"] [unique_id "ajbRWkQ4C9cU-H-GNahHlQAAARM"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 hermawan	2026-06-14 01:59:37 (2 weeks ago)	[Sun Jun 14 08:59:33.871062 2026] [security2:error] [pid 1409523:tid 139664537642688] [client 102.21 ... show more [Sun Jun 14 08:59:33.871062 2026] [security2:error] [pid 1409523:tid 139664537642688] [client 102.210.28.78:9529] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.bmkg.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.bmkg.go.id found within REQUEST_HEADERS:Referer: https://www.bmkg.go.id/ request_line = GET /index.php/profil/meteorologi/geofisika/555558584-poster-skala-gempa-mmi HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/geofisika/555558584-poster-skala-gempa-mmi"] [unique_id "ai4LBVGl6wfbVteDQttbPgAADwM"], referer https://www.bmkg.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[1409527] [ci2iD21ScVE] [ai4LBVGl6wfbVteDQttbPgAADwM] keep_alive=[1] [2026-06-14 08:59:33.871066] [R:ai4LBVGl6wfbVteDQttbPgAADwM] UA:'Mozilla/5.0 (Linux; Android 11; ... show less	Email Spam Hacking
Anonymous	2026-06-12 21:20:22 (2 weeks ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇩🇪 dbmwebdesign	2026-06-07 16:10:19 (3 weeks ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 03:40:29 (4 weeks ago)	(mod_security) mod_security (id:240335) triggered by 102.210.28.78 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 102.210.28.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 23:40:25.144401 2026] [security2:error] [pid 11616:tid 11616] [client 102.210.28.78:6133] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 102.210.28.78 (+1 hits since last alert)\|technesa.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "technesa.com"] [uri "/xmlrpc.php"] [unique_id "ah5QqVOYfpeoDiuw9ll68wAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SMARTNET	2026-05-27 06:03:53 (1 month ago)	Aisuru(Mirai variant) DDoS \| Incident ID: f1070d75-0361-4f12-acbc-5b2e68f9d191	DDoS Attack
🇺🇸 TPI-Abuse	2026-05-22 06:43:37 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 102.210.28.78 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 102.210.28.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 02:43:30.846163 2026] [security2:error] [pid 23221:tid 23221] [client 102.210.28.78:42791] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|badconsultingllc.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "badconsultingllc.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ag_7EloiapH_1UQP2lSKUgAAAA0"], referer: https://duckduckgo.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-25 09:47:53 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 102.210.28.78 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 102.210.28.78 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 25 05:47:45.898381 2026] [security2:error] [pid 12606:tid 12606] [client 102.210.28.78:8000] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|pswebsite.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "pswebsite.com"] [uri "/answer.com"] [unique_id "acOvQZelow7HxubURnUcEgAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-03-20 21:12:53 (3 months ago)	SMTP brute force - auth failed	Brute-Force Exploited Host
🇯🇵 VXG-NET	2026-03-02 15:25:21 (3 months ago)	port=80, indicator_type=sql-injection	SQL Injection
Anonymous	2026-01-23 11:21:31 (5 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-12-11 15:10:20 (6 months ago)	botnet	DDoS Attack

Showing 1 to 15 of 36 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 2404:6800:4000:1017::12c

🇺🇸 184.105.139.67

🇩🇪 167.172.181.168

🇺🇸 162.216.150.226

🇬🇧 154.16.44.102

🇬🇧 154.16.44.10

🇩🇪 139.162.128.205

🇺🇸 107.151.200.83

🇩🇪 65.111.23.223

🇺🇸 64.62.156.212

🇱🇹 62.60.130.219

🇬🇧 35.203.211.28

🇬🇧 35.203.211.17

🇬🇧 35.203.210.140

🇹🇳 197.3.180.68

🇭🇰 194.187.178.120

🇨🇴 191.97.12.90

🇨🇳 182.37.87.18

🇺🇸 172.212.224.40

🇺🇸 162.216.149.185