JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 119.249.100.109

119.249.100.109 was found in our database!

This IP was reported 535 times. Confidence of Abuse is 95%: ?

95%

ISP	China Unicom Heibei Province Network
Usage Type	Fixed Line ISP
ASN	AS4837
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Luancheng, Hebei

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 119.249.100.109

Whois 119.249.100.109

IP Abuse Reports for 119.249.100.109:

This IP address has been reported a total of 535 times from 70 distinct sources. 119.249.100.109 was first reported on October 4th 2025, and the most recent report was 16 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇪🇸 librebit	2026-06-03 11:37:12 (16 hours ago)	Brute force	Brute-Force
🇺🇸 fortypoundhead	2026-06-03 09:41:41 (18 hours ago)	Banned IP Address	Hacking Web App Attack
🇨🇦 1gz	2026-06-03 05:34:42 (22 hours ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /kerko.php UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇫🇷 masterguru	2026-06-03 05:26:36 (22 hours ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 119.249.100.109 (CN/China/-): 1 in th ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 119.249.100.109 (CN/China/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇨🇦 1gz	2026-06-02 09:00:58 (1 day ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /shqiperi/rama-konference-per-media/473657/ UA: Mozilla/5.0 (Linux;u;Android 4.2.2;zh-cn;) AppleWebKit/534.46 (KHTML,like Gecko) Version/5.1 Mobile Safari/10600.6.3 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇦 1gz	2026-06-01 06:06:46 (2 days ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /kerko.php UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
Anonymous	2026-05-31 09:27:30 (3 days ago)	FortiWeb WAF: 38 attacks detected. Threat Score: 5800. Types: Client Management(19), GEO IP(19). Ori ... show more FortiWeb WAF: 38 attacks detected. Threat Score: 5800. Types: Client Management(19), GEO IP(19). Origin: China. show less	Web App Attack
🇨🇦 1gz	2026-05-31 03:34:20 (4 days ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /kerko.php UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-30 11:07:19 (4 days ago)	(mod_security) mod_security (id:210492) triggered by 119.249.100.109 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 119.249.100.109 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 07:07:12.906593 2026] [security2:error] [pid 12370:tid 12370] [client 119.249.100.109:7272] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "grandpont-house.org"] [uri "/wp-config.php"] [unique_id "ahrE4HyA7w5ZTB4uX_9cjwAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 1gz	2026-05-29 23:49:13 (5 days ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /shendetesi/ushqimet-verore-qe-ulin-tensionin-e-larte-ne-gjak/414970/ UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇨🇦 1gz	2026-05-29 18:22:39 (5 days ago)	Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from CN. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /kerko.php UA: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 fortypoundhead	2026-05-29 03:16:39 (6 days ago)	Banned IP Address	Hacking Web App Attack
🇮🇩 soc-yk	2026-05-29 00:34:12 (6 days ago)	Type: suspicious_network_activity Threat: suspicious_public_web_client Risk: 89 Events: 12 Evidence ... show more Type: suspicious_network_activity Threat: suspicious_public_web_client Risk: 89 Events: 12 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed show less	Port Scan Hacking
🇺🇸 WellSpring	2026-05-27 23:54:44 (1 week ago)	xmlrpc exploit on prodigalmirror.org/xmlrpc.php — WellSpr.ing/NetSentinel civic-AI security layer	Brute-Force Web App Attack
🇮🇩 soc-yk	2026-05-27 21:34:11 (1 week ago)	Type: suspicious_network_activity Threat: suspicious_public_web_client Risk: 89 Events: 10 Evidence ... show more Type: suspicious_network_activity Threat: suspicious_public_web_client Risk: 89 Events: 10 Evidence: - Persistent suspicious network activity detected - Repeated hostile operational behavior observed show less	Port Scan Hacking

Showing 1 to 15 of 535 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.158

🇺🇸 153.75.250.144

🇧🇪 34.76.9.193

🇩🇪 213.209.159.242

🇩🇪 213.209.159.235

🇵🇭 210.79.179.244

🇨🇭 209.99.190.113

🇧🇪 198.235.24.240

🇺🇸 172.212.200.96

🇧🇷 131.161.249.165

🇪🇸 94.228.7.54

🇺🇸 85.239.151.41

🇪🇪 84.52.39.29

🇺🇸 70.120.203.193

🇳🇱 45.148.10.121

🇬🇧 35.203.210.169

🇮🇩 34.128.77.56

🇯🇵 8.216.4.250

🇹🇭 1.4.131.5

🇲🇽 189.203.163.10