JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 121.204.162.111

121.204.162.111 was found in our database!

This IP was reported 85 times. Confidence of Abuse is 100%: ?

100%

ISP	CHINANET Fujian province network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS133774
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Fuzhou, Fujian

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 121.204.162.111

Whois 121.204.162.111

IP Abuse Reports for 121.204.162.111:

This IP address has been reported a total of 85 times from 61 distinct sources. 121.204.162.111 was first reported on June 1st 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 sbocquet	2026-06-02 15:01:41 (1 day ago)	Port 443 scanned from 121.204.162.111:42836.	Port Scan
🇺🇸 TPI-Abuse	2026-06-02 15:00:46 (1 day ago)	(mod_security) mod_security (id:218420) triggered by 121.204.162.111 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:218420) triggered by 121.204.162.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 11:00:42.532986 2026] [security2:error] [pid 4793:tid 4793] [client 121.204.162.111:34000] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.72:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.72"] [uri "/hello.world"] [unique_id "ah7wGrIqqV1w31-FRR7MxwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 14:31:34 (1 day ago)	(mod_security) mod_security (id:218420) triggered by 121.204.162.111 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:218420) triggered by 121.204.162.111 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 10:31:28.886851 2026] [security2:error] [pid 29525:tid 29525] [client 121.204.162.111:39100] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "38"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.151.10:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.151.10"] [uri "/hello.world"] [unique_id "ah7pQKRC4jbWCV724wEVjgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 albionfreemarket.com	2026-06-02 13:59:05 (1 day ago)	121.204.162.111 - - [02/Jun/2026:13:59:00 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdi ... show more 121.204.162.111 - - [02/Jun/2026:13:59:00 +0000] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 403 153 "-" "libredtail-http" 0.000 "-" 121.204.162.111 - - [02/Jun/2026:13:59:03 +0000] "GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 403 153 "-" "libredtail-http" 0.000 "-" ... show less	Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-06-02 13:23:35 (1 day ago)	Blocked by UFW (TCP on 443) Source port: 54434 TTL: 40 Packet length: 40 TOS: 0x08 This report (for ... show more Blocked by UFW (TCP on 443) Source port: 54434 TTL: 40 Packet length: 40 TOS: 0x08 This report (for 121.204.162.111) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan Web App Attack
🇩🇪 Marcin Stepien	2026-06-02 13:10:09 (1 day ago)	Hit honeypot endpoint /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh. Automated s ... show more Hit honeypot endpoint /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh. Automated scanner/bot detected. show less	Bad Web Bot Web App Attack
Anonymous	2026-06-02 13:09:06 (1 day ago)	Bot / scanning and/or hacking attempts: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/. ... show more Bot / scanning and/or hacking attempts: POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e show less	Hacking Web App Attack
🇩🇪 gadix	2026-06-02 12:49:18 (1 day ago)	[02/Jun/2026:14:49:00.490286 +0200] ah7RPFwkSGJzupaGDbNGyAAAAAM 121.204.162.111 48988 127.0.0.1 7080 ... show more [02/Jun/2026:14:49:00.490286 +0200] ah7RPFwkSGJzupaGDbNGyAAAAAM 121.204.162.111 48988 127.0.0.1 7080 [02/Jun/2026:14:49:00.716209 +0200] ah7RPOdrStMfsoDXm9r52gAAAAE 121.204.162.111 48996 127.0.0.1 7080 [02/Jun/2026:14:49:15.251693 +0200] ah7RS0Kf29di7QjSTj_RdwAAAAg 121.204.162.111 52840 127.0.0.1 7080 ... show less	Web App Attack
🇺🇸 RAP	2026-06-02 12:47:51 (1 day ago)	2026-06-02 12:47:51 UTC Unauthorized activity to TCP port 23. Telnet	Port Scan
🇹🇭 Sawasdee	2026-06-02 12:39:06 (1 day ago)	Unwanted checking 80 or 443 port ...	Bad Web Bot
🇦🇹 Starburst SysOp Team	2026-06-02 12:37:01 (1 day ago)	Host header is a numeric IP address. Pattern match "(?:^( (920350-ams6-1)	Hacking Bad Web Bot
🇯🇵 pixelboost.kr	2026-06-02 12:32:51 (1 day ago)	121.204.162.111 - - [02/Jun/2026:21:32:04 +0900] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/. ... show more 121.204.162.111 - - [02/Jun/2026:21:32:04 +0900] "POST /cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh HTTP/1.1" 400 150 "-" "-" 121.204.162.111 - - [02/Jun/2026:21:32:50 +0900] "POST /cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh HTTP/1.1" 400 150 "-" "-" ... show less	Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-06-02 12:18:51 (1 day ago)	Blocked by UFW (TCP on 2222) Source port: 43527 TTL: 42 Packet length: 40 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 2222) Source port: 43527 TTL: 42 Packet length: 40 TOS: 0x00 This report (for 121.204.162.111) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-06-02 12:18:46 (1 day ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇸🇬 apnic.network	2026-06-02 11:47:48 (2 days ago)	Invalid user admin from 121.204.162.111 port 56684	Brute-Force SSH

Showing 61 to 75 of 85 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 172.233.54.213

🇫🇷 144.91.96.30

🇺🇸 64.62.197.202

🇸🇬 47.84.130.19

🇬🇧 198.178.235.35

🇮🇳 152.32.156.158

🇨🇳 117.72.84.226

🇩🇪 91.107.151.199

🇩🇪 69.5.169.3

🇸🇬 68.183.236.1

🇺🇸 64.62.197.85

🇳🇱 45.148.10.147

🇩🇪 213.209.159.238

🇳🇱 204.76.203.214

🇹🇳 197.5.145.114

🇺🇸 162.216.150.32

🇺🇸 20.64.104.62

🇷🇴 2.57.121.25

🇨🇳 222.88.225.195

🇺🇸 216.180.246.50