117.50.94.229 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Shanghai UCloud Information Technology Company Limited

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Dec 22 15:53:07 MK-Soft-Root2 sshd[32043]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 Dec 22 15:53:10 MK-Soft-Root2 sshd[32043]: Failed password for invalid user verbrugge from 117.50.94.229 port 9534 ssh2 ...	2019-12-22 23:29:31
attack	Dec 15 23:40:55 heissa sshd\[24991\]: Invalid user nasirah from 117.50.94.229 port 52862 Dec 15 23:40:55 heissa sshd\[24991\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 Dec 15 23:40:57 heissa sshd\[24991\]: Failed password for invalid user nasirah from 117.50.94.229 port 52862 ssh2 Dec 15 23:49:38 heissa sshd\[26328\]: Invalid user vic from 117.50.94.229 port 10882 Dec 15 23:49:38 heissa sshd\[26328\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229	2019-12-16 07:12:55
attack	Dec 11 14:31:27 vibhu-HP-Z238-Microtower-Workstation sshd\[5775\]: Invalid user verdeyen from 117.50.94.229 Dec 11 14:31:27 vibhu-HP-Z238-Microtower-Workstation sshd\[5775\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 Dec 11 14:31:29 vibhu-HP-Z238-Microtower-Workstation sshd\[5775\]: Failed password for invalid user verdeyen from 117.50.94.229 port 39184 ssh2 Dec 11 14:38:33 vibhu-HP-Z238-Microtower-Workstation sshd\[6257\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 user=nobody Dec 11 14:38:35 vibhu-HP-Z238-Microtower-Workstation sshd\[6257\]: Failed password for nobody from 117.50.94.229 port 36714 ssh2 ...	2019-12-11 18:42:44
attackbotsspam	Nov 22 16:02:18 gw1 sshd[8507]: Failed password for root from 117.50.94.229 port 45218 ssh2 ...	2019-11-22 19:16:08
attackspam	2019-11-16T08:32:23.229285abusebot.cloudsearch.cf sshd\[7573\]: Invalid user warliker from 117.50.94.229 port 16112	2019-11-16 18:37:48
attackbotsspam	Nov 14 16:23:35 vtv3 sshd\[12429\]: Invalid user dbus from 117.50.94.229 port 35410 Nov 14 16:23:35 vtv3 sshd\[12429\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 Nov 14 16:23:37 vtv3 sshd\[12429\]: Failed password for invalid user dbus from 117.50.94.229 port 35410 ssh2 Nov 14 16:28:35 vtv3 sshd\[14512\]: Invalid user test from 117.50.94.229 port 13020 Nov 14 16:28:35 vtv3 sshd\[14512\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 Nov 14 16:38:51 vtv3 sshd\[19176\]: Invalid user guest from 117.50.94.229 port 24712 Nov 14 16:38:51 vtv3 sshd\[19176\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 Nov 14 16:38:53 vtv3 sshd\[19176\]: Failed password for invalid user guest from 117.50.94.229 port 24712 ssh2 Nov 14 16:46:25 vtv3 sshd\[22561\]: Invalid user named from 117.50.94.229 port 58796 Nov 14 16:46:25 vtv3 sshd\[22561\]: pam_unix	2019-11-15 03:10:39
attackspam	Oct 13 22:14:21 ns41 sshd[21190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229	2019-10-14 06:19:14
attack	Oct 11 17:41:27 meumeu sshd[5431]: Failed password for root from 117.50.94.229 port 18222 ssh2 Oct 11 17:46:17 meumeu sshd[6213]: Failed password for root from 117.50.94.229 port 48768 ssh2 ...	2019-10-12 11:44:13
attackspam	Oct 10 06:55:03 server sshd\[4360\]: User root from 117.50.94.229 not allowed because listed in DenyUsers Oct 10 06:55:03 server sshd\[4360\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 user=root Oct 10 06:55:05 server sshd\[4360\]: Failed password for invalid user root from 117.50.94.229 port 20666 ssh2 Oct 10 06:59:18 server sshd\[17225\]: User root from 117.50.94.229 not allowed because listed in DenyUsers Oct 10 06:59:18 server sshd\[17225\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 user=root	2019-10-10 12:16:28
attack	Oct 9 03:27:51 web9 sshd\[20354\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 user=root Oct 9 03:27:54 web9 sshd\[20354\]: Failed password for root from 117.50.94.229 port 10652 ssh2 Oct 9 03:32:51 web9 sshd\[21036\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 user=root Oct 9 03:32:53 web9 sshd\[21036\]: Failed password for root from 117.50.94.229 port 43434 ssh2 Oct 9 03:37:49 web9 sshd\[21727\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 user=root	2019-10-09 21:39:37
attack	Oct 4 17:50:37 kapalua sshd\[14619\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 user=root Oct 4 17:50:38 kapalua sshd\[14619\]: Failed password for root from 117.50.94.229 port 17994 ssh2 Oct 4 17:53:58 kapalua sshd\[14948\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 user=root Oct 4 17:54:00 kapalua sshd\[14948\]: Failed password for root from 117.50.94.229 port 44510 ssh2 Oct 4 17:57:12 kapalua sshd\[15209\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 user=root	2019-10-05 12:02:55
attackbots	Sep 28 03:40:30 sachi sshd\[4511\]: Invalid user jie from 117.50.94.229 Sep 28 03:40:30 sachi sshd\[4511\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 Sep 28 03:40:33 sachi sshd\[4511\]: Failed password for invalid user jie from 117.50.94.229 port 33778 ssh2 Sep 28 03:45:17 sachi sshd\[4923\]: Invalid user james from 117.50.94.229 Sep 28 03:45:17 sachi sshd\[4923\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229	2019-09-28 22:02:56
attackbots	Sep 25 05:49:08 srv206 sshd[5302]: Invalid user bart from 117.50.94.229 ...	2019-09-25 17:42:40
attackbotsspam	Aug 1 07:41:42 MK-Soft-VM7 sshd\[28327\]: Invalid user lionel from 117.50.94.229 port 40286 Aug 1 07:41:42 MK-Soft-VM7 sshd\[28327\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.229 Aug 1 07:41:44 MK-Soft-VM7 sshd\[28327\]: Failed password for invalid user lionel from 117.50.94.229 port 40286 ssh2 ...	2019-08-01 17:45:46

Comments on same subnet:

IP	Type	Details	Datetime
117.50.94.134	attackbots	May 31 00:40:02 ny01 sshd[4132]: Failed password for root from 117.50.94.134 port 36896 ssh2 May 31 00:43:37 ny01 sshd[4582]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.50.94.134 May 31 00:43:39 ny01 sshd[4582]: Failed password for invalid user git from 117.50.94.134 port 49160 ssh2	2020-05-31 12:59:31
117.50.94.134	attackspambots	Invalid user nginxtcp from 117.50.94.134 port 59386	2020-04-03 23:51:49
117.50.94.134	attack	SSH invalid-user multiple login try	2020-03-28 05:01:20
117.50.94.134	attack	SSH Invalid Login	2020-03-24 07:40:01

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 117.50.94.229
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17543
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;117.50.94.229.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080100 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Thu Aug 01 17:45:37 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 229.94.50.117.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 229.94.50.117.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
125.62.197.177	attackbots	DATE:2020-04-13 19:12:32, IP:125.62.197.177, PORT:1433 MSSQL brute force auth on honeypot server (epe-honey1-hq)	2020-04-14 07:50:45
116.109.139.66	attack	Automatic report - Port Scan Attack	2020-04-14 07:45:22
128.199.91.233	attack	$f2bV_matches	2020-04-14 07:35:40
36.155.114.126	attackbots	Apr 14 00:10:08 vps sshd[30515]: Failed password for root from 36.155.114.126 port 36108 ssh2 Apr 14 00:16:53 vps sshd[30952]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.155.114.126 Apr 14 00:16:54 vps sshd[30952]: Failed password for invalid user dspace from 36.155.114.126 port 46612 ssh2 ...	2020-04-14 07:42:11
181.44.131.146	attack	MYH,DEF GET /wp-login.php	2020-04-14 07:51:42
203.150.243.176	attackbots	k+ssh-bruteforce	2020-04-14 07:43:47
196.1.97.216	attackbotsspam	$f2bV_matches	2020-04-14 07:45:50
222.186.175.148	attack	04/13/2020-19:29:28.626426 222.186.175.148 Protocol: 6 ET SCAN Potential SSH Scan	2020-04-14 07:30:16
104.168.28.195	attackbotsspam	3x Failed Password	2020-04-14 07:34:26
183.89.215.26	attackbotsspam	IMAP brute force ...	2020-04-14 07:39:23
138.197.216.120	attackbotsspam	[Tue Apr 14 00:12:31.870741 2020] [:error] [pid 1037:tid 140156611426048] [client 138.197.216.120:61000] [client 138.197.216.120] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "972"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/"] [unique_id "XpSdf8-6y5MyHEKsIkHv7QAAAOE"] ...	2020-04-14 07:47:27
58.218.209.84	attack	k+ssh-bruteforce	2020-04-14 07:46:48
117.157.71.16	attack	Target: :55555	2020-04-14 07:20:42
202.43.146.107	attackbots	SSH Invalid Login	2020-04-14 07:50:19
2.37.231.114	attack	Automatic report - Port Scan Attack	2020-04-14 07:19:44

Recently Reported IPs

1.1.216.211	177.99.190.122	125.165.37.100	213.194.161.47
197.55.167.0	178.159.249.66	177.84.98.186	137.59.213.29
129.122.16.162	61.109.98.71	185.235.244.50	113.70.46.186
222.188.32.54	62.218.54.36	62.12.93.87	152.168.246.131
176.212.24.11	99.19.75.34	190.121.25.248	128.233.36.196