117.94.21.222 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
117.94.21.34	attackspambots	srvr2: (mod_security) mod_security (id:920350) triggered by 117.94.21.34 (CN/-/-): 1 in the last 600 secs; Ports: ; Direction: inout; Trigger: LF_MODSEC; Logs: 2020/08/22 14:13:27 [error] 861202#0: 905407 [client 117.94.21.34] ModSecurity: Access denied with code 406 (phase 2). Matched "Operator `Rx' with parameter `^[\d.:]+$' against variable `REQUEST_HEADERS:Host' [redacted] [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "718"] [id "920350"] [rev ""] [msg "Host header is a numeric IP address"] [redacted] [severity "4"] [ver "OWASP_CRS/3.3.0"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [redacted] [uri "/phpmyadmin/"] [unique_id "159809840790.964652"] [ref "o0,11v155,11"], client: 117.94.21.34, [redacted] request: "GET /phpmyadmin/ HTTP/1.1" [redacted]	2020-08-22 23:22:18
117.94.217.40	attackspambots	Honeypot attack, port: 5555, PTR: PTR record not found	2020-03-31 00:10:38
117.94.213.87	attackbots	Unauthorized connection attempt detected from IP address 117.94.213.87 to port 6656 [T]	2020-01-30 18:29:04
117.94.215.171	attackbotsspam	Unauthorized connection attempt detected from IP address 117.94.215.171 to port 6656 [T]	2020-01-30 17:27:02
117.94.213.93	attack	Unauthorized connection attempt detected from IP address 117.94.213.93 to port 6656 [T]	2020-01-30 16:59:00
117.94.215.167	attack	Unauthorized connection attempt detected from IP address 117.94.215.167 to port 6656 [T]	2020-01-30 14:44:07
117.94.215.170	attackspam	Unauthorized connection attempt detected from IP address 117.94.215.170 to port 6656 [T]	2020-01-30 14:16:03
117.94.214.121	attack	Unauthorized connection attempt detected from IP address 117.94.214.121 to port 6656 [T]	2020-01-29 19:26:59
117.94.215.164	attack	Unauthorized connection attempt detected from IP address 117.94.215.164 to port 6656 [T]	2020-01-29 19:03:36
117.94.214.235	attack	Unauthorized connection attempt detected from IP address 117.94.214.235 to port 6656 [T]	2020-01-29 17:02:22
117.94.214.64	attackbots	Unauthorized connection attempt detected from IP address 117.94.214.64 to port 6656 [T]	2020-01-27 06:16:18
117.94.214.152	attackbotsspam	Unauthorized connection attempt detected from IP address 117.94.214.152 to port 6656 [T]	2020-01-27 05:55:39
117.94.218.211	attackspam	Lines containing failures of 117.94.218.211 Nov 2 04:13:54 * sshd[74751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.94.218.211 user=r.r Nov 2 04:13:55 * sshd[74751]: Failed password for r.r from 117.94.218.211 port 1486 ssh2 Nov 2 04:14:01 * sshd[74751]: message repeated 3 serveres: [ Failed password for r.r from 117.94.218.211 port 1486 ssh2] Nov 2 04:14:03 * sshd[74751]: Failed password for r.r from 117.94.218.211 port 1486 ssh2 Nov 2 04:14:03 * sshd[74751]: Connection reset by authenticating user r.r 117.94.218.211 port 1486 [preauth] Nov 2 04:14:03 * sshd[74751]: PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.94.218.211 user=r.r Nov 2 04:14:05 * sshd[74760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.94.218.211 user=r.r Nov 2 04:14:06 * sshd[74760]: Failed password for r.r from 117.94.218.211 port 2305 ssh2 ........ ------------------------------	2019-11-02 13:58:36

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 117.94.21.222
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29422
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;117.94.21.222.			IN	A

;; AUTHORITY SECTION:
.			442	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022030400 1800 900 604800 86400

;; Query time: 58 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Mar 04 23:22:39 CST 2022
;; MSG SIZE  rcvd: 106

Host info

Host 222.21.94.117.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 222.21.94.117.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.186.175.220	attackspambots	Jan 12 23:41:53 silence02 sshd[2798]: Failed password for root from 222.186.175.220 port 50942 ssh2 Jan 12 23:42:03 silence02 sshd[2798]: Failed password for root from 222.186.175.220 port 50942 ssh2 Jan 12 23:42:06 silence02 sshd[2798]: Failed password for root from 222.186.175.220 port 50942 ssh2 Jan 12 23:42:06 silence02 sshd[2798]: error: maximum authentication attempts exceeded for root from 222.186.175.220 port 50942 ssh2 [preauth]	2020-01-13 06:55:30
209.12.167.197	attackbotsspam	Unauthorized connection attempt detected from IP address 209.12.167.197 to port 2220 [J]	2020-01-13 07:06:58
192.71.201.163	attackspam	Jan 12 14:52:15 XXX sshd[31247]: Did not receive identification string from 192.71.201.163 Jan 12 14:52:15 XXX sshd[31248]: Did not receive identification string from 192.71.201.163 Jan 12 14:52:15 XXX sshd[31246]: Did not receive identification string from 192.71.201.163 Jan 12 14:52:16 XXX sshd[31249]: Did not receive identification string from 192.71.201.163 Jan 12 14:52:16 XXX sshd[31250]: Did not receive identification string from 192.71.201.163 Jan 12 14:52:16 XXX sshd[31251]: Did not receive identification string from 192.71.201.163 Jan 12 14:52:16 XXX sshd[31252]: Did not receive identification string from 192.71.201.163 Jan 12 14:52:16 XXX sshd[31254]: Did not receive identification string from 192.71.201.163 Jan 12 14:52:16 XXX sshd[31253]: Did not receive identification string from 192.71.201.163 Jan 12 14:52:16 XXX sshd[31255]: Did not receive identification string from 192.71.201.163 Jan 12 14:52:16 XXX sshd[31256]: Did not receive identification string fro........ -------------------------------	2020-01-13 06:56:27
122.55.19.115	attackspam	Jan 12 22:05:12 shared-1 sshd\[29756\]: Invalid user administrator from 122.55.19.115Jan 12 22:06:08 shared-1 sshd\[29769\]: Invalid user qhsupport from 122.55.19.115 ...	2020-01-13 06:49:30
222.186.175.183	attackspambots	Jan 12 18:06:37 plusreed sshd[12660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.183 user=root Jan 12 18:06:40 plusreed sshd[12660]: Failed password for root from 222.186.175.183 port 37140 ssh2 ...	2020-01-13 07:09:11
222.186.30.12	attackbotsspam	Jan 12 23:51:55 srv1-bit sshd[8731]: User root from 222.186.30.12 not allowed because not listed in AllowUsers Jan 12 23:57:06 srv1-bit sshd[8771]: User root from 222.186.30.12 not allowed because not listed in AllowUsers ...	2020-01-13 06:57:27
60.168.172.25	attackspambots	Brute force attempt	2020-01-13 06:46:15
201.152.225.221	attack	20/1/12@16:26:47: FAIL: Alarm-Network address from=201.152.225.221 20/1/12@16:26:47: FAIL: Alarm-Network address from=201.152.225.221 ...	2020-01-13 07:00:33
104.254.95.154	attackspam	(From erika.bianco@hotmail.com) Looking for powerful online promotion that has no per click costs and will get you new customers fast? Sorry to bug you on your contact form but actually that's exactly where I wanted to make my point. We can send your advertising text to sites via their contact forms just like you're getting this message right now. You can target by keyword or just start mass blasts to sites in the country of your choice. So let's say you want to send an ad to all the mortgage brokers in the US, we'll scrape websites for just those and post your advertisement to them. As long as you're promoting some kind of offer that's relevant to that type of business then you'll be blessed with awesome results! Write a quickie email to ethan3646hug@gmail.com to get details about how we do this	2020-01-13 07:07:16
176.31.253.204	attack	SSH Bruteforce attack	2020-01-13 07:05:30
101.21.202.226	attackspam	" "	2020-01-13 07:02:12
81.22.45.71	attack	Unauthorised access (Jan 13) SRC=81.22.45.71 LEN=40 TTL=248 ID=53658 TCP DPT=3389 WINDOW=1024 SYN Unauthorised access (Jan 10) SRC=81.22.45.71 LEN=40 TTL=248 ID=52644 TCP DPT=3389 WINDOW=1024 SYN Unauthorised access (Jan 9) SRC=81.22.45.71 LEN=40 TTL=249 ID=413 TCP DPT=3389 WINDOW=1024 SYN Unauthorised access (Jan 7) SRC=81.22.45.71 LEN=40 TTL=249 ID=8353 TCP DPT=3389 WINDOW=1024 SYN Unauthorised access (Jan 7) SRC=81.22.45.71 LEN=40 TTL=249 ID=61218 TCP DPT=3389 WINDOW=1024 SYN	2020-01-13 06:50:50
180.168.47.66	attackbotsspam	Unauthorized connection attempt detected from IP address 180.168.47.66 to port 2220 [J]	2020-01-13 07:03:28
80.238.134.16	attack	MYH,DEF GET /wp-login.php	2020-01-13 07:11:38
172.104.97.141	attack	Fail2Ban Ban Triggered	2020-01-13 06:49:06

Recently Reported IPs

117.94.21.209	117.94.21.37	117.94.21.4	117.94.21.234
117.94.21.2	117.94.21.40	117.94.21.45	114.235.23.14
117.94.21.71	117.94.21.24	114.235.23.140	117.94.21.16
114.235.23.144	114.235.23.146	114.235.23.148	114.235.23.149
114.235.23.150	117.94.222.75	117.94.222.80	117.94.222.82