122.114.10.7 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Zhengzhou Giant Computer Network Technology Co. Ltd

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Automatic report generated by Wazuh	2019-07-17 14:52:53
attackbots	Restricted File Access Attempt Matched phrase "wp-config.php" at REQUEST_FILENAME. PHP Injection Attack: High-Risk PHP Function Name Found Matched phrase "call_user_func" at ARGS:function. PHP Injection Attack: Serialized Object Injection Pattern match "[oOcC]:\\d+:".+?":\\d+:{.}" at REQUEST_HEADERS:X-Forwarded-For. SQL Injection Attack Detected via libinjection Matched Data: sUE1c found within REQUEST_HEADERS:Referer: 554fcae493e564ee0dc75bdf2ebf94caads\|a:3:{s:2:\x22id\x22;s:3:\x22'/\x22;s:3:\x22num\x22;s:141:\x22*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b24524345275d3b6469652f2a2a2f286d6435284449524543544f52595f534550415241544f5229293b2f2f7d7d,0--\x22;s:4:\x22name\x22;s:3:\x22ads\x22;}554fcae493e564ee0dc75bdf2ebf94ca	2019-07-16 10:51:28

Type

Details

Datetime

attackbotsspam

Automatic report generated by Wazuh

2019-07-17 14:52:53

attackbots

Restricted File Access Attempt
Matched phrase "wp-config.php" at REQUEST_FILENAME.

PHP Injection Attack: High-Risk PHP Function Name Found
Matched phrase "call_user_func" at ARGS:function.

PHP Injection Attack: Serialized Object Injection
Pattern match "[oOcC]:\\d+:".+?":\\d+:{.*}" at REQUEST_HEADERS:X-Forwarded-For.

SQL Injection Attack Detected via libinjection
Matched Data: sUE1c found within REQUEST_HEADERS:Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:3:{s:2:\x22id\x22;s:3:\x22'/*\x22;s:3:\x22num\x22;s:141:\x22*/ union select 1,0x272F2A,3,4,5,6,7,8,0x7b247b24524345275d3b6469652f2a2a2f286d6435284449524543544f52595f534550415241544f5229293b2f2f7d7d,0--\x22;s:4:\x22name\x22;s:3:\x22ads\x22;}554fcae493e564ee0dc75bdf2ebf94ca

2019-07-16 10:51:28

Comments on same subnet:

IP	Type	Details	Datetime
122.114.10.66	attackspam	Invalid user brainy from 122.114.10.66 port 57220	2020-08-30 03:53:45
122.114.10.66	attack	SSH Invalid Login	2020-08-26 07:08:42
122.114.109.220	attackspam	Aug 25 15:17:39 vps sshd[14049]: Failed password for root from 122.114.109.220 port 24589 ssh2 Aug 25 15:29:10 vps sshd[14726]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.109.220 Aug 25 15:29:12 vps sshd[14726]: Failed password for invalid user csp from 122.114.109.220 port 19513 ssh2 ...	2020-08-25 21:33:03
122.114.109.220	attackbots	SSH bruteforce	2020-08-20 19:46:33
122.114.109.220	attackspam	malicious Brute-Force reported by https://www.patrick-binder.de ...	2020-07-22 08:48:49
122.114.109.220	attackbots	Unauthorised connection attempt detected at AUO MAIN. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-07-16 16:21:40
122.114.109.220	attack	2020-07-13T07:05:47.901445galaxy.wi.uni-potsdam.de sshd[8789]: Invalid user gis from 122.114.109.220 port 63732 2020-07-13T07:05:47.906455galaxy.wi.uni-potsdam.de sshd[8789]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.109.220 2020-07-13T07:05:47.901445galaxy.wi.uni-potsdam.de sshd[8789]: Invalid user gis from 122.114.109.220 port 63732 2020-07-13T07:05:49.353058galaxy.wi.uni-potsdam.de sshd[8789]: Failed password for invalid user gis from 122.114.109.220 port 63732 ssh2 2020-07-13T07:08:27.195230galaxy.wi.uni-potsdam.de sshd[9059]: Invalid user alan from 122.114.109.220 port 34131 2020-07-13T07:08:27.200417galaxy.wi.uni-potsdam.de sshd[9059]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.109.220 2020-07-13T07:08:27.195230galaxy.wi.uni-potsdam.de sshd[9059]: Invalid user alan from 122.114.109.220 port 34131 2020-07-13T07:08:29.279895galaxy.wi.uni-potsdam.de sshd[9059]: Failed password ...	2020-07-13 14:39:46
122.114.109.220	attackbots	Invalid user yuyue from 122.114.109.220 port 59454	2020-07-01 01:51:18
122.114.109.220	attackbots	Port Scan	2020-06-23 14:18:06
122.114.109.220	attackbots	Jun 12 02:33:34 ns382633 sshd\[21867\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.109.220 user=root Jun 12 02:33:35 ns382633 sshd\[21867\]: Failed password for root from 122.114.109.220 port 34895 ssh2 Jun 12 02:39:06 ns382633 sshd\[22786\]: Invalid user samia from 122.114.109.220 port 28178 Jun 12 02:39:06 ns382633 sshd\[22786\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.114.109.220 Jun 12 02:39:08 ns382633 sshd\[22786\]: Failed password for invalid user samia from 122.114.109.220 port 28178 ssh2	2020-06-12 08:53:57
122.114.109.112	attackbots	port scan and connect, tcp 80 (http)	2020-02-22 08:26:18
122.114.102.3	attackspambots	$f2bV_matches	2020-02-08 10:37:54
122.114.105.51	attack	Unauthorized connection attempt detected from IP address 122.114.105.51 to port 80 [T]	2020-01-30 07:33:26
122.114.105.51	attackbotsspam	Unauthorized connection attempt detected from IP address 122.114.105.51 to port 80 [J]	2020-01-28 16:55:19
122.114.107.161	attack	Unauthorized connection attempt detected from IP address 122.114.107.161 to port 2220 [J]	2020-01-25 02:41:35

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 122.114.10.7
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 16255
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;122.114.10.7.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071501 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Jul 16 10:51:20 CST 2019
;; MSG SIZE  rcvd: 116

Host info

7.10.114.122.in-addr.arpa has no PTR record

Nslookup info:

Server:		67.207.67.3
Address:	67.207.67.3#53

** server can't find 7.10.114.122.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
170.178.163.248	attack	Aug 7 21:34:31 hidden postfix/postscreen[24986]: DNSBL rank 4 for [170.178.163.248]:59666	2020-08-23 06:02:48
162.243.128.43	attack	trying to access non-authorized port	2020-08-23 06:09:44
116.5.169.81	attack	Aug 6 15:43:45 hidden postfix/postscreen[13039]: DNSBL rank 6 for [116.5.169.81]:60997	2020-08-23 06:28:13
162.142.125.39	attackspam	Aug 22 23:32:47 baraca inetd[9881]: refused connection from scanner-05.ch1.censys-scanner.com, service sshd (tcp) Aug 22 23:32:48 baraca inetd[9882]: refused connection from scanner-05.ch1.censys-scanner.com, service sshd (tcp) Aug 22 23:32:49 baraca inetd[9883]: refused connection from scanner-05.ch1.censys-scanner.com, service sshd (tcp) ...	2020-08-23 06:04:39
95.239.120.224	attackbotsspam	[DoS attack: Echo char gen] from source: 94.228.211.22, port 51770, Sat, Aug 22, 2020 16:01:06	2020-08-23 06:09:05
222.186.15.115	attack	Aug 22 17:24:36 vm0 sshd[24212]: Failed password for root from 222.186.15.115 port 15364 ssh2 Aug 23 00:06:16 vm0 sshd[1126]: Failed password for root from 222.186.15.115 port 26604 ssh2 ...	2020-08-23 06:06:48
165.232.74.253	attackspambots	Aug 19 18:51:39 hidden postfix/postscreen[9803]: DNSBL rank 4 for [165.232.74.253]:42100	2020-08-23 06:07:12
156.96.156.38	attackbots	Aug 14 23:29:06 hidden postfix/postscreen[15272]: DNSBL rank 3 for [156.96.156.38]:63883	2020-08-23 06:19:06
183.61.109.23	attack	Invalid user earl from 183.61.109.23 port 41236	2020-08-23 06:18:41
103.144.21.189	attackspam	Aug 22 18:25:04 NPSTNNYC01T sshd[24538]: Failed password for root from 103.144.21.189 port 48168 ssh2 Aug 22 18:32:46 NPSTNNYC01T sshd[25615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.144.21.189 Aug 22 18:32:48 NPSTNNYC01T sshd[25615]: Failed password for invalid user hg from 103.144.21.189 port 52536 ssh2 ...	2020-08-23 06:32:58
181.174.122.144	attackspambots	Automatic report - Banned IP Access	2020-08-23 06:29:06
162.142.125.41	attackbots	Aug 22 23:32:47 baraca inetd[9881]: refused connection from scanner-05.ch1.censys-scanner.com, service sshd (tcp) Aug 22 23:32:48 baraca inetd[9882]: refused connection from scanner-05.ch1.censys-scanner.com, service sshd (tcp) Aug 22 23:32:49 baraca inetd[9883]: refused connection from scanner-05.ch1.censys-scanner.com, service sshd (tcp) ...	2020-08-23 06:10:08
178.22.123.241	attackbots	Invalid user rtest from 178.22.123.241 port 36414	2020-08-23 06:31:30
112.64.33.38	attackspambots	Aug 22 22:11:33 django-0 sshd[26846]: Invalid user pc from 112.64.33.38 ...	2020-08-23 06:32:15
138.68.233.112	attack	138.68.233.112 - - [22/Aug/2020:21:36:50 +0100] "POST /wp-login.php HTTP/1.1" 200 2046 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.233.112 - - [22/Aug/2020:21:36:55 +0100] "POST /wp-login.php HTTP/1.1" 200 2020 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.233.112 - - [22/Aug/2020:21:36:58 +0100] "POST /wp-login.php HTTP/1.1" 200 2019 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-23 06:14:45

Recently Reported IPs

1.40.213.89	185.153.198.204	106.52.198.75	66.64.43.162
196.223.63.21	89.98.137.79	121.232.17.60	61.24.40.251
79.248.199.254	51.145.51.215	91.213.240.200	195.74.250.237
118.255.234.150	202.162.198.93	49.67.83.231	61.230.116.128
173.165.143.157	5.133.140.221	177.72.134.248	54.37.136.213