221.11.20.169 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: China Unicom Shannxi Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	The IP has triggered Cloudflare WAF. CF-Ray: 54311cdf6c3e9947 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: ip.skk.moe \| User-Agent: Mozilla/5.064213590 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 05:28:58

Type

Details

Datetime

attackbots

The IP has triggered Cloudflare WAF. CF-Ray: 54311cdf6c3e9947 | WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 | WAF_Kind: firewall | CF_Action: drop | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: ip.skk.moe | User-Agent: Mozilla/5.064213590 Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-12 05:28:58

Comments on same subnet:

IP	Type	Details	Datetime
221.11.20.174	attack	China's GFW probe	2020-05-15 17:34:03
221.11.20.172	attack	Unauthorized connection attempt detected from IP address 221.11.20.172 to port 8899 [T]	2020-01-10 09:33:59
221.11.20.174	attack	Unauthorized connection attempt detected from IP address 221.11.20.174 to port 9090	2020-01-04 07:52:23
221.11.20.171	attack	Fail2Ban Ban Triggered	2019-12-29 14:01:13
221.11.20.166	attackspam	Fail2Ban Ban Triggered	2019-09-05 23:12:46

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 221.11.20.169
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4442
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;221.11.20.169.			IN	A

;; AUTHORITY SECTION:
.			369	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121101 1800 900 604800 86400

;; Query time: 49 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Dec 12 05:28:52 CST 2019
;; MSG SIZE  rcvd: 117

Host info

Host 169.20.11.221.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		100.100.2.136
Address:	100.100.2.136#53

** server can't find 169.20.11.221.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
129.204.47.217	attack	Sep 1 19:32:11 legacy sshd[18255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.47.217 Sep 1 19:32:13 legacy sshd[18255]: Failed password for invalid user search from 129.204.47.217 port 50949 ssh2 Sep 1 19:37:52 legacy sshd[18395]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.204.47.217 ...	2019-09-02 01:40:18
141.98.9.130	attackspambots	Sep 1 19:21:32 webserver postfix/smtpd\[8833\]: warning: unknown\[141.98.9.130\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 1 19:22:18 webserver postfix/smtpd\[8833\]: warning: unknown\[141.98.9.130\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 1 19:23:03 webserver postfix/smtpd\[8893\]: warning: unknown\[141.98.9.130\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 1 19:23:49 webserver postfix/smtpd\[8893\]: warning: unknown\[141.98.9.130\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Sep 1 19:24:36 webserver postfix/smtpd\[8833\]: warning: unknown\[141.98.9.130\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-09-02 01:26:47
178.128.14.26	attackspambots	Sep 1 06:57:42 wbs sshd\[28407\]: Invalid user ftpadmin2 from 178.128.14.26 Sep 1 06:57:42 wbs sshd\[28407\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.14.26 Sep 1 06:57:44 wbs sshd\[28407\]: Failed password for invalid user ftpadmin2 from 178.128.14.26 port 41166 ssh2 Sep 1 07:01:56 wbs sshd\[28794\]: Invalid user erp from 178.128.14.26 Sep 1 07:01:56 wbs sshd\[28794\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.128.14.26	2019-09-02 01:06:06
194.88.204.163	attackspam	Sep 1 19:05:40 legacy sshd[17469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.88.204.163 Sep 1 19:05:42 legacy sshd[17469]: Failed password for invalid user pan from 194.88.204.163 port 56870 ssh2 Sep 1 19:11:11 legacy sshd[17622]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.88.204.163 ...	2019-09-02 01:23:20
193.223.104.128	attackspambots	Fail2Ban Ban Triggered SMTP Abuse Attempt	2019-09-02 00:35:08
159.65.4.86	attackbots	Sep 1 18:27:37 ncomp sshd[31874]: Invalid user net from 159.65.4.86 Sep 1 18:27:37 ncomp sshd[31874]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.4.86 Sep 1 18:27:37 ncomp sshd[31874]: Invalid user net from 159.65.4.86 Sep 1 18:27:39 ncomp sshd[31874]: Failed password for invalid user net from 159.65.4.86 port 44860 ssh2	2019-09-02 01:06:35
186.206.136.203	attackbotsspam	Sep 1 07:32:18 php2 sshd\[11012\]: Invalid user timothy from 186.206.136.203 Sep 1 07:32:18 php2 sshd\[11012\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.206.136.203 Sep 1 07:32:20 php2 sshd\[11012\]: Failed password for invalid user timothy from 186.206.136.203 port 44026 ssh2 Sep 1 07:37:49 php2 sshd\[11559\]: Invalid user gigi from 186.206.136.203 Sep 1 07:37:49 php2 sshd\[11559\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.206.136.203	2019-09-02 01:45:52
157.230.235.233	attackspambots	Sep 1 07:29:24 web9 sshd\[31882\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.235.233 user=root Sep 1 07:29:26 web9 sshd\[31882\]: Failed password for root from 157.230.235.233 port 40152 ssh2 Sep 1 07:33:37 web9 sshd\[342\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.235.233 user=root Sep 1 07:33:39 web9 sshd\[342\]: Failed password for root from 157.230.235.233 port 56618 ssh2 Sep 1 07:37:49 web9 sshd\[1201\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.235.233 user=root	2019-09-02 01:46:25
128.199.69.86	attackbots	[AUTOMATIC REPORT] - 22 tries in total - SSH BRUTE FORCE - IP banned	2019-09-02 01:22:36
212.87.9.141	attackbots	Sep 1 07:33:34 hiderm sshd\[4303\]: Invalid user yx from 212.87.9.141 Sep 1 07:33:34 hiderm sshd\[4303\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.87.9.141 Sep 1 07:33:36 hiderm sshd\[4303\]: Failed password for invalid user yx from 212.87.9.141 port 20734 ssh2 Sep 1 07:37:48 hiderm sshd\[4644\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.87.9.141 user=root Sep 1 07:37:51 hiderm sshd\[4644\]: Failed password for root from 212.87.9.141 port 65486 ssh2	2019-09-02 01:44:34
43.248.187.66	attackspambots	Sep 1 11:40:28 lnxweb61 sshd[15731]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=43.248.187.66	2019-09-02 00:59:08
221.150.17.93	attackspambots	$f2bV_matches_ltvn	2019-09-02 01:18:56
185.128.143.162	attackspambots	router hack attempt	2019-09-02 01:33:59
34.73.55.203	attackspambots	Aug 28 17:17:55 itv-usvr-01 sshd[12369]: Invalid user houx from 34.73.55.203 Aug 28 17:17:55 itv-usvr-01 sshd[12369]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=34.73.55.203 Aug 28 17:17:55 itv-usvr-01 sshd[12369]: Invalid user houx from 34.73.55.203 Aug 28 17:17:57 itv-usvr-01 sshd[12369]: Failed password for invalid user houx from 34.73.55.203 port 43318 ssh2 Aug 28 17:26:13 itv-usvr-01 sshd[12710]: Invalid user send from 34.73.55.203	2019-09-02 01:01:57
165.227.157.168	attackbots	Sep 1 18:23:29 SilenceServices sshd[17313]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.157.168 Sep 1 18:23:31 SilenceServices sshd[17313]: Failed password for invalid user 15 from 165.227.157.168 port 53974 ssh2 Sep 1 18:27:25 SilenceServices sshd[18886]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.157.168	2019-09-02 00:45:10

Recently Reported IPs

123.145.11.238	121.57.229.160	121.57.227.123	38.36.200.146
117.148.69.218	116.252.2.203	116.252.0.66	116.252.0.24
113.128.105.15	112.193.170.4	7.17.79.78	112.21.182.65
112.9.16.135	43.223.167.12	111.206.221.81	111.206.221.72
27.114.228.210	110.80.155.6	106.45.1.223	106.45.1.48