222.94.195.133

Basic Info

City: Nanjing

Region: Jiangsu

Country: China

Internet Service Provider: ChinaNet Jiangsu Province Network

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	The IP has triggered Cloudflare WAF. CF-Ray: 54141fa06c149935 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: ip.skk.moe \| User-Agent: Mozilla/5.062334851 Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 04:03:16

Type

Details

Datetime

attack

The IP has triggered Cloudflare WAF. CF-Ray: 54141fa06c149935 | WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 | WAF_Kind: firewall | CF_Action: challenge | Country: CN | CF_IPClass: noRecord | Protocol: HTTP/1.1 | Method: GET | Host: ip.skk.moe | User-Agent: Mozilla/5.062334851 Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36 | CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).

2019-12-08 04:03:16

Comments on same subnet:

IP	Type	Details	Datetime
222.94.195.11	attackbotsspam	Unauthorized connection attempt detected from IP address 222.94.195.11 to port 1521	2020-03-29 13:20:54
222.94.195.252	attackspam	Unauthorized connection attempt detected from IP address 222.94.195.252 to port 8123 [J]	2020-03-02 15:54:15
222.94.195.121	attack	Unauthorized connection attempt detected from IP address 222.94.195.121 to port 350	2019-12-31 22:37:45
222.94.195.204	attackbotsspam	Unauthorized connection attempt detected from IP address 222.94.195.204 to port 2086	2019-12-31 08:41:18
222.94.195.65	attackspambots	Unauthorized connection attempt detected from IP address 222.94.195.65 to port 3128	2019-12-31 06:16:15
222.94.195.140	attackspam	The IP has triggered Cloudflare WAF. CF-Ray: 543549219872e7c5 \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/4.038533357 Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1) QQBrowser/6.0 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 06:38:14
222.94.195.204	attackspam	The IP has triggered Cloudflare WAF. CF-Ray: 5434844dbcbde4ea \| WAF_Rule_ID: 53b8357af6d244d3a132bcf913c3a388 \| WAF_Kind: firewall \| CF_Action: drop \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: ip.skk.moe \| User-Agent: Mozilla/4.054101423 Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-12 02:53:05
222.94.195.143	attackbotsspam	The IP has triggered Cloudflare WAF. CF-Ray: 541182874b89e4e2 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: theme-suka.skk.moe \| User-Agent: Mozilla/5.084743666 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/17.17134 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 06:46:55
222.94.195.19	attack	The IP has triggered Cloudflare WAF. CF-Ray: 540f4ceacd12e7d5 \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: ip.skk.moe \| User-Agent: Mozilla/5.0184010163 Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 05:28:09
222.94.195.150	attack	The IP has triggered Cloudflare WAF. CF-Ray: 54170776a830995f \| WAF_Rule_ID: 3b40188685924a32bf11d40edea05a27 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: api.skk.moe \| User-Agent: Mozilla/5.066704189 Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 03:42:35
222.94.195.60	attackspam	The IP has triggered Cloudflare WAF. CF-Ray: 5411d0b99f56e50e \| WAF_Rule_ID: 1112825 \| WAF_Kind: firewall \| CF_Action: challenge \| Country: CN \| CF_IPClass: noRecord \| Protocol: HTTP/1.1 \| Method: GET \| Host: disqus.skk.moe \| User-Agent: Mozilla/5.0 (Linux; Android 6.0; Nexus 5 Build/MRA58N) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Mobile Safari/537.36 \| CF_DC: LAX. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2019-12-08 02:56:23
222.94.195.139	attackspambots	[Tue Jun 25 14:05:05.216364 2019] [:error] [pid 9017:tid 139855241746176] [client 222.94.195.139:64934] [client 222.94.195.139] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/crs/owasp-modsecurity-crs-3.1.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "792"] [id "920350"] [msg "Host header is a numeric IP address"] [data "123.125.114.144"] [severity "WARNING"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "123.125.114.144"] [uri "/"] [unique_id "XRHHoZOPLvQnIgpRZDkRRAAAAAM"] ...	2019-06-25 15:40:01

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 222.94.195.133
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17681
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;222.94.195.133.			IN	A

;; AUTHORITY SECTION:
.			289	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019120701 1800 900 604800 86400

;; Query time: 43 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Dec 08 04:03:13 CST 2019
;; MSG SIZE  rcvd: 118

Host info

Host 133.195.94.222.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 133.195.94.222.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
54.38.53.251	attackspam	Dec 24 12:41:16 v22018086721571380 sshd[21232]: Failed password for invalid user zimbra from 54.38.53.251 port 59346 ssh2 Dec 24 12:43:29 v22018086721571380 sshd[21352]: Failed password for invalid user deangela from 54.38.53.251 port 51826 ssh2	2019-12-24 21:20:26
140.143.93.31	attackspam	Dec 24 14:17:24 vpn01 sshd[798]: Failed password for news from 140.143.93.31 port 43948 ssh2 ...	2019-12-24 21:43:05
139.199.113.140	attack	Invalid user asterisk from 139.199.113.140 port 59708	2019-12-24 21:37:54
176.31.250.160	attackbotsspam	Dec 24 08:12:49 legacy sshd[26139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.250.160 Dec 24 08:12:52 legacy sshd[26139]: Failed password for invalid user lisa000 from 176.31.250.160 port 60232 ssh2 Dec 24 08:13:53 legacy sshd[26183]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.31.250.160 ...	2019-12-24 21:52:44
113.108.130.157	attackspam	Scanning random ports - tries to find possible vulnerable services	2019-12-24 21:48:02
106.255.84.110	attackbots	Dec 24 14:30:09 localhost sshd\[17487\]: Invalid user gerner from 106.255.84.110 port 36788 Dec 24 14:30:09 localhost sshd\[17487\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.255.84.110 Dec 24 14:30:11 localhost sshd\[17487\]: Failed password for invalid user gerner from 106.255.84.110 port 36788 ssh2	2019-12-24 21:51:26
106.54.48.14	attackbotsspam	SSH/22 MH Probe, BF, Hack -	2019-12-24 21:36:56
193.226.218.75	attackbotsspam	firewall-block, port(s): 2222/tcp	2019-12-24 22:02:34
106.0.6.33	attackbots	Unauthorized connection attempt detected from IP address 106.0.6.33 to port 445	2019-12-24 22:03:49
196.52.43.84	attack	ICMP MH Probe, Scan /Distributed -	2019-12-24 21:21:29
104.248.121.67	attackspambots	Invalid user splieth from 104.248.121.67 port 38244	2019-12-24 21:50:28
106.13.71.90	attack	SSH/22 MH Probe, BF, Hack -	2019-12-24 21:19:12
213.32.91.37	attackspam	Dec 24 14:42:52 localhost sshd\[18813\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.32.91.37 user=daemon Dec 24 14:42:54 localhost sshd\[18813\]: Failed password for daemon from 213.32.91.37 port 56976 ssh2 Dec 24 14:45:25 localhost sshd\[19194\]: Invalid user thanhhoa from 213.32.91.37 port 54424 Dec 24 14:45:25 localhost sshd\[19194\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.32.91.37	2019-12-24 21:51:14
193.34.161.137	attackspambots	SPAM Delivery Attempt	2019-12-24 21:32:40
180.254.2.198	attack	1577171652 - 12/24/2019 08:14:12 Host: 180.254.2.198/180.254.2.198 Port: 445 TCP Blocked	2019-12-24 21:38:46

Recently Reported IPs

27.37.218.223	173.94.217.127	221.11.60.158	129.211.107.218
157.25.107.155	220.181.124.166	63.168.85.242	212.246.245.92
167.217.58.234	220.181.108.170	219.140.119.250	187.250.71.191
81.105.15.49	1.52.170.192	34.103.35.127	165.0.39.91
183.185.109.233	1.52.170.175	60.171.199.42	180.95.238.7