JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 112.213.98.94

112.213.98.94 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 90%: ?

90%

ISP	MEGA-II IDC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS152194
Domain Name	worldmailhk.com
Country	🇭🇰 Hong Kong
City	Hong Kong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 112.213.98.94

Whois 112.213.98.94

IP Abuse Reports for 112.213.98.94:

This IP address has been reported a total of 34 times from 30 distinct sources. 112.213.98.94 was first reported on May 27th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 security.rdmc.fr	2026-06-07 04:49:20 (2 weeks ago)	Port Scan Attack proto:TCP src:58722 dst:23	Port Scan
🇺🇸 bigscoots.com	2026-06-06 23:35:06 (2 weeks ago)	112.213.98.94 (HK/Hong Kong/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; ... show more 112.213.98.94 (HK/Hong Kong/-), 6 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: Jun 6 18:34:46 15216 sshd[3547]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.213.98.94 user=root Jun 6 18:23:47 15216 sshd[1577]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.124.242.66 user=root Jun 6 18:23:49 15216 sshd[1577]: Failed password for root from 138.124.242.66 port 43232 ssh2 Jun 6 18:23:51 15216 sshd[1577]: Failed password for root from 138.124.242.66 port 43232 ssh2 Jun 6 18:23:53 15216 sshd[1577]: Failed password for root from 138.124.242.66 port 43232 ssh2 Jun 6 18:23:55 15216 sshd[1577]: Failed password for root from 138.124.242.66 port 43232 ssh2 IP Addresses Blocked: show less	Brute-Force SSH
🇳🇱 Alboweb B.V.	2026-06-06 23:11:16 (2 weeks ago)	SSH abuse or brute-force attack detected by Fail2Ban in ssh jail	Brute-Force SSH
🇨🇳 pengpeng	2026-06-06 18:04:59 (2 weeks ago)	monitor: on VM-0-7-ubuntu \| port: 22 \| ttl: 250 script: github.com/sefinek/UFW-AbuseIPDB-Reporter	Port Scan SSH
🇬🇧 PeravixGroup	2026-06-06 11:10:33 (2 weeks ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: ME ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: MEDIUM. Aaran.cloud show less	IoT Targeted Brute-Force
🇺🇸 NXTwoThou	2026-06-06 07:28:01 (2 weeks ago)	/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh	Web App Attack
🇩🇪 BH9	2026-06-06 04:45:36 (2 weeks ago)	SSH brute-force detected by fail2ban on Phoenix SPRD server. Failures: 3	Brute-Force SSH
🇨🇦 Tect.host	2026-06-06 03:24:09 (2 weeks ago)	Brute-force SSH server detected by Fail2ban	Brute-Force SSH
🇬🇧 PeravixGroup	2026-06-05 23:37:12 (2 weeks ago)	Honeypot detection: SSH brute-force authentication attempt on port 22. Severity: MEDIUM. Aaran.cloud	SSH Brute-Force
🇩🇪 ipcop.net	2026-06-05 19:06:36 (2 weeks ago)	2026-06-05T21:04:47.403398+02:00 router01.dui.de.mersrv.de sshd[3702855]: Connection closed by authe ... show more 2026-06-05T21:04:47.403398+02:00 router01.dui.de.mersrv.de sshd[3702855]: Connection closed by authenticating user admin 112.213.98.94 port 34766 [preauth] 2026-06-05T21:05:22.057544+02:00 router01.dui.de.mersrv.de sshd[3703076]: Invalid user orangepi from 112.213.98.94 port 54252 2026-06-05T21:05:23.059668+02:00 router01.dui.de.mersrv.de sshd[3703076]: Connection closed by invalid user orangepi 112.213.98.94 port 54252 [preauth] 2026-06-05T21:05:59.112206+02:00 router01.dui.de.mersrv.de sshd[3703171]: Connection closed by authenticating user root 112.213.98.94 port 45780 [preauth] 2026-06-05T21:06:35.431497+02:00 router01.dui.de.mersrv.de sshd[3703356]: Connection closed by authenticating user root 112.213.98.94 port 36946 [preauth] show less	Brute-Force
Anonymous	2026-06-04 21:24:29 (2 weeks ago)	2026-06-04T23:23:44.397903+02:00 mail sshd[2180925]: Invalid user orangepi from 112.213.98.94 port 4 ... show more 2026-06-04T23:23:44.397903+02:00 mail sshd[2180925]: Invalid user orangepi from 112.213.98.94 port 42040 2026-06-04T23:23:44.402138+02:00 mail sshd[2180925]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.213.98.94 2026-06-04T23:23:46.288740+02:00 mail sshd[2180925]: Failed password for invalid user orangepi from 112.213.98.94 port 42040 ssh2 2026-06-04T23:24:25.118623+02:00 mail sshd[2180970]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.213.98.94 user=root 2026-06-04T23:24:27.300575+02:00 mail sshd[2180970]: Failed password for root from 112.213.98.94 port 35316 ssh2 ... show less	Brute-Force SSH
🇹🇷 Threat.live	2026-06-04 18:35:04 (2 weeks ago)	Suspicious Connection Attempts	Brute-Force
🇬🇧 Portuseco Biling	2026-06-02 14:54:23 (3 weeks ago)	--hosteroid-F2B blocked SSH BF--	Brute-Force SSH
🇷🇸 Scan	2026-06-02 02:19:33 (3 weeks ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇪🇸 yvoictra	2026-06-01 20:45:31 (3 weeks ago)	112.213.98.94 - - [01/Jun/2026:22:45:28 +0200] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+au ... show more 112.213.98.94 - - [01/Jun/2026:22:45:28 +0200] "POST /hello.world?%ADd+allow_url_include%3d1+%ADd+auto_prepend_file%3dphp://input HTTP/1.1" 404 162 "-" "libredtail-http" 112.213.98.94 - - [01/Jun/2026:22:45:29 +0200] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "libredtail-http" 112.213.98.94 - - [01/Jun/2026:22:45:29 +0200] "GET /vendor/phpunit/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "libredtail-http" 112.213.98.94 - - [01/Jun/2026:22:45:30 +0200] "GET /vendor/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "libredtail-http" 112.213.98.94 - - [01/Jun/2026:22:45:31 +0200] "GET /vendor/phpunit/Util/PHP/eval-stdin.php HTTP/1.1" 404 162 "-" "libredtail-http" ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇦 195.177.238.70

🇨🇴 190.90.79.29

🇹🇷 217.131.66.114

🇺🇸 172.253.244.144

🇧🇷 170.238.51.111

🇺🇸 74.125.181.149

🇧🇷 45.205.1.244

🇵🇰 38.100.221.100

🇧🇾 37.212.25.79

🇳🇱 213.152.161.54

🇵🇰 203.128.10.138

🇮🇩 103.18.34.158

🇿🇦 102.214.117.139

🇺🇸 66.132.186.164

🇺🇸 65.49.1.142

🇺🇸 54.163.222.170

🇸🇦 51.223.10.219

🇷🇴 2.57.121.25

🇺🇸 216.218.206.75

🇨🇳 183.223.156.154