After a bit of research, I could find that it's all stored in --
in format --
cpuser => users which show the IP under cPanel > Remote Database Access Hosts
- GRANT USAGE ON *.* TO 'cpuser'@'184.108.40.206' IDENTIFIED BY PASSWORD '*XXXXXXXXXXXXXXXXXXXX'
- GRANT USAGE ON *.* TO 'cpuser'@'localhost' IDENTIFIED BY PASSWORD '*XXXXXXXXXXXXXXXXXXXX'
220.127.116.11 => The IP which we applied to all and couldn't be removed.
It would be best if someone from cPanel can have a word on 'How Safe is to remove that line?'.