114.91.68.29 - IPInfo

Basic Info

City: Shanghai

Region: Shanghai

Country: China

Internet Service Provider: ChinaNet Shanghai Province Network

Hostname: unknown

Organization: China Telecom (Group)

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	"Fail2Ban detected SSH brute force attempt"	2019-08-25 08:36:55
attackbotsspam	Aug 15 23:11:55 GIZ-Server-02 sshd[13238]: Invalid user developer from 114.91.68.29 Aug 15 23:11:55 GIZ-Server-02 sshd[13238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.91.68.29 Aug 15 23:11:56 GIZ-Server-02 sshd[13238]: Failed password for invalid user developer from 114.91.68.29 port 40096 ssh2 Aug 15 23:11:57 GIZ-Server-02 sshd[13238]: Received disconnect from 114.91.68.29: 11: Bye Bye [preauth] Aug 15 23:20:17 GIZ-Server-02 sshd[18230]: User r.r from 114.91.68.29 not allowed because not listed in AllowUsers Aug 15 23:20:17 GIZ-Server-02 sshd[18230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.91.68.29 user=r.r Aug 15 23:20:19 GIZ-Server-02 sshd[18230]: Failed password for invalid user r.r from 114.91.68.29 port 35668 ssh2 Aug 15 23:20:20 GIZ-Server-02 sshd[18230]: Received disconnect from 114.91.68.29: 11: Bye Bye [preauth] Aug 15 23:28:30 GIZ-Server-02 sshd[22021]: I........ -------------------------------	2019-08-17 01:12:40

Type

Details

Datetime

attackbots

"Fail2Ban detected SSH brute force attempt"

2019-08-25 08:36:55

attackbotsspam

Aug 15 23:11:55 GIZ-Server-02 sshd[13238]: Invalid user developer from 114.91.68.29
Aug 15 23:11:55 GIZ-Server-02 sshd[13238]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.91.68.29 
Aug 15 23:11:56 GIZ-Server-02 sshd[13238]: Failed password for invalid user developer from 114.91.68.29 port 40096 ssh2
Aug 15 23:11:57 GIZ-Server-02 sshd[13238]: Received disconnect from 114.91.68.29: 11: Bye Bye [preauth]
Aug 15 23:20:17 GIZ-Server-02 sshd[18230]: User r.r from 114.91.68.29 not allowed because not listed in AllowUsers
Aug 15 23:20:17 GIZ-Server-02 sshd[18230]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.91.68.29  user=r.r
Aug 15 23:20:19 GIZ-Server-02 sshd[18230]: Failed password for invalid user r.r from 114.91.68.29 port 35668 ssh2
Aug 15 23:20:20 GIZ-Server-02 sshd[18230]: Received disconnect from 114.91.68.29: 11: Bye Bye [preauth]
Aug 15 23:28:30 GIZ-Server-02 sshd[22021]: I........
-------------------------------

2019-08-17 01:12:40

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 114.91.68.29
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33313
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;114.91.68.29.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019081600 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Aug 17 01:12:27 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 29.68.91.114.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 29.68.91.114.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
123.24.205.48	attackspam	SMTP-sasl brute force ...	2019-11-18 15:43:34
102.23.234.228	attackspambots	Automatic report - Port Scan Attack	2019-11-18 16:04:58
121.142.165.111	attack	SSH Bruteforce	2019-11-18 15:30:34
108.179.219.114	attackspam	WordPress login Brute force / Web App Attack on client site.	2019-11-18 15:46:15
111.224.150.98	attackbotsspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/111.224.150.98/ CN - 1H : (821) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : CN NAME ASN : ASN4134 IP : 111.224.150.98 CIDR : 111.224.0.0/14 PREFIX COUNT : 5430 UNIQUE IP COUNT : 106919680 ATTACKS DETECTED ASN4134 : 1H - 9 3H - 40 6H - 88 12H - 164 24H - 359 DateTime : 2019-11-18 07:29:59 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-18 15:52:51
112.220.151.204	attackspambots	Autoban 112.220.151.204 AUTH/CONNECT	2019-11-18 15:55:43
37.49.231.123	attackbotsspam	Attempted to connect 3 times to port 7070 TCP	2019-11-18 15:49:48
112.216.51.122	attack	Nov 18 08:32:25 MK-Soft-VM4 sshd[30029]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.216.51.122 Nov 18 08:32:27 MK-Soft-VM4 sshd[30029]: Failed password for invalid user prince from 112.216.51.122 port 54285 ssh2 ...	2019-11-18 15:45:17
74.82.47.34	attackspambots	firewall-block, port(s): 7547/tcp	2019-11-18 15:53:39
81.28.100.101	attack	Nov 18 07:30:46 exim[7206]: 2019-11-18 07:30:46 1iWaYe-0001sE-R5 H=rein.shrewdmhealth.com (rein.varzide.co) [81.28.100.101] F= rejected after DATA: This message scored 101.1 spam points.	2019-11-18 15:38:19
36.90.171.97	attack	Automatic report - Port Scan Attack	2019-11-18 16:07:49
221.194.106.171	attack	Probing for vulnerable services	2019-11-18 15:39:49
112.133.246.80	attackspambots	Autoban 112.133.246.80 AUTH/CONNECT	2019-11-18 16:02:28
167.114.118.135	attackspam	Automatic report - XMLRPC Attack	2019-11-18 15:29:55
45.116.114.51	attackbotsspam	SpamReport	2019-11-18 15:49:24

Recently Reported IPs

147.75.105.125	125.132.114.249	104.209.237.99	187.8.243.200
119.61.26.165	100.64.254.1	182.141.194.237	80.121.135.98
173.245.239.178	187.85.196.226	112.23.118.222	16.163.6.207
143.159.1.66	27.78.223.148	46.149.48.45	84.167.204.119
94.133.233.201	110.19.226.84	14.4.110.247	194.230.158.216