City: Chongqing
Region: Chongqìng
Country: China
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
| IP | Type | Details | Datetime |
|---|---|---|---|
| 129.28.14.23 | attack | Automatic report - Banned IP Access |
2020-10-10 06:15:09 |
| 129.28.14.23 | attackbotsspam | Automatic report - Banned IP Access |
2020-10-09 22:24:27 |
| 129.28.14.23 | attackspambots | Oct 9 03:33:24 amit sshd\[6215\]: Invalid user ubnt from 129.28.14.23 Oct 9 03:33:24 amit sshd\[6215\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.14.23 Oct 9 03:33:26 amit sshd\[6215\]: Failed password for invalid user ubnt from 129.28.14.23 port 36446 ssh2 ... |
2020-10-09 14:14:20 |
| 129.28.142.81 | attackbotsspam | Aug 31 16:33:21 pkdns2 sshd\[39915\]: Invalid user start123 from 129.28.142.81Aug 31 16:33:24 pkdns2 sshd\[39915\]: Failed password for invalid user start123 from 129.28.142.81 port 44946 ssh2Aug 31 16:37:05 pkdns2 sshd\[40071\]: Invalid user spl123 from 129.28.142.81Aug 31 16:37:07 pkdns2 sshd\[40071\]: Failed password for invalid user spl123 from 129.28.142.81 port 40944 ssh2Aug 31 16:40:47 pkdns2 sshd\[40254\]: Invalid user mythtv from 129.28.142.81Aug 31 16:40:50 pkdns2 sshd\[40254\]: Failed password for invalid user mythtv from 129.28.142.81 port 36948 ssh2 ... |
2020-09-01 04:22:01 |
| 129.28.146.179 | attackbotsspam | Aug 18 03:03:41 george sshd[7615]: Invalid user suporte from 129.28.146.179 port 54794 Aug 18 03:03:41 george sshd[7615]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.146.179 Aug 18 03:03:43 george sshd[7615]: Failed password for invalid user suporte from 129.28.146.179 port 54794 ssh2 Aug 18 03:06:02 george sshd[7644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.146.179 user=root Aug 18 03:06:04 george sshd[7644]: Failed password for root from 129.28.146.179 port 48556 ssh2 ... |
2020-08-18 15:10:35 |
| 129.28.146.179 | attackbots | Aug 17 16:06:45 sso sshd[7911]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.146.179 Aug 17 16:06:47 sso sshd[7911]: Failed password for invalid user hadoop from 129.28.146.179 port 48256 ssh2 ... |
2020-08-17 23:58:04 |
| 129.28.141.140 | attackbotsspam | 10 attempts against mh-pma-try-ban on shine |
2020-08-10 02:29:39 |
| 129.28.149.210 | attack | Lines containing failures of 129.28.149.210 Aug 2 15:10:19 penfold sshd[21760]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.149.210 user=r.r Aug 2 15:10:21 penfold sshd[21760]: Failed password for r.r from 129.28.149.210 port 50148 ssh2 Aug 2 15:10:21 penfold sshd[21760]: Received disconnect from 129.28.149.210 port 50148:11: Bye Bye [preauth] Aug 2 15:10:21 penfold sshd[21760]: Disconnected from authenticating user r.r 129.28.149.210 port 50148 [preauth] Aug 2 15:15:33 penfold sshd[22274]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.149.210 user=r.r Aug 2 15:15:36 penfold sshd[22274]: Failed password for r.r from 129.28.149.210 port 33004 ssh2 Aug 2 15:15:38 penfold sshd[22274]: Received disconnect from 129.28.149.210 port 33004:11: Bye Bye [preauth] Aug 2 15:15:38 penfold sshd[22274]: Disconnected from authenticating user r.r 129.28.149.210 port 33004 [preaut........ ------------------------------ |
2020-08-03 07:09:15 |
| 129.28.142.81 | attack | Aug 1 18:54:59 buvik sshd[9678]: Failed password for root from 129.28.142.81 port 45578 ssh2 Aug 1 18:57:25 buvik sshd[10057]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.142.81 user=root Aug 1 18:57:27 buvik sshd[10057]: Failed password for root from 129.28.142.81 port 33036 ssh2 ... |
2020-08-02 01:10:53 |
| 129.28.146.179 | attackbots | invalid user |
2020-07-26 12:12:19 |
| 129.28.141.140 | attackspam | 2020/06/18 13:06:05 [error] 842#842: *14189 open() "/usr/share/nginx/html/cgi-bin/php" failed (2: No such file or directory), client: 129.28.141.140, server: _, request: "POST /cgi-bin/php?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%64+%63%67%69%2E%66%6F%72%63%65%5F%72%65%64%69%72%65%63%74%3D%30+%2D%64+%63%67%69%2E%72%65%64%69%72%65%63%74%5F%73%74%61%74%75%73%5F%65%6E%76%3D%30+%2D%6E HTTP/1.1", host: "185.118.196.154" 2020/06/18 13:06:08 [error] 842#842: *14189 open() "/usr/share/nginx/html/cgi-bin/php5" failed (2: No such file or directory), client: 129.28.141.140, server: _, request: "POST /cgi-bin/php5?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6 |
2020-06-19 00:54:00 |
| 129.28.148.242 | attack | May 26 07:33:14 *** sshd[6709]: User root from 129.28.148.242 not allowed because not listed in AllowUsers |
2020-05-26 15:57:05 |
| 129.28.148.242 | attackbotsspam | $f2bV_matches | Triggered by Fail2Ban at Vostok web server |
2020-05-25 01:40:53 |
| 129.28.142.81 | attack | May 19 11:33:51 MainVPS sshd[16617]: Invalid user ofq from 129.28.142.81 port 33688 May 19 11:33:51 MainVPS sshd[16617]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.142.81 May 19 11:33:51 MainVPS sshd[16617]: Invalid user ofq from 129.28.142.81 port 33688 May 19 11:33:53 MainVPS sshd[16617]: Failed password for invalid user ofq from 129.28.142.81 port 33688 ssh2 May 19 11:36:51 MainVPS sshd[19412]: Invalid user ccb from 129.28.142.81 port 59010 ... |
2020-05-20 03:39:49 |
| 129.28.148.242 | attackbotsspam | May 15 21:29:14 server sshd[15079]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.148.242 May 15 21:29:16 server sshd[15079]: Failed password for invalid user postgres from 129.28.148.242 port 54622 ssh2 May 15 21:31:23 server sshd[15304]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.28.148.242 ... |
2020-05-16 04:35:40 |
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2025, American Registry for Internet Numbers, Ltd.
#
NetRange: 129.28.0.0 - 129.28.255.255
CIDR: 129.28.0.0/16
NetName: APNIC
NetHandle: NET-129-28-0-0-1
Parent: NET129 (NET-129-0-0-0-0)
NetType: Early Registrations, Transferred to APNIC
OriginAS:
Organization: Asia Pacific Network Information Centre (APNIC)
RegDate: 2017-08-29
Updated: 2017-08-29
Ref: https://rdap.arin.net/registry/ip/129.28.0.0
ResourceLink: https://apps.db.ripe.net/db-web-ui/query
ResourceLink: whois://whois.apnic.net
OrgName: Asia Pacific Network Information Centre
OrgId: APNIC
Address: PO Box 3646
City: South Brisbane
StateProv: QLD
PostalCode: 4101
Country: AU
RegDate:
Updated: 2012-01-24
Ref: https://rdap.arin.net/registry/entity/APNIC
ReferralServer: whois://whois.apnic.net
ResourceLink: https://apps.db.ripe.net/db-web-ui/query
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3188
OrgTechEmail: search-apnic-not-arin@apnic.net
OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
OrgAbuseHandle: AWC12-ARIN
OrgAbuseName: APNIC Whois Contact
OrgAbusePhone: +61 7 3858 3188
OrgAbuseEmail: search-apnic-not-arin@apnic.net
OrgAbuseRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2025, American Registry for Internet Numbers, Ltd.
#
Found a referral to whois.apnic.net.
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
% Information related to '129.28.0.0 - 129.28.255.255'
% Abuse contact for '129.28.0.0 - 129.28.255.255' is 'tencent_noc@tencent.com'
inetnum: 129.28.0.0 - 129.28.255.255
netname: TENCENT-CN
descr: Tencent Cloud Computing (Beijing) Co., Ltd
descr: Floor 6, Yinke Building, 38 Haidian St, Haidian District
country: CN
org: ORG-TCCC1-AP
admin-c: TCA15-AP
tech-c: TCA15-AP
abuse-c: AT992-AP
status: ALLOCATED PORTABLE
remarks: --------------------------------------------------------
remarks: To report network abuse, please contact mnt-irt
remarks: For troubleshooting, please contact tech-c and admin-c
remarks: Report invalid contact via www.apnic.net/invalidcontact
remarks: --------------------------------------------------------
mnt-by: APNIC-HM
mnt-lower: MAINT-TENCENT-CN
mnt-routes: MAINT-TENCENT-CN
mnt-irt: IRT-TENCENT-CN
last-modified: 2020-07-22T13:11:01Z
source: APNIC
irt: IRT-TENCENT-CN
address: Floor 6, Yinke Building, 38 Haidian St, Haidian District, Beijing Beijing 100080
e-mail: tencent_noc@tencent.com
abuse-mailbox: tencent_noc@tencent.com
admin-c: TCA15-AP
tech-c: TCA15-AP
auth: # Filtered
remarks: tencent_noc@tencent.com was validated on 2025-03-07
mnt-by: MAINT-COMSENZ1-CN
last-modified: 2025-09-04T07:03:34Z
source: APNIC
organisation: ORG-TCCC1-AP
org-name: Tencent Cloud Computing (Beijing) Co., Ltd
org-type: LIR
country: CN
address: 309 West Zone, 3F. 49 Zhichun Road. Haidian District.
phone: +86-10-62671299
fax-no: +86-10-82602088-41299
e-mail: tencent_idc@tencent.com
mnt-ref: APNIC-HM
mnt-by: APNIC-HM
last-modified: 2023-09-05T02:16:21Z
source: APNIC
role: ABUSE TENCENTCN
country: ZZ
address: Floor 6, Yinke Building, 38 Haidian St, Haidian District, Beijing Beijing 100080
phone: +000000000
e-mail: tencent_noc@tencent.com
admin-c: TCA15-AP
tech-c: TCA15-AP
nic-hdl: AT992-AP
remarks: Generated from irt object IRT-TENCENT-CN
remarks: tencent_noc@tencent.com was validated on 2025-03-07
abuse-mailbox: tencent_noc@tencent.com
mnt-by: APNIC-ABUSE
last-modified: 2025-03-07T07:43:37Z
source: APNIC
role: Tencent Cloud administrator
address: Floor 6, Yinke Building, 38 Haidian St, Haidian District, Beijing Beijing 100080
country: CN
phone: +86-10-62671299
e-mail: tencent_idc@tencent.com
admin-c: TCA15-AP
tech-c: TCA15-AP
nic-hdl: TCA15-AP
mnt-by: MAINT-AP-DIALPAD
fax-no: +86-10-62671299
last-modified: 2017-04-04T10:34:03Z
source: APNIC
% Information related to '129.28.0.0/16AS45090'
route: 129.28.0.0/16
origin: AS45090
descr: Tencent Cloud Computing (Beijing) Co., Ltd
309 West Zone, 3F. 49 Zhichun Road. Haidian District.
mnt-by: MAINT-TENCENT-CN
last-modified: 2018-01-17T08:22:13Z
source: APNIC
% This query was served by the APNIC Whois Service version 1.88.36-SNAPSHOT (WHOIS-AU5); <<>> DiG 9.10.3-P4-Ubuntu <<>> 129.28.14.231
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58679
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;129.28.14.231. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025091801 1800 900 604800 86400
;; Query time: 20 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Sep 19 14:30:23 CST 2025
;; MSG SIZE rcvd: 106Host 231.14.28.129.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 231.14.28.129.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 27.72.40.176 | attackspambots | @LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-03 12:34:29,876 INFO [amun_request_handler] PortScan Detected on Port: 445 (27.72.40.176) |
2019-07-04 04:54:07 |
| 191.54.149.155 | attack | @LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-03 12:35:39,934 INFO [amun_request_handler] PortScan Detected on Port: 445 (191.54.149.155) |
2019-07-04 04:41:24 |
| 142.93.18.15 | attack | Jul 3 06:14:32 cac1d2 sshd\[3209\]: Invalid user presta from 142.93.18.15 port 49582 Jul 3 06:14:32 cac1d2 sshd\[3209\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.18.15 Jul 3 06:14:34 cac1d2 sshd\[3209\]: Failed password for invalid user presta from 142.93.18.15 port 49582 ssh2 ... |
2019-07-04 04:38:58 |
| 27.56.88.127 | attack | @LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-03 12:36:23,693 INFO [amun_request_handler] PortScan Detected on Port: 445 (27.56.88.127) |
2019-07-04 04:37:56 |
| 36.230.87.131 | attackbotsspam | 37215/tcp 23/tcp [2019-06-30/07-03]2pkt |
2019-07-04 04:49:20 |
| 60.21.253.90 | attackbots | 6379/tcp 1433/tcp 6380/tcp... [2019-06-12/07-03]9pkt,4pt.(tcp) |
2019-07-04 04:57:08 |
| 212.156.90.122 | attackbotsspam | @LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-03 12:35:56,045 INFO [amun_request_handler] PortScan Detected on Port: 445 (212.156.90.122) |
2019-07-04 04:39:50 |
| 186.96.101.91 | attack | Jul 3 15:16:25 localhost sshd\[40383\]: Invalid user student from 186.96.101.91 port 38182 Jul 3 15:16:25 localhost sshd\[40383\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.96.101.91 ... |
2019-07-04 04:58:38 |
| 49.68.147.36 | attackspam | Brute force SMTP login attempts. |
2019-07-04 04:57:33 |
| 5.135.146.51 | attackbots | 2019-07-03T17:29:45.619284scmdmz1 sshd\[11578\]: Invalid user nitish from 5.135.146.51 port 33046 2019-07-03T17:29:45.623596scmdmz1 sshd\[11578\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.ip-5-135-146.eu 2019-07-03T17:29:48.139627scmdmz1 sshd\[11578\]: Failed password for invalid user nitish from 5.135.146.51 port 33046 ssh2 ... |
2019-07-04 04:48:41 |
| 45.55.238.20 | attackbots | 2019-07-03T21:42:10.203553vfs-server-01 sshd\[13372\]: Invalid user RX from 45.55.238.20 port 46120 2019-07-03T21:42:57.723741vfs-server-01 sshd\[13403\]: Invalid user AMD from 45.55.238.20 port 50658 2019-07-03T21:44:42.615616vfs-server-01 sshd\[13466\]: Invalid user wbiadmin from 45.55.238.20 port 59710 |
2019-07-04 05:11:09 |
| 14.191.74.169 | attackbotsspam | @LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-03 12:34:47,770 INFO [amun_request_handler] PortScan Detected on Port: 445 (14.191.74.169) |
2019-07-04 04:51:43 |
| 185.234.216.241 | attackspam | 2019-07-03T23:44:57.715888ns1.unifynetsol.net postfix/smtpd\[15214\]: warning: unknown\[185.234.216.241\]: SASL LOGIN authentication failed: authentication failure 2019-07-03T23:54:20.897122ns1.unifynetsol.net postfix/smtpd\[22772\]: warning: unknown\[185.234.216.241\]: SASL LOGIN authentication failed: authentication failure 2019-07-04T00:03:44.253148ns1.unifynetsol.net postfix/smtpd\[22849\]: warning: unknown\[185.234.216.241\]: SASL LOGIN authentication failed: authentication failure 2019-07-04T00:13:09.588429ns1.unifynetsol.net postfix/smtpd\[22772\]: warning: unknown\[185.234.216.241\]: SASL LOGIN authentication failed: authentication failure 2019-07-04T00:22:33.327247ns1.unifynetsol.net postfix/smtpd\[25887\]: warning: unknown\[185.234.216.241\]: SASL LOGIN authentication failed: authentication failure |
2019-07-04 05:13:29 |
| 202.29.57.103 | attack | MultiHost/MultiPort Probe, Scan, Hack - |
2019-07-04 04:33:01 |
| 184.105.247.196 | attack | 19/7/3@11:02:06: FAIL: IoT-Telnet address from=184.105.247.196 ... |
2019-07-04 05:03:55 |