City: Beijing
Region: Beijing
Country: China
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2026, American Registry for Internet Numbers, Ltd.
#
NetRange: 47.92.0.0 - 47.97.255.255
CIDR: 47.96.0.0/15, 47.92.0.0/14
NetName: APNIC
NetHandle: NET-47-92-0-0-1
Parent: NET47 (NET-47-0-0-0-0)
NetType: Early Registrations, Transferred to APNIC
OriginAS:
Organization: Asia Pacific Network Information Centre (APNIC)
RegDate: 2015-03-02
Updated: 2015-03-02
Ref: https://rdap.arin.net/registry/ip/47.92.0.0
ResourceLink: https://apps.db.ripe.net/db-web-ui/query
ResourceLink: whois.apnic.net
OrgName: Asia Pacific Network Information Centre
OrgId: APNIC
Address: PO Box 3646
City: South Brisbane
StateProv: QLD
PostalCode: 4101
Country: AU
RegDate:
Updated: 2012-01-24
Ref: https://rdap.arin.net/registry/entity/APNIC
ReferralServer: whois://whois.apnic.net
ResourceLink: http://wq.apnic.net/whois-search/static/search.html
OrgAbuseHandle: AWC12-ARIN
OrgAbuseName: APNIC Whois Contact
OrgAbusePhone: +61 7 3858 3188
OrgAbuseEmail: search-apnic-not-arin@apnic.net
OrgAbuseRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3188
OrgTechEmail: search-apnic-not-arin@apnic.net
OrgTechRef: https://rdap.arin.net/registry/entity/AWC12-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2026, American Registry for Internet Numbers, Ltd.
#
Found a referral to whois.apnic.net.
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
% Information related to '47.92.0.0 - 47.95.255.255'
% Abuse contact for '47.92.0.0 - 47.95.255.255' is 'didong.jc@alibaba-inc.com'
inetnum: 47.92.0.0 - 47.95.255.255
netname: ALISOFT
descr: Aliyun Computing Co., LTD
descr: 5F, Builing D, the West Lake International Plaza of S&T
descr: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099
country: CN
admin-c: ZM1015-AP
tech-c: ZM877-AP
tech-c: ZM876-AP
tech-c: ZM875-AP
abuse-c: AC1601-AP
status: ALLOCATED PORTABLE
mnt-by: MAINT-CNNIC-AP
mnt-irt: IRT-ALISOFT-CN
last-modified: 2023-11-28T00:58:17Z
source: APNIC
irt: IRT-ALISOFT-CN
address: No.391 Wen'er Road, Hangzhou, Zhejiang, China, 310099
e-mail: didong.jc@alibaba-inc.com
abuse-mailbox: didong.jc@alibaba-inc.com
admin-c: ZM877-AP
tech-c: ZM877-AP
auth: # Filtered
mnt-by: MAINT-CNNIC-AP
last-modified: 2025-11-18T00:35:07Z
source: APNIC
role: ABUSE CNNICCN
country: ZZ
address: Beijing, China
phone: +000000000
e-mail: ipas@cnnic.cn
admin-c: IP50-AP
tech-c: IP50-AP
nic-hdl: AC1601-AP
remarks: Generated from irt object IRT-CNNIC-CN
remarks: ipas@cnnic.cn is invalid
abuse-mailbox: ipas@cnnic.cn
mnt-by: APNIC-ABUSE
last-modified: 2025-09-19T17:20:32Z
source: APNIC
person: Li Jia
address: NO.969 West Wen Yi Road, Yu Hang District, Hangzhou
country: CN
phone: +86-0571-85022088
e-mail: jiali.jl@alibaba-inc.com
nic-hdl: ZM1015-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2025-07-01T07:12:42Z
source: APNIC
person: Guoxin Gao
address: 5F, Builing D, the West Lake International Plaza of S&T
address: No.391 Wen'er Road, Hangzhou City
address: Zhejiang, China, 310099
country: CN
phone: +86-0571-85022600
fax-no: +86-0571-85022600
e-mail: anti-spam@list.alibaba-inc.com
nic-hdl: ZM875-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2014-07-30T01:56:01Z
source: APNIC
person: security trouble
e-mail: abuse@alibaba-inc.com
address: 5th,floor,Building D,the West Lake International Plaza of S&T,391#Wen??r Road
address: Hangzhou, Zhejiang, China
phone: +86-0571-85022600
country: CN
mnt-by: MAINT-CNNIC-AP
nic-hdl: ZM876-AP
last-modified: 2025-07-01T07:06:11Z
source: APNIC
person: Guowei Pan
address: 5F, Builing D, the West Lake International Plaza of S&T
address: No.391 Wen'er Road, Hangzhou City
address: Zhejiang, China, 310099
country: CN
phone: +86-0571-85022088-30763
fax-no: +86-0571-85022600
e-mail: abuse@alibaba-inc.com
nic-hdl: ZM877-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2025-07-01T07:05:46Z
source: APNIC
% Information related to '47.92.0.0/14AS37963'
route: 47.92.0.0/14
descr: Hangzhou Alibaba Advertising Co.,Ltd.
country: CN
origin: AS37963
mnt-by: MAINT-CNNIC-AP
last-modified: 2019-08-07T23:28:06Z
source: APNIC
% Information related to '47.92.0.0/14AS45102'
route: 47.92.0.0/14
descr: Alibaba (US) Technology Co., Ltd.
country: CN
origin: AS45102
mnt-by: MAINT-CNNIC-AP
last-modified: 2019-08-07T23:28:04Z
source: APNIC
% This query was served by the APNIC Whois Service version 1.88.48 (WHOIS-AU5); <<>> DiG 9.10.3-P4-Ubuntu <<>> 47.95.205.23
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 50120
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;47.95.205.23. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2026062402 1800 900 604800 86400
;; Query time: 33 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jun 25 10:30:14 CST 2026
;; MSG SIZE rcvd: 105Host 23.205.95.47.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 23.205.95.47.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 125.64.94.211 | attack | " " |
2019-10-04 16:02:01 |
| 115.79.60.104 | attackspam | Invalid user webuser from 115.79.60.104 port 56614 |
2019-10-04 15:22:47 |
| 35.189.237.181 | attack | Oct 4 03:49:34 TORMINT sshd\[31332\]: Invalid user Light@123 from 35.189.237.181 Oct 4 03:49:34 TORMINT sshd\[31332\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=35.189.237.181 Oct 4 03:49:36 TORMINT sshd\[31332\]: Failed password for invalid user Light@123 from 35.189.237.181 port 42252 ssh2 ... |
2019-10-04 15:54:21 |
| 95.174.219.101 | attackbotsspam | Invalid user cyberfarm from 95.174.219.101 port 51838 |
2019-10-04 16:03:31 |
| 79.137.79.167 | attack | Automatic report - Banned IP Access |
2019-10-04 15:28:06 |
| 51.158.117.17 | attack | Oct 4 09:43:10 meumeu sshd[5054]: Failed password for root from 51.158.117.17 port 33382 ssh2 Oct 4 09:47:56 meumeu sshd[5737]: Failed password for root from 51.158.117.17 port 51408 ssh2 ... |
2019-10-04 16:08:09 |
| 124.107.167.86 | attackspambots | Connection by 124.107.167.86 on port: 1433 got caught by honeypot at 10/4/2019 12:07:41 AM |
2019-10-04 15:46:52 |
| 222.186.175.6 | attack | Oct 4 09:38:10 mail sshd\[29053\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.175.6 user=root Oct 4 09:38:12 mail sshd\[29053\]: Failed password for root from 222.186.175.6 port 28998 ssh2 Oct 4 09:38:16 mail sshd\[29053\]: Failed password for root from 222.186.175.6 port 28998 ssh2 Oct 4 09:38:21 mail sshd\[29053\]: Failed password for root from 222.186.175.6 port 28998 ssh2 Oct 4 09:38:26 mail sshd\[29053\]: Failed password for root from 222.186.175.6 port 28998 ssh2 |
2019-10-04 15:48:34 |
| 117.91.252.140 | attackbots | Oct 1 07:18:27 esmtp postfix/smtpd[22900]: lost connection after AUTH from unknown[117.91.252.140] Oct 1 07:18:30 esmtp postfix/smtpd[22900]: lost connection after AUTH from unknown[117.91.252.140] Oct 1 07:18:53 esmtp postfix/smtpd[22848]: lost connection after AUTH from unknown[117.91.252.140] Oct 1 07:18:53 esmtp postfix/smtpd[22870]: lost connection after AUTH from unknown[117.91.252.140] Oct 1 07:18:54 esmtp postfix/smtpd[22848]: lost connection after AUTH from unknown[117.91.252.140] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=117.91.252.140 |
2019-10-04 15:53:06 |
| 218.238.55.194 | attack | Oct 1 18:13:37 mxgate1 postfix/postscreen[13833]: CONNECT from [218.238.55.194]:24619 to [176.31.12.44]:25 Oct 1 18:13:37 mxgate1 postfix/dnsblog[13834]: addr 218.238.55.194 listed by domain zen.spamhaus.org as 127.0.0.3 Oct 1 18:13:37 mxgate1 postfix/dnsblog[13834]: addr 218.238.55.194 listed by domain zen.spamhaus.org as 127.0.0.4 Oct 1 18:13:37 mxgate1 postfix/dnsblog[13834]: addr 218.238.55.194 listed by domain zen.spamhaus.org as 127.0.0.11 Oct 1 18:13:37 mxgate1 postfix/dnsblog[13836]: addr 218.238.55.194 listed by domain cbl.abuseat.org as 127.0.0.2 Oct 1 18:13:37 mxgate1 postfix/dnsblog[13838]: addr 218.238.55.194 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Oct 1 18:13:37 mxgate1 postfix/dnsblog[13837]: addr 218.238.55.194 listed by domain b.barracudacentral.org as 127.0.0.2 Oct 1 18:13:43 mxgate1 postfix/postscreen[13833]: DNSBL rank 5 for [218.238.55.194]:24619 Oct x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=218.238.55.194 |
2019-10-04 15:35:21 |
| 189.7.121.28 | attack | Oct 1 10:07:51 keyhelp sshd[25355]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.7.121.28 user=r.r Oct 1 10:07:53 keyhelp sshd[25355]: Failed password for r.r from 189.7.121.28 port 56756 ssh2 Oct 1 10:07:54 keyhelp sshd[25355]: Received disconnect from 189.7.121.28 port 56756:11: Bye Bye [preauth] Oct 1 10:07:54 keyhelp sshd[25355]: Disconnected from 189.7.121.28 port 56756 [preauth] Oct 1 10:24:58 keyhelp sshd[29540]: Connection closed by 189.7.121.28 port 58687 [preauth] Oct 1 10:35:17 keyhelp sshd[32442]: Invalid user test2 from 189.7.121.28 Oct 1 10:35:17 keyhelp sshd[32442]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.7.121.28 Oct 1 10:35:19 keyhelp sshd[32442]: Failed password for invalid user test2 from 189.7.121.28 port 51823 ssh2 Oct 1 10:35:21 keyhelp sshd[32442]: Received disconnect from 189.7.121.28 port 51823:11: Bye Bye [preauth] Oct 1 10:35:21 keyhel........ ------------------------------- |
2019-10-04 15:49:10 |
| 130.105.46.84 | attackbotsspam | Attempt to attack host OS, exploiting network vulnerabilities, on 04-10-2019 04:55:17. |
2019-10-04 15:20:57 |
| 190.14.39.127 | attackbotsspam | Oct 3 23:49:47 localhost kernel: [3898806.760227] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=190.14.39.127 DST=[mungedIP2] LEN=40 TOS=0x08 PREC=0x20 TTL=59 ID=21893 DF PROTO=TCP SPT=52279 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 3 23:49:47 localhost kernel: [3898806.760263] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=190.14.39.127 DST=[mungedIP2] LEN=40 TOS=0x08 PREC=0x20 TTL=59 ID=21893 DF PROTO=TCP SPT=52279 DPT=22 SEQ=1101840692 ACK=0 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 3 23:54:30 localhost kernel: [3899089.064211] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=190.14.39.127 DST=[mungedIP2] LEN=40 TOS=0x08 PREC=0x20 TTL=76 ID=65384 DF PROTO=TCP SPT=62614 DPT=22 WINDOW=29200 RES=0x00 SYN URGP=0 Oct 3 23:54:30 localhost kernel: [3899089.064237] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:aa:c1:08:00 SRC=190.14.39.127 DST=[mungedIP2] LEN=40 TOS=0x08 P |
2019-10-04 15:56:52 |
| 79.137.72.121 | attackbotsspam | $f2bV_matches |
2019-10-04 15:57:13 |
| 180.101.125.162 | attack | Oct 4 09:59:01 sauna sshd[128149]: Failed password for root from 180.101.125.162 port 43566 ssh2 ... |
2019-10-04 15:26:57 |