JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 129.222.147.28

129.222.147.28 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 58%: ?

58%

ISP	SpaceX Services, Inc.
Usage Type	Fixed Line ISP
ASN	AS14593
Hostname(s)	customer.nrbiken1.isp.starlink.com
Domain Name	spacex.com
Country	🇰🇪 Kenya
City	Nairobi, Nairobi County

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 129.222.147.28

Whois 129.222.147.28

IP Abuse Reports for 129.222.147.28:

This IP address has been reported a total of 19 times from 16 distinct sources. 129.222.147.28 was first reported on June 30th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 applemooz	2026-06-25 12:31:10 (2 days ago)	WordPress XMLRPC Brute Force Attacks ...	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 06:02:13 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 129.222.147.28 (customer.nrbiken1.isp.starlink. ... show more (mod_security) mod_security (id:240335) triggered by 129.222.147.28 (customer.nrbiken1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 02:02:06.348653 2026] [security2:error] [pid 23724:tid 23724] [client 129.222.147.28:34732] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 129.222.147.28 (+1 hits since last alert)\|techsunlimited.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "techsunlimited.net"] [uri "/xmlrpc.php"] [unique_id "ajzEXitWNdJ4_cqrVMKlPQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-25 05:59:43 (3 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 integrantservices.com	2026-06-24 20:11:08 (3 days ago)	(wordpress) Failed wordpress login from 129.222.147.28 (KE/Kenya/customer.nrbiken1.isp.starlink.com)	Brute-Force
Anonymous	2026-06-24 19:11:34 (3 days ago)	(wordpress) Failed wordpress login from 129.222.147.28 (KE/Kenya/customer.nrbiken1.isp.starlink.com)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-24 17:39:55 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 129.222.147.28 (customer.nrbiken1.isp.starlink. ... show more (mod_security) mod_security (id:240335) triggered by 129.222.147.28 (customer.nrbiken1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 13:39:48.755310 2026] [security2:error] [pid 14998:tid 14998] [client 129.222.147.28:53685] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 129.222.147.28 (+1 hits since last alert)\|balirealestateadvertiser.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "balirealestateadvertiser.com"] [uri "/xmlrpc.php"] [unique_id "ajwWZDyEISleAvTKOocJTwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 16:07:51 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 129.222.147.28 (customer.nrbiken1.isp.starlink. ... show more (mod_security) mod_security (id:240335) triggered by 129.222.147.28 (customer.nrbiken1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 12:07:48.003419 2026] [security2:error] [pid 30304:tid 30304] [client 129.222.147.28:17281] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 129.222.147.28 (+1 hits since last alert)\|caymancline.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caymancline.com"] [uri "/xmlrpc.php"] [unique_id "ajwA0wMTrCHuEqJFKVNcaAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-24 15:04:31 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 129.222.147.28 (customer.nrbiken1.isp.starlink. ... show more (mod_security) mod_security (id:240335) triggered by 129.222.147.28 (customer.nrbiken1.isp.starlink.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 11:04:28.167192 2026] [security2:error] [pid 25547:tid 25547] [client 129.222.147.28:40324] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 129.222.147.28 (+1 hits since last alert)\|caquintet.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "caquintet.com"] [uri "/xmlrpc.php"] [unique_id "ajvx_Jd9Ia6vKgTx06B6WAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 bigwavedave	2026-06-24 14:01:57 (3 days ago)	Wordpress Attack	Web App Attack
🇦🇺 MAGIC	2026-06-20 02:00:38 (1 week ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇩🇪 HandyTreff.de	2026-06-15 18:32:58 (1 week ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -49.375 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -49.375 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17. show less	Web App Attack Bad Web Bot
🇮🇩 David Koswari	2026-06-12 05:19:00 (2 weeks ago)	REQ_BLOCKED_ACL	DDoS Attack FTP Brute-Force Ping of Death Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
🇩🇪 SMARTNET	2026-05-27 06:03:53 (1 month ago)	Aisuru(Mirai variant) DDoS \| Incident ID: 22ada211-5b5c-463a-b46f-60fd11dc639d	DDoS Attack
Anonymous	2026-05-22 03:12:22 (1 month ago)	Attac	Brute-Force
🇩🇪 milcraft.nl	2026-05-15 07:16:04 (1 month ago)	Suspicious WooCommerce query combination detected. Not default available on websites. Matched combi ... show more Suspicious WooCommerce query combination detected. Not default available on websites. Matched combi patterns: filter_, add-to-cart=, orderby=, product_count=. Activity is consistent with high-volume request abuse. show less	DDoS Attack Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 191.96.227.84

🇯🇵 101.33.55.204

🇩🇪 8.211.33.128

🇺🇸 172.216.9.29

🇩🇰 158.173.74.20

🇮🇩 114.141.49.46

🇭🇰 101.36.118.148

🇺🇸 100.29.192.28

🇮🇳 49.204.28.101

🇳🇱 195.178.110.30

🇺🇸 162.216.149.59

🇪🇬 156.204.124.128

🇺🇸 152.32.206.74

🇳🇱 91.92.40.237

🇳🇱 83.168.106.26

🇩🇪 45.131.65.182

🇸🇬 43.173.179.172

🇺🇸 4.246.117.137

🇳🇱 185.236.20.195

🇷🇺 154.83.196.237