120.52.120.166 is a Hacker from China (Beijing)

IP informations Cybercrime IP Feeds Raw whois

120.52.120.166

is a

Hacker

100 %

China

Report Abuse

1034attacks reported

834Brute-ForceSSH

76Brute-Force

45SSH

27Port ScanBrute-ForceSSH

21HackingBrute-ForceSSH

17uncategorized

5Hacking

2Bad Web Bot

1Port Scan

1Port ScanBrute-Force

...

1abuse reported

1Email SpamPort ScanHackingBrute-ForceExploited Host

from 150 distinct reporters

and 9 distinct sources : BadIPs.com, Blocklist.de, darklist.de, FireHOL, Charles Haley, NoThink.org, NormShield.com, GreenSnow.co, AbuseIPDB

120.52.120.166 was first signaled at 2017-12-02 14:01 and last record was at 2019-07-27 21:24.

120.52.120.166

Organization

Internet Assigned Numbers Authority

all IP owned by Internet Assigned Numbers Authority

Localisation

China

Beijing, Beijing

NetRange : First & Last IP

0.0.0.0 - 255.255.255.255

Network CIDR

0.0.0.0/0

ASN

133119

list IP by ASN 133119

Cybercrime IP Feeds

Date UTC	Category	Sub Categories	Source List	Source	Logs
2019-04-06 11:13	attacks	Brute-ForceSSH		AbuseIPDB	Apr 6 20:13:03 MK-Soft-VM5 sshd\[9683\]: Invalid user doctor from 120.52.120.166 port 35077 Apr 6 20:13:03 MK-Soft-VM5 sshd\[9683\]: pam_unix\(sshd:au
2019-04-06 05:56	attacks	Port Scan		AbuseIPDB	SSH/RDP/Plesk/Webmin sniffing
2019-04-06 04:00	attacks	Brute-ForceSSH		AbuseIPDB	Apr 6 13:00:53 MK-Soft-VM3 sshd\[7176\]: Invalid user servercsgo from 120.52.120.166 port 39430 Apr 6 13:00:53 MK-Soft-VM3 sshd\[7176\]: pam_unix\(ssh
2019-04-05 20:54	attacks	Brute-ForceSSH		AbuseIPDB	Apr 6 07:54:46 srv206 sshd[9255]: Invalid user zabix from 120.52.120.166 Apr 6 07:54:46 srv206 sshd[9255]: pam_unix(sshd:auth): authentication failure
2019-04-05 14:43	attacks	HackingBrute-ForceSSH		AbuseIPDB	SSH authentication failure x 6 reported by Fail2Ban
2019-04-05 11:03	attacks	Brute-ForceSSH		AbuseIPDB	Apr 5 07:35:49 *** sshd[2828]: Failed password for invalid user mysql from 120.52.120.166 port 42167 ssh2
2019-04-05 05:29	attacks	Brute-ForceSSH		AbuseIPDB	Apr 5 15:29:00 debian sshd\[2311\]: Invalid user csgo from 120.52.120.166 port 40522 Apr 5 15:29:00 debian sshd\[2311\]: pam_unix$sshd:auth$: authen
2019-04-05 01:05	attacks	Brute-ForceSSH		AbuseIPDB	Apr 5 10:04:59 localhost sshd\[19348\]: Invalid user frank from 120.52.120.166 port 37494 Apr 5 10:04:59 localhost sshd\[19348\]: pam_unix\(sshd:auth\
2019-04-04 12:34	attacks	Brute-ForceSSH		AbuseIPDB	Apr 4 21:34:40 MK-Soft-VM5 sshd\[22752\]: Invalid user dan from 120.52.120.166 port 49506 Apr 4 21:34:40 MK-Soft-VM5 sshd\[22752\]: pam_unix\(sshd:aut
2019-04-04 11:28	attacks	Brute-ForceSSH		AbuseIPDB	Tried sshing with brute force.
2019-04-04 11:07	attacks	Brute-ForceSSH		AbuseIPDB	Triggered by Fail2Ban
2019-04-04 11:02	attacks	Brute-ForceSSH		AbuseIPDB
2019-04-04 10:30	attacks	Brute-ForceSSH		AbuseIPDB	Apr 4 21:29:29 mail sshd[28816]: Invalid user system from 120.52.120.166
2019-04-04 08:23	attacks	Brute-ForceSSH		AbuseIPDB	Apr 4 17:23:42 MK-Soft-VM3 sshd\[21599\]: Invalid user recruit from 120.52.120.166 port 45381 Apr 4 17:23:42 MK-Soft-VM3 sshd\[21599\]: pam_unix\(sshd
2019-04-04 02:48	attacks	Brute-ForceSSH		AbuseIPDB	Apr 4 13:48:21 vps647732 sshd[21120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Apr 4 13:
2019-04-03 12:47	attacks	Brute-ForceSSH		AbuseIPDB	Triggered by Fail2Ban at Vostok web server
2019-04-03 05:25	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 15:20:25 marquez sshd[4367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Apr 3 15:20:
2019-04-03 05:10	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 15:02:52 marquez sshd[23903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Apr 3 15:02
2019-04-03 05:09	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 10:08:47 Tower sshd[21551]: Connection from 120.52.120.166 port 39338 on 192.168.10.220 port 22 Apr 3 10:08:52 Tower sshd[21551]: Invalid user g
2019-04-02 22:51	attacks	Brute-ForceSSH		AbuseIPDB	SSH invalid-user multiple login try
2019-04-02 22:42	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 14:42:25 itv-usvr-01 sshd[14486]: Invalid user musicbot from 120.52.120.166
2019-04-02 18:34	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 05:27:32 lnxweb62 sshd[20464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Apr 3 05:2
2019-04-02 13:53	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 00:53:45 * sshd[2619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Apr 3 00:53:47 * s
2019-04-02 12:57	attacks	Brute-ForceSSH		AbuseIPDB	Apr 2 21:50:07 dev0-dcfr-rnet sshd\[27158\]: Invalid user va from 120.52.120.166 Apr 2 21:50:07 dev0-dcfr-rnet sshd\[27158\]: pam_unix$sshd:auth$: a
2019-04-02 09:23	attacks	Brute-ForceSSH		AbuseIPDB	SSH-Bruteforce
2019-04-02 09:09	attacks	Brute-ForceSSH		AbuseIPDB	Apr 2 14:05:49 123flo sshd[43376]: Invalid user vagrant from 120.52.120.166 Apr 2 14:05:49 123flo sshd[43376]: pam_unix(sshd:auth): authentication fai
2019-04-02 07:31	attacks	Brute-ForceSSH		AbuseIPDB	Apr 2 16:22:37 dev0-dcfr-rnet sshd\[25841\]: Invalid user q from 120.52.120.166 Apr 2 16:22:37 dev0-dcfr-rnet sshd\[25841\]: pam_unix$sshd:auth$: au
2019-04-02 01:52	attacks	Brute-ForceSSH		AbuseIPDB	Apr 2 12:51:39 mail sshd[10382]: Invalid user se from 120.52.120.166
2019-04-01 18:08	attacks	Brute-ForceSSH		AbuseIPDB	Apr 2 05:07:16 host sshd\[11800\]: Invalid user fa from 120.52.120.166 port 44004 Apr 2 05:07:16 host sshd\[11800\]: pam_unix$sshd:auth$: authentica
2019-04-01 13:34	attacks	Brute-ForceSSH		AbuseIPDB	SSH-BruteForce
2019-04-01 10:24	attacks	Brute-ForceSSH		AbuseIPDB	Apr 1 19:24:27 localhost sshd\[78370\]: Invalid user yo from 120.52.120.166 port 47859 Apr 1 19:24:27 localhost sshd\[78370\]: pam_unix$sshd:auth$:
2019-04-01 10:05	attacks	Brute-ForceSSH		AbuseIPDB	Apr 1 19:05:53 localhost sshd\[77689\]: Invalid user dn from 120.52.120.166 port 44986 Apr 1 19:05:53 localhost sshd\[77689\]: pam_unix$sshd:auth$:
2019-04-01 04:01	attacks	Brute-ForceSSH		AbuseIPDB	Invalid user dev from 120.52.120.166 port 38993
2019-03-31 21:25	attacks	Brute-ForceSSH		AbuseIPDB
2019-03-31 16:11	attacks	Brute-Force		AbuseIPDB	Jan 23 02:12:33 vtv3 sshd\[21411\]: Invalid user priscila from 120.52.120.166 port 48787 Jan 23 02:12:33 vtv3 sshd\[21411\]: pam_unix$sshd:auth$: au
2019-03-31 15:57	attacks	HackingBrute-ForceSSH		AbuseIPDB	SSH authentication failure x 7 reported by Fail2Ban
2019-03-31 12:14	attacks	Brute-ForceSSH		AbuseIPDB	Multiple failed SSH logins
2019-03-31 11:03	attacks	Brute-ForceSSH		AbuseIPDB	Mar 31 05:37:13 * sshd[16084]: Failed password for invalid user avis from 120.52.120.166 port 34816 ssh2 Mar 31 05:42:02 * sshd[16235]: Failed pas
2019-03-31 07:09	attacks	Brute-ForceSSH		AbuseIPDB	Mar 31 18:09:17 icinga sshd[17271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Mar 31 18:0
2019-03-31 05:05	attacks	Brute-ForceSSH		AbuseIPDB	[ssh] SSH attack
2019-03-31 00:58	attacks	Brute-ForceSSH		AbuseIPDB	Mar 31 11:57:29 host sshd\[6035\]: Invalid user fa from 120.52.120.166 port 59392 Mar 31 11:57:29 host sshd\[6035\]: pam_unix$sshd:auth$: authentica
2019-03-31 00:06	attacks	Brute-ForceSSH		AbuseIPDB	Mar 31 10:56:20 ns341937 sshd[22250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Mar 31 10
2019-03-30 19:04	attacks	Brute-ForceSSH		AbuseIPDB
2019-03-30 17:28	attacks	Brute-ForceSSH		AbuseIPDB	Mar 31 04:28:55 HiS01 sshd\[20804\]: Invalid user api from 120.52.120.166 Mar 31 04:28:55 HiS01 sshd\[20804\]: pam_unix$sshd:auth$: authentication f
2019-03-30 15:16	attacks	Brute-ForceSSH		AbuseIPDB	(sshd) Failed SSH login from 120.52.120.166 (-): 5 in the last 3600 secs
2019-03-30 10:19	attacks	SSH		AbuseIPDB	$f2bV_matches
2019-03-30 09:17	attacks	Brute-ForceSSH		AbuseIPDB	Mar 30 19:17:04 bouncer sshd\[19529\]: Invalid user student from 120.52.120.166 port 54520 Mar 30 19:17:04 bouncer sshd\[19529\]: pam_unix\(sshd:auth\
2019-03-30 04:43	attacks	Brute-ForceSSH		AbuseIPDB	Tried sshing with brute force.
2019-03-30 04:15	attacks	Brute-ForceSSH		AbuseIPDB	many_ssh_attempts
2019-03-30 03:42	attacks	Brute-ForceSSH		AbuseIPDB	ssh_attempt
2017-12-02 14:01	attacks	FTP Brute-ForceHacking		AbuseIPDB	Nov 17 11:08:04 server6 sshd[22116]: Failed password for invalid user developer from 120.52.120.166 port 7432 ssh2 Nov 17 11:08:04 server6 sshd[22114]
2018-12-04 14:51	attacks	Brute-ForceSSH		AbuseIPDB	Dec 5 01:51:49 amit sshd\[20422\]: Invalid user marson from 120.52.120.166 Dec 5 01:51:49 amit sshd\[20422\]: pam_unix$sshd:auth$: authentication fa
2018-12-04 15:01	attacks	Brute-ForceSSH		AbuseIPDB	SSH Bruteforce @ SigaVPN honeypot
2018-12-04 15:19	attacks	Brute-ForceSSH		AbuseIPDB
2018-12-04 15:29	attacks	Brute-ForceSSH		AbuseIPDB	Dec 5 03:29:15 server01 sshd\[21470\]: Invalid user support from 120.52.120.166 Dec 5 03:29:15 server01 sshd\[21470\]: pam_unix$sshd:auth$: authenti
2018-12-04 18:07	attacks	Brute-ForceSSH		AbuseIPDB	Dec 5 04:07:15 **** sshd[11860]: Invalid user marily from 120.52.120.166 port 34710
2018-12-04 18:22	attacks	Brute-ForceSSH		AbuseIPDB
2018-12-04 20:47	attacks	SSH		AbuseIPDB	Dec 5 06:47:02 sshgateway sshd\[26428\]: Invalid user hama from 120.52.120.166 Dec 5 06:47:02 sshgateway sshd\[26428\]: pam_unix$sshd:auth$: authent
2018-12-04 20:51	attacks	Brute-ForceSSH		AbuseIPDB	Dec 5 07:51:35 icinga sshd[32673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Dec 5 07:51:
2018-12-04 21:37	attacks	Brute-ForceSSH		AbuseIPDB	Dec 5 07:37:18 *** sshd[8309]: Invalid user admin from 120.52.120.166
2019-03-29 18:18	attacks		bi_any_0_1d	BadIPs.com
2019-03-29 18:19	attacks		bi_any_1_7d	BadIPs.com
2019-03-29 18:19	attacks		bi_any_2_1d	BadIPs.com
2019-03-29 18:19	attacks		bi_any_2_30d	BadIPs.com
2019-03-29 18:19	attacks		bi_any_2_7d	BadIPs.com
2019-03-29 18:19	attacks	Bad Web Bot	bi_badbots_1_7d	BadIPs.com
2019-03-29 18:19	attacks	Brute-Force	bi_bruteforce_1_7d	BadIPs.com
2019-03-29 18:19	attacks		bi_default_1_7d	BadIPs.com
2019-03-29 18:19	attacks		bi_default_2_30d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_sshd_0_1d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_sshd_1_7d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_sshd_2_30d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_ssh_0_1d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_ssh_1_7d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_ssh_2_30d	BadIPs.com
2019-03-29 18:20	attacks		bi_unknown_1_7d	BadIPs.com
2019-03-29 18:20	attacks		bi_unknown_2_30d	BadIPs.com
2019-03-29 18:21	attacks		blocklist_de	Blocklist.de
2019-03-29 18:21	attacks	SSH	blocklist_de_ssh	Blocklist.de
2019-03-29 18:23	attacks		darklist_de	darklist.de
2019-03-29 18:27	attacks		firehol_level2	FireHOL
2019-03-29 18:27	attacks		firehol_level4	FireHOL
2019-03-29 18:34	attacks	SSH	haley_ssh	Charles Haley
2019-05-30 09:29	attacks	Bad Web Bot	bi_badbots_0_1d	BadIPs.com
2019-05-30 09:29	attacks	Brute-Force	bi_bruteforce_0_1d	BadIPs.com
2019-06-03 22:59	attacks	SSH	nt_ssh_7d	NoThink.org
2019-06-13 13:36	attacks		bi_default_0_1d	BadIPs.com
2019-06-13 13:36	attacks		bi_unknown_0_1d	BadIPs.com
2019-06-27 22:19	attacks	Web App AttackApache Attack	blocklist_de_apache	Blocklist.de
2019-06-27 22:19	attacks	Brute-Force	blocklist_de_bruteforce	Blocklist.de
2019-06-30 19:29	attacks	Brute-Force	normshield_all_bruteforce	NormShield.com
2019-06-30 19:29	attacks	Brute-Force	normshield_high_bruteforce	NormShield.com
2019-07-06 13:39	attacks		blocklist_de_strongips	Blocklist.de
2019-07-18 01:02	attacks	Fraud VoIP	blocklist_de_sip	Blocklist.de
2019-07-27 21:24	attacks		greensnow	GreenSnow.co

only last 50 and first 10 AbuseIPDB logs are shown

Threats Categories :

abuse

IPs used to spam forum, boards, blogs or smtp servers, automated web scripts or scrappers (bad bots)

anonymizer

Onion Router IP addresses. TOR network IPs, TOR exit points, socks or ssl proxy.

attacks

bruteforce ssh/ftp/system account, IPs that have been detected by fail2ban, ports scan, vulnerabilities scan, DDoS.

malware

Addresses that have been identified distributing malware, form-grabber and stealer, Viruses, Worms, Trojans, Ransomware, Adware, Spyware

Whois

inetnum: 0.0.0.0 - 255.255.255.255
netname: IANA-BLK
descr: The whole IPv4 address space
country: EU # Country field is actually all countries in the world and not just EU countries
org: ORG-IANA1-RIPE
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
status: ALLOCATED UNSPECIFIED
remarks: This object represents all IPv4 addresses.
remarks: If you see this object as a result of a single IP query, it
remarks: means that the IP address you are querying is currently not
remarks: assigned to any organisation.
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: RIPE-NCC-HM-MNT
created: 2002-06-25T14:19:09Z
last-modified: 2018-11-23T10:30:34Z
source: RIPE

organisation: ORG-IANA1-RIPE
org-name: Internet Assigned Numbers Authority
org-type: IANA
address: see http://www.iana.org
remarks: The IANA allocates IP addresses and AS number blocks to RIRs
remarks: see http://www.iana.org/numbers
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
created: 2004-04-17T09:57:29Z
last-modified: 2013-07-22T12:03:42Z
source: RIPE # Filtered

role: Internet Assigned Numbers Authority
address: see http://www.iana.org.
admin-c: IANA1-RIPE
tech-c: IANA1-RIPE
nic-hdl: IANA1-RIPE
remarks: For more information on IANA services
remarks: go to IANA web site at http://www.iana.org.
mnt-by: RIPE-NCC-MNT
created: 1970-01-01T00:00:00Z
last-modified: 2001-09-22T09:31:27Z
source: RIPE # Filtered

most specific ip range is highlighted

Updated : 2020-01-15