120.52.120.166 is a Hacker from China (Beijing)

IP informations Cybercrime IP Feeds Raw whois

120.52.120.166

is a

Hacker

100 %

China

Report Abuse

1035attacks reported

834Brute-ForceSSH

76Brute-Force

45SSH

27Port ScanBrute-ForceSSH

21HackingBrute-ForceSSH

17uncategorized

5Hacking

2Bad Web Bot

2Fraud VoIP

1Port Scan

...

1abuse reported

1Email SpamPort ScanHackingBrute-ForceExploited Host

from 151 distinct reporters

and 10 distinct sources : BadIPs.com, Blocklist.de, darklist.de, FireHOL, Charles Haley, NoThink.org, NormShield.com, GreenSnow.co, VoIPBL.org, AbuseIPDB

120.52.120.166 was first signaled at 2017-12-02 14:01 and last record was at 2020-07-31 16:24.

120.52.120.166

Organization

China Unicom IP network

list IP owned by China Unicom IP network

Localisation

China

Beijing, Beijing

NetRange : First & Last IP

120.52.0.0 - 120.52.255.255

Network CIDR

120.52.0.0/16

ASN

133119

list IP by ASN 133119

Cybercrime IP Feeds

Date UTC	Category	Sub Categories	Source List	Source	Logs
2019-04-06 11:13	attacks	Brute-ForceSSH		AbuseIPDB	Apr 6 20:13:03 MK-Soft-VM5 sshd\[9683\]: Invalid user doctor from 120.52.120.166 port 35077 Apr 6 20:13:03 MK-Soft-VM5 sshd\[9683\]: pam_unix\(sshd:au
2019-04-06 05:56	attacks	Port Scan		AbuseIPDB	SSH/RDP/Plesk/Webmin sniffing
2019-04-06 04:00	attacks	Brute-ForceSSH		AbuseIPDB	Apr 6 13:00:53 MK-Soft-VM3 sshd\[7176\]: Invalid user servercsgo from 120.52.120.166 port 39430 Apr 6 13:00:53 MK-Soft-VM3 sshd\[7176\]: pam_unix\(ssh
2019-04-05 20:54	attacks	Brute-ForceSSH		AbuseIPDB	Apr 6 07:54:46 srv206 sshd[9255]: Invalid user zabix from 120.52.120.166 Apr 6 07:54:46 srv206 sshd[9255]: pam_unix(sshd:auth): authentication failure
2019-04-05 14:43	attacks	HackingBrute-ForceSSH		AbuseIPDB	SSH authentication failure x 6 reported by Fail2Ban
2019-04-05 11:03	attacks	Brute-ForceSSH		AbuseIPDB	Apr 5 07:35:49 *** sshd[2828]: Failed password for invalid user mysql from 120.52.120.166 port 42167 ssh2
2019-04-05 05:29	attacks	Brute-ForceSSH		AbuseIPDB	Apr 5 15:29:00 debian sshd\[2311\]: Invalid user csgo from 120.52.120.166 port 40522 Apr 5 15:29:00 debian sshd\[2311\]: pam_unix$sshd:auth$: authen
2019-04-05 01:05	attacks	Brute-ForceSSH		AbuseIPDB	Apr 5 10:04:59 localhost sshd\[19348\]: Invalid user frank from 120.52.120.166 port 37494 Apr 5 10:04:59 localhost sshd\[19348\]: pam_unix\(sshd:auth\
2019-04-04 12:34	attacks	Brute-ForceSSH		AbuseIPDB	Apr 4 21:34:40 MK-Soft-VM5 sshd\[22752\]: Invalid user dan from 120.52.120.166 port 49506 Apr 4 21:34:40 MK-Soft-VM5 sshd\[22752\]: pam_unix\(sshd:aut
2019-04-04 11:28	attacks	Brute-ForceSSH		AbuseIPDB	Tried sshing with brute force.
2019-04-04 11:07	attacks	Brute-ForceSSH		AbuseIPDB	Triggered by Fail2Ban
2019-04-04 11:02	attacks	Brute-ForceSSH		AbuseIPDB
2019-04-04 10:30	attacks	Brute-ForceSSH		AbuseIPDB	Apr 4 21:29:29 mail sshd[28816]: Invalid user system from 120.52.120.166
2019-04-04 08:23	attacks	Brute-ForceSSH		AbuseIPDB	Apr 4 17:23:42 MK-Soft-VM3 sshd\[21599\]: Invalid user recruit from 120.52.120.166 port 45381 Apr 4 17:23:42 MK-Soft-VM3 sshd\[21599\]: pam_unix\(sshd
2019-04-04 02:48	attacks	Brute-ForceSSH		AbuseIPDB	Apr 4 13:48:21 vps647732 sshd[21120]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Apr 4 13:
2019-04-03 12:47	attacks	Brute-ForceSSH		AbuseIPDB	Triggered by Fail2Ban at Vostok web server
2019-04-03 05:25	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 15:20:25 marquez sshd[4367]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Apr 3 15:20:
2019-04-03 05:10	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 15:02:52 marquez sshd[23903]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Apr 3 15:02
2019-04-03 05:09	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 10:08:47 Tower sshd[21551]: Connection from 120.52.120.166 port 39338 on 192.168.10.220 port 22 Apr 3 10:08:52 Tower sshd[21551]: Invalid user g
2019-04-02 22:51	attacks	Brute-ForceSSH		AbuseIPDB	SSH invalid-user multiple login try
2019-04-02 22:42	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 14:42:25 itv-usvr-01 sshd[14486]: Invalid user musicbot from 120.52.120.166
2019-04-02 18:34	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 05:27:32 lnxweb62 sshd[20464]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Apr 3 05:2
2019-04-02 13:53	attacks	Brute-ForceSSH		AbuseIPDB	Apr 3 00:53:45 * sshd[2619]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Apr 3 00:53:47 * s
2019-04-02 12:57	attacks	Brute-ForceSSH		AbuseIPDB	Apr 2 21:50:07 dev0-dcfr-rnet sshd\[27158\]: Invalid user va from 120.52.120.166 Apr 2 21:50:07 dev0-dcfr-rnet sshd\[27158\]: pam_unix$sshd:auth$: a
2019-04-02 09:23	attacks	Brute-ForceSSH		AbuseIPDB	SSH-Bruteforce
2019-04-02 09:09	attacks	Brute-ForceSSH		AbuseIPDB	Apr 2 14:05:49 123flo sshd[43376]: Invalid user vagrant from 120.52.120.166 Apr 2 14:05:49 123flo sshd[43376]: pam_unix(sshd:auth): authentication fai
2019-04-02 07:31	attacks	Brute-ForceSSH		AbuseIPDB	Apr 2 16:22:37 dev0-dcfr-rnet sshd\[25841\]: Invalid user q from 120.52.120.166 Apr 2 16:22:37 dev0-dcfr-rnet sshd\[25841\]: pam_unix$sshd:auth$: au
2019-04-02 01:52	attacks	Brute-ForceSSH		AbuseIPDB	Apr 2 12:51:39 mail sshd[10382]: Invalid user se from 120.52.120.166
2019-04-01 18:08	attacks	Brute-ForceSSH		AbuseIPDB	Apr 2 05:07:16 host sshd\[11800\]: Invalid user fa from 120.52.120.166 port 44004 Apr 2 05:07:16 host sshd\[11800\]: pam_unix$sshd:auth$: authentica
2019-04-01 13:34	attacks	Brute-ForceSSH		AbuseIPDB	SSH-BruteForce
2019-04-01 10:24	attacks	Brute-ForceSSH		AbuseIPDB	Apr 1 19:24:27 localhost sshd\[78370\]: Invalid user yo from 120.52.120.166 port 47859 Apr 1 19:24:27 localhost sshd\[78370\]: pam_unix$sshd:auth$:
2019-04-01 10:05	attacks	Brute-ForceSSH		AbuseIPDB	Apr 1 19:05:53 localhost sshd\[77689\]: Invalid user dn from 120.52.120.166 port 44986 Apr 1 19:05:53 localhost sshd\[77689\]: pam_unix$sshd:auth$:
2019-04-01 04:01	attacks	Brute-ForceSSH		AbuseIPDB	Invalid user dev from 120.52.120.166 port 38993
2019-03-31 21:25	attacks	Brute-ForceSSH		AbuseIPDB
2019-03-31 16:11	attacks	Brute-Force		AbuseIPDB	Jan 23 02:12:33 vtv3 sshd\[21411\]: Invalid user priscila from 120.52.120.166 port 48787 Jan 23 02:12:33 vtv3 sshd\[21411\]: pam_unix$sshd:auth$: au
2019-03-31 15:57	attacks	HackingBrute-ForceSSH		AbuseIPDB	SSH authentication failure x 7 reported by Fail2Ban
2019-03-31 12:14	attacks	Brute-ForceSSH		AbuseIPDB	Multiple failed SSH logins
2019-03-31 11:03	attacks	Brute-ForceSSH		AbuseIPDB	Mar 31 05:37:13 * sshd[16084]: Failed password for invalid user avis from 120.52.120.166 port 34816 ssh2 Mar 31 05:42:02 * sshd[16235]: Failed pas
2019-03-31 07:09	attacks	Brute-ForceSSH		AbuseIPDB	Mar 31 18:09:17 icinga sshd[17271]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Mar 31 18:0
2019-03-31 05:05	attacks	Brute-ForceSSH		AbuseIPDB	[ssh] SSH attack
2019-03-31 00:58	attacks	Brute-ForceSSH		AbuseIPDB	Mar 31 11:57:29 host sshd\[6035\]: Invalid user fa from 120.52.120.166 port 59392 Mar 31 11:57:29 host sshd\[6035\]: pam_unix$sshd:auth$: authentica
2019-03-31 00:06	attacks	Brute-ForceSSH		AbuseIPDB	Mar 31 10:56:20 ns341937 sshd[22250]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Mar 31 10
2019-03-30 19:04	attacks	Brute-ForceSSH		AbuseIPDB
2019-03-30 17:28	attacks	Brute-ForceSSH		AbuseIPDB	Mar 31 04:28:55 HiS01 sshd\[20804\]: Invalid user api from 120.52.120.166 Mar 31 04:28:55 HiS01 sshd\[20804\]: pam_unix$sshd:auth$: authentication f
2019-03-30 15:16	attacks	Brute-ForceSSH		AbuseIPDB	(sshd) Failed SSH login from 120.52.120.166 (-): 5 in the last 3600 secs
2019-03-30 10:19	attacks	SSH		AbuseIPDB	$f2bV_matches
2019-03-30 09:17	attacks	Brute-ForceSSH		AbuseIPDB	Mar 30 19:17:04 bouncer sshd\[19529\]: Invalid user student from 120.52.120.166 port 54520 Mar 30 19:17:04 bouncer sshd\[19529\]: pam_unix\(sshd:auth\
2019-03-30 04:43	attacks	Brute-ForceSSH		AbuseIPDB	Tried sshing with brute force.
2019-03-30 04:15	attacks	Brute-ForceSSH		AbuseIPDB	many_ssh_attempts
2019-03-30 03:42	attacks	Brute-ForceSSH		AbuseIPDB	ssh_attempt
2017-12-02 14:01	attacks	FTP Brute-ForceHacking		AbuseIPDB	Nov 17 11:08:04 server6 sshd[22116]: Failed password for invalid user developer from 120.52.120.166 port 7432 ssh2 Nov 17 11:08:04 server6 sshd[22114]
2018-12-04 14:51	attacks	Brute-ForceSSH		AbuseIPDB	Dec 5 01:51:49 amit sshd\[20422\]: Invalid user marson from 120.52.120.166 Dec 5 01:51:49 amit sshd\[20422\]: pam_unix$sshd:auth$: authentication fa
2018-12-04 15:01	attacks	Brute-ForceSSH		AbuseIPDB	SSH Bruteforce @ SigaVPN honeypot
2018-12-04 15:19	attacks	Brute-ForceSSH		AbuseIPDB
2018-12-04 15:29	attacks	Brute-ForceSSH		AbuseIPDB	Dec 5 03:29:15 server01 sshd\[21470\]: Invalid user support from 120.52.120.166 Dec 5 03:29:15 server01 sshd\[21470\]: pam_unix$sshd:auth$: authenti
2018-12-04 18:07	attacks	Brute-ForceSSH		AbuseIPDB	Dec 5 04:07:15 **** sshd[11860]: Invalid user marily from 120.52.120.166 port 34710
2018-12-04 18:22	attacks	Brute-ForceSSH		AbuseIPDB
2018-12-04 20:47	attacks	SSH		AbuseIPDB	Dec 5 06:47:02 sshgateway sshd\[26428\]: Invalid user hama from 120.52.120.166 Dec 5 06:47:02 sshgateway sshd\[26428\]: pam_unix$sshd:auth$: authent
2018-12-04 20:51	attacks	Brute-ForceSSH		AbuseIPDB	Dec 5 07:51:35 icinga sshd[32673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.120.166 Dec 5 07:51:
2018-12-04 21:37	attacks	Brute-ForceSSH		AbuseIPDB	Dec 5 07:37:18 *** sshd[8309]: Invalid user admin from 120.52.120.166
2019-03-29 18:18	attacks		bi_any_0_1d	BadIPs.com
2019-03-29 18:19	attacks		bi_any_1_7d	BadIPs.com
2019-03-29 18:19	attacks		bi_any_2_1d	BadIPs.com
2019-03-29 18:19	attacks		bi_any_2_30d	BadIPs.com
2019-03-29 18:19	attacks		bi_any_2_7d	BadIPs.com
2019-03-29 18:19	attacks	Bad Web Bot	bi_badbots_1_7d	BadIPs.com
2019-03-29 18:19	attacks	Brute-Force	bi_bruteforce_1_7d	BadIPs.com
2019-03-29 18:19	attacks		bi_default_1_7d	BadIPs.com
2019-03-29 18:19	attacks		bi_default_2_30d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_sshd_0_1d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_sshd_1_7d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_sshd_2_30d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_ssh_0_1d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_ssh_1_7d	BadIPs.com
2019-03-29 18:20	attacks	SSH	bi_ssh_2_30d	BadIPs.com
2019-03-29 18:20	attacks		bi_unknown_1_7d	BadIPs.com
2019-03-29 18:20	attacks		bi_unknown_2_30d	BadIPs.com
2019-03-29 18:21	attacks		blocklist_de	Blocklist.de
2019-03-29 18:21	attacks	SSH	blocklist_de_ssh	Blocklist.de
2019-03-29 18:23	attacks		darklist_de	darklist.de
2019-03-29 18:27	attacks		firehol_level2	FireHOL
2019-03-29 18:27	attacks		firehol_level4	FireHOL
2019-03-29 18:34	attacks	SSH	haley_ssh	Charles Haley
2019-05-30 09:29	attacks	Bad Web Bot	bi_badbots_0_1d	BadIPs.com
2019-05-30 09:29	attacks	Brute-Force	bi_bruteforce_0_1d	BadIPs.com
2019-06-03 22:59	attacks	SSH	nt_ssh_7d	NoThink.org
2019-06-13 13:36	attacks		bi_default_0_1d	BadIPs.com
2019-06-13 13:36	attacks		bi_unknown_0_1d	BadIPs.com
2019-06-27 22:19	attacks	Web App AttackApache Attack	blocklist_de_apache	Blocklist.de
2019-06-27 22:19	attacks	Brute-Force	blocklist_de_bruteforce	Blocklist.de
2019-06-30 19:29	attacks	Brute-Force	normshield_all_bruteforce	NormShield.com
2019-06-30 19:29	attacks	Brute-Force	normshield_high_bruteforce	NormShield.com
2019-07-06 13:39	attacks		blocklist_de_strongips	Blocklist.de
2019-07-18 01:02	attacks	Fraud VoIP	blocklist_de_sip	Blocklist.de
2019-07-27 21:24	attacks		greensnow	GreenSnow.co
2020-07-31 16:24	attacks	Fraud VoIP	voipbl	VoIPBL.org

only last 50 and first 10 AbuseIPDB logs are shown

Threats Categories :

abuse

IPs used to spam forum, boards, blogs or smtp servers, automated web scripts or scrappers (bad bots)

anonymizer

Onion Router IP addresses. TOR network IPs, TOR exit points, socks or ssl proxy.

attacks

bruteforce ssh/ftp/system account, IPs that have been detected by fail2ban, ports scan, vulnerabilities scan, DDoS.

malware

Addresses that have been identified distributing malware, form-grabber and stealer, Viruses, Worms, Trojans, Ransomware, Adware, Spyware

Whois

inetnum: 120.52.0.0 - 120.52.255.255
netname: CU-CDC
descr: CHINA UNICOM CLOUD DATA COMPANY LIMITED
descr: A133, Xidan North Avenue, Xicheng District, Beijing.
admin-c: ZM909-AP
tech-c: ZM909-AP
country: CN
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNNIC-AP
mnt-irt: IRT-CNNIC-CN
status: ALLOCATED PORTABLE
last-modified: 2014-06-26T01:26:01Z
source: APNIC

irt: IRT-CNNIC-CN
address: Beijing, China
e-mail: ipas@cnnic.cn
abuse-mailbox: ipas@cnnic.cn
admin-c: IP50-AP
tech-c: IP50-AP
auth: # Filtered
remarks: Please note that CNNIC is not an ISP and is not
remarks: empowered to investigate complaints of network abuse.
remarks: Please contact the tech-c or admin-c of the network.
mnt-by: MAINT-CNNIC-AP
last-modified: 2017-11-01T08:57:39Z
source: APNIC

person: Xin Xing
address: A133,Xidan North Avenue, Xicheng District, Beijing
country: CN
phone: +86-18618215599
e-mail: xingxin2@chinaunicom.cn
nic-hdl: ZM909-AP
mnt-by: MAINT-CNNIC-AP
last-modified: 2013-10-12T09:06:01Z
source: APNIC

most specific ip range is highlighted

Updated : 2020-07-10