120.52.92.68 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: China Unicom Cloud Data Company Limited

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Jun 25 22:49:37 dns-3 sshd[22331]: Did not receive identification string from 120.52.92.68 port 45586 Jun 25 22:49:55 dns-3 sshd[22336]: Invalid user oracle from 120.52.92.68 port 50120 Jun 25 22:49:55 dns-3 sshd[22336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.92.68 Jun 25 22:49:57 dns-3 sshd[22334]: User r.r from 120.52.92.68 not allowed because not listed in AllowUsers Jun 25 22:49:57 dns-3 sshd[22334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.92.68 user=r.r Jun 25 22:49:57 dns-3 sshd[22336]: Failed password for invalid user oracle from 120.52.92.68 port 50120 ssh2 Jun 25 22:49:58 dns-3 sshd[22336]: Received disconnect from 120.52.92.68 port 50120:11: Normal Shutdown, Thank you for playing [preauth] Jun 25 22:49:58 dns-3 sshd[22336]: Disconnected from invalid user oracle 120.52.92.68 port 50120 [preauth] Jun 25 22:49:59 dns-3 sshd[22334]: Failed password for ........ -------------------------------	2020-06-27 15:20:55

Type

Details

Datetime

attackbotsspam

Jun 25 22:49:37 dns-3 sshd[22331]: Did not receive identification string from 120.52.92.68 port 45586
Jun 25 22:49:55 dns-3 sshd[22336]: Invalid user oracle from 120.52.92.68 port 50120
Jun 25 22:49:55 dns-3 sshd[22336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.92.68 
Jun 25 22:49:57 dns-3 sshd[22334]: User r.r from 120.52.92.68 not allowed because not listed in AllowUsers
Jun 25 22:49:57 dns-3 sshd[22334]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.52.92.68  user=r.r
Jun 25 22:49:57 dns-3 sshd[22336]: Failed password for invalid user oracle from 120.52.92.68 port 50120 ssh2
Jun 25 22:49:58 dns-3 sshd[22336]: Received disconnect from 120.52.92.68 port 50120:11: Normal Shutdown, Thank you for playing [preauth]
Jun 25 22:49:58 dns-3 sshd[22336]: Disconnected from invalid user oracle 120.52.92.68 port 50120 [preauth]
Jun 25 22:49:59 dns-3 sshd[22334]: Failed password for ........
-------------------------------

2020-06-27 15:20:55

Comments on same subnet:

IP	Type	Details	Datetime
120.52.92.133	attack	Port probing on unauthorized port 23	2020-07-12 12:24:41
120.52.92.57	attackbotsspam	Auto Detect gjan.info's Rule! This IP has been detected by automatic rule.	2020-07-08 00:06:48
120.52.92.79	attack	unauthorized connection attempt	2020-06-27 14:34:12

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 120.52.92.68
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 21600
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;120.52.92.68.			IN	A

;; AUTHORITY SECTION:
.			283	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020060802 1800 900 604800 86400

;; Query time: 70 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Jun 09 03:38:42 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 68.92.52.120.in-addr.arpa not found: 2(SERVFAIL)

Nslookup info:

;; Got SERVFAIL reply from 183.60.83.19, trying next server
Server:		183.60.82.98
Address:	183.60.82.98#53

** server can't find 68.92.52.120.in-addr.arpa: SERVFAIL

Related IP info:

Related comments:

IP	Type	Details	Datetime
118.182.122.77	attackbotsspam	Nov 8 00:42:46 sauna sshd[52579]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.182.122.77 Nov 8 00:42:48 sauna sshd[52579]: Failed password for invalid user admin from 118.182.122.77 port 42241 ssh2 ...	2019-11-08 07:56:11
45.224.199.38	attackspam	SASL Brute Force	2019-11-08 08:00:40
81.192.159.130	attack	Nov 7 16:06:25 XXX sshd[57486]: Invalid user User from 81.192.159.130 port 48624	2019-11-08 08:21:10
137.74.26.179	attack	Nov 8 01:42:35 server sshd\[7067\]: User root from 137.74.26.179 not allowed because listed in DenyUsers Nov 8 01:42:35 server sshd\[7067\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.74.26.179 user=root Nov 8 01:42:37 server sshd\[7067\]: Failed password for invalid user root from 137.74.26.179 port 60782 ssh2 Nov 8 01:46:16 server sshd\[14206\]: User root from 137.74.26.179 not allowed because listed in DenyUsers Nov 8 01:46:16 server sshd\[14206\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=137.74.26.179 user=root	2019-11-08 08:03:17
92.118.38.38	attackspam	Nov 8 00:38:48 srv01 postfix/smtpd\[15144\]: warning: unknown\[92.118.38.38\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 8 00:39:04 srv01 postfix/smtpd\[15144\]: warning: unknown\[92.118.38.38\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 8 00:39:09 srv01 postfix/smtpd\[24861\]: warning: unknown\[92.118.38.38\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 8 00:39:26 srv01 postfix/smtpd\[24891\]: warning: unknown\[92.118.38.38\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Nov 8 00:39:38 srv01 postfix/smtpd\[24861\]: warning: unknown\[92.118.38.38\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2019-11-08 07:46:11
139.198.189.36	attackbotsspam	Nov 8 00:54:51 tux-35-217 sshd\[8729\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.198.189.36 user=root Nov 8 00:54:53 tux-35-217 sshd\[8729\]: Failed password for root from 139.198.189.36 port 39572 ssh2 Nov 8 00:59:26 tux-35-217 sshd\[8764\]: Invalid user sybase from 139.198.189.36 port 46186 Nov 8 00:59:26 tux-35-217 sshd\[8764\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.198.189.36 ...	2019-11-08 08:20:23
114.242.245.32	attackspam	2019-11-07T23:20:41.828234abusebot-8.cloudsearch.cf sshd\[4542\]: Invalid user glassy from 114.242.245.32 port 40158	2019-11-08 07:57:31
45.71.208.253	attackspam	Nov 7 13:21:07 tdfoods sshd\[21657\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.71.208.253 user=root Nov 7 13:21:08 tdfoods sshd\[21657\]: Failed password for root from 45.71.208.253 port 44886 ssh2 Nov 7 13:25:31 tdfoods sshd\[22056\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.71.208.253 user=root Nov 7 13:25:33 tdfoods sshd\[22056\]: Failed password for root from 45.71.208.253 port 52704 ssh2 Nov 7 13:29:55 tdfoods sshd\[22422\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.71.208.253 user=root	2019-11-08 07:46:51
109.248.11.201	attack	109.248.11.201 was recorded 5 times by 5 hosts attempting to connect to the following ports: 1900. Incident counter (4h, 24h, all-time): 5, 9, 43	2019-11-08 08:17:51
119.200.186.168	attackspam	Nov 8 00:54:42 mail sshd\[31024\]: Invalid user czpl from 119.200.186.168 Nov 8 00:54:42 mail sshd\[31024\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.200.186.168 Nov 8 00:54:44 mail sshd\[31024\]: Failed password for invalid user czpl from 119.200.186.168 port 60386 ssh2 ...	2019-11-08 07:57:00
106.12.48.216	attackspam	Nov 7 23:50:04 hcbbdb sshd\[15376\]: Invalid user bmn from 106.12.48.216 Nov 7 23:50:04 hcbbdb sshd\[15376\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.48.216 Nov 7 23:50:05 hcbbdb sshd\[15376\]: Failed password for invalid user bmn from 106.12.48.216 port 35092 ssh2 Nov 7 23:54:45 hcbbdb sshd\[15833\]: Invalid user system from 106.12.48.216 Nov 7 23:54:45 hcbbdb sshd\[15833\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.48.216	2019-11-08 07:58:57
46.38.144.57	attackspam	2019-11-08T00:54:03.155741mail01 postfix/smtpd[5892]: warning: unknown[46.38.144.57]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-08T00:54:08.041469mail01 postfix/smtpd[17130]: warning: unknown[46.38.144.57]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 2019-11-08T00:54:19.108414mail01 postfix/smtpd[13399]: warning: unknown[46.38.144.57]: SASL LOGIN authentication failed: UGFzc3dvcmQ6	2019-11-08 08:09:50
183.159.164.247	attackspam	Fail2Ban Ban Triggered	2019-11-08 07:50:06
75.103.66.4	attack	Automatic report - XMLRPC Attack	2019-11-08 07:50:42
45.125.65.54	attack	\[2019-11-07 19:13:23\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-11-07T19:13:23.716-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="2427801148413828003",SessionID="0x7fdf2c8a8ab8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.125.65.54/55335",ACLName="no_extension_match" \[2019-11-07 19:13:47\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-11-07T19:13:47.067-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="2094701148323235034",SessionID="0x7fdf2c9666e8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.125.65.54/52928",ACLName="no_extension_match" \[2019-11-07 19:14:01\] SECURITY\[2634\] res_security_log.c: SecurityEvent="FailedACL",EventTV="2019-11-07T19:14:01.266-0500",Severity="Error",Service="SIP",EventVersion="1",AccountID="2760501148632170017",SessionID="0x7fdf2c8a8ab8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.125.65.54/64544",ACLNam	2019-11-08 08:15:24

Recently Reported IPs

122.117.228.118	180.251.210.215	176.104.153.118	144.76.98.154
114.119.167.189	154.127.127.162	139.162.155.176	106.208.57.218
14.0.19.146	125.227.251.91	112.201.91.33	197.210.8.47
180.247.26.95	91.241.19.130	87.251.75.152	41.230.67.249
92.83.62.139	49.233.79.78	183.83.194.89	28.201.253.201