120.92.94.94 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: China

Internet Service Provider: Beijing Kingsoft Cloud Internet Technology Co. Ltd.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Sep 16 13:26:57 plex-server sshd[84720]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.94 Sep 16 13:26:57 plex-server sshd[84720]: Invalid user nagios from 120.92.94.94 port 25736 Sep 16 13:27:00 plex-server sshd[84720]: Failed password for invalid user nagios from 120.92.94.94 port 25736 ssh2 Sep 16 13:29:58 plex-server sshd[86153]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.94 user=root Sep 16 13:30:00 plex-server sshd[86153]: Failed password for root from 120.92.94.94 port 57494 ssh2 ...	2020-09-16 23:08:53
attackbots	Sep 16 03:32:15 mail sshd[3457]: Failed password for root from 120.92.94.94 port 20870 ssh2	2020-09-16 15:26:18
attack	Sep 15 22:50:31 jumpserver sshd[54370]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.94 Sep 15 22:50:31 jumpserver sshd[54370]: Invalid user postgres from 120.92.94.94 port 27090 Sep 15 22:50:33 jumpserver sshd[54370]: Failed password for invalid user postgres from 120.92.94.94 port 27090 ssh2 ...	2020-09-16 07:26:21
attack	SSH BruteForce Attack	2020-09-02 22:54:30
attackspambots	Invalid user wagner from 120.92.94.94 port 25454	2020-09-02 14:39:54
attackbotsspam	Jul 3 04:00:25 server sshd[11938]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.94 Jul 3 04:00:26 server sshd[11938]: Failed password for invalid user sakshi from 120.92.94.94 port 53850 ssh2 Jul 3 04:05:03 server sshd[12137]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.94 Jul 3 04:05:05 server sshd[12137]: Failed password for invalid user emil from 120.92.94.94 port 34004 ssh2	2020-09-02 07:40:19
attack	SSH Brute Force	2020-08-27 01:29:20
attack	Invalid user test from 120.92.94.94 port 39958	2020-08-26 08:00:07
attack	Aug 21 23:58:52 gospond sshd[24687]: Invalid user kiran from 120.92.94.94 port 57734 ...	2020-08-22 07:51:29
attackbots	Aug 5 16:09:21 marvibiene sshd[22896]: Failed password for root from 120.92.94.94 port 54626 ssh2 Aug 5 16:13:43 marvibiene sshd[23418]: Failed password for root from 120.92.94.94 port 32848 ssh2	2020-08-05 23:45:42
attack	Cowrie Honeypot: 3 unauthorised SSH/Telnet login attempts between 2020-08-04T17:46:30Z and 2020-08-04T17:57:29Z	2020-08-05 05:21:08
attackspambots	Aug 2 05:06:24 scw-6657dc sshd[13240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.94 user=root Aug 2 05:06:24 scw-6657dc sshd[13240]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.94 user=root Aug 2 05:06:26 scw-6657dc sshd[13240]: Failed password for root from 120.92.94.94 port 30382 ssh2 ...	2020-08-02 14:07:10
attackspambots	Invalid user devops from 120.92.94.94 port 23394	2020-07-27 19:01:33
attackbotsspam	"$f2bV_matches"	2020-07-26 00:21:32
attackbots	leo_www	2020-07-24 19:23:38
attackspam	Triggered by Fail2Ban at Ares web server	2020-07-20 22:05:32
attack	Jul 12 06:34:43 lnxded64 sshd[6705]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.94	2020-07-12 14:20:26
attack	Jun 25 06:45:25 localhost sshd\[6295\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.94 user=root Jun 25 06:45:27 localhost sshd\[6295\]: Failed password for root from 120.92.94.94 port 20156 ssh2 Jun 25 06:47:08 localhost sshd\[6343\]: Invalid user wmf from 120.92.94.94 Jun 25 06:47:08 localhost sshd\[6343\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.94 Jun 25 06:47:09 localhost sshd\[6343\]: Failed password for invalid user wmf from 120.92.94.94 port 34780 ssh2 ...	2020-06-25 14:20:04

Comments on same subnet:

IP	Type	Details	Datetime
120.92.94.95	attackspam	Banned for a week because repeated abuses, for example SSH, but not only	2020-10-10 04:35:54
120.92.94.95	attackspambots	[f2b] sshd bruteforce, retries: 1	2020-10-09 20:33:26
120.92.94.95	attack	Oct 9 04:50:47 ajax sshd[20051]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=120.92.94.95 Oct 9 04:50:50 ajax sshd[20051]: Failed password for invalid user clamav from 120.92.94.95 port 5874 ssh2	2020-10-09 12:21:10
120.92.94.111	attack	2019-07-01 04:24:01 10.2.3.200 tcp 120.92.94.111:57294 -> 10.110.1.74:80 SERVER-WEBAPP Drupal 8 remote code execution attempt (1:46316:4) (+0)	2019-07-03 22:21:08
120.92.94.111	attack	php WP PHPmyadamin ABUSE blocked for 12h	2019-06-30 11:44:53

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 120.92.94.94
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5816
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;120.92.94.94.			IN	A

;; AUTHORITY SECTION:
.			434	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020062500 1800 900 604800 86400

;; Query time: 121 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Thu Jun 25 14:19:55 CST 2020
;; MSG SIZE  rcvd: 116

Host info

Host 94.94.92.120.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 94.94.92.120.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
117.2.80.32	attackbotsspam	Portscanning on different or same port(s).	2019-06-21 20:14:55
108.59.8.70	attackbotsspam	Automatic report - Web App Attack	2019-06-21 19:28:59
218.92.0.197	attack	Portscanning on different or same port(s).	2019-06-21 20:18:34
157.230.163.6	attackspambots	Feb 27 11:56:37 vtv3 sshd\[21065\]: Invalid user et from 157.230.163.6 port 37072 Feb 27 11:56:37 vtv3 sshd\[21065\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.163.6 Feb 27 11:56:39 vtv3 sshd\[21065\]: Failed password for invalid user et from 157.230.163.6 port 37072 ssh2 Feb 27 12:03:17 vtv3 sshd\[22954\]: Invalid user ir from 157.230.163.6 port 43692 Feb 27 12:03:17 vtv3 sshd\[22954\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.163.6 Feb 27 12:13:41 vtv3 sshd\[26105\]: Invalid user ji from 157.230.163.6 port 37768 Feb 27 12:13:41 vtv3 sshd\[26105\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.163.6 Feb 27 12:13:43 vtv3 sshd\[26105\]: Failed password for invalid user ji from 157.230.163.6 port 37768 ssh2 Feb 27 12:19:06 vtv3 sshd\[27752\]: Invalid user dm from 157.230.163.6 port 34804 Feb 27 12:19:06 vtv3 sshd\[27752\]: pam_unix$sshd:auth$:	2019-06-21 20:00:16
60.169.94.134	attackbotsspam	TCP Port: 25 _ invalid blocked abuseat-org barracudacentral _ _ _ _ (332)	2019-06-21 19:55:50
14.186.134.233	attackspam	Automatic report - SSH Brute-Force Attack	2019-06-21 19:32:25
157.122.116.160	attackspam	Jun 21 05:30:01 server1 sshd\[24514\]: Invalid user gang from 157.122.116.160 Jun 21 05:30:01 server1 sshd\[24514\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.122.116.160 Jun 21 05:30:03 server1 sshd\[24514\]: Failed password for invalid user gang from 157.122.116.160 port 24572 ssh2 Jun 21 05:31:38 server1 sshd\[24949\]: Invalid user info from 157.122.116.160 Jun 21 05:31:38 server1 sshd\[24949\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.122.116.160 ...	2019-06-21 19:58:40
109.194.166.197	attackspambots	DATE:2019-06-21 11:19:13, IP:109.194.166.197, PORT:1433 - MSSQL brute force auth on a honeypot server (epe-dc)	2019-06-21 19:52:16
185.137.111.136	attackbots	2019-06-21T16:27:40.659894ns1.unifynetsol.net postfix/smtpd\[32302\]: warning: unknown\[185.137.111.136\]: SASL LOGIN authentication failed: authentication failure 2019-06-21T16:28:04.590583ns1.unifynetsol.net postfix/smtpd\[468\]: warning: unknown\[185.137.111.136\]: SASL LOGIN authentication failed: authentication failure 2019-06-21T16:28:20.065872ns1.unifynetsol.net postfix/smtpd\[32124\]: warning: unknown\[185.137.111.136\]: SASL LOGIN authentication failed: authentication failure 2019-06-21T16:28:43.205596ns1.unifynetsol.net postfix/smtpd\[29770\]: warning: unknown\[185.137.111.136\]: SASL LOGIN authentication failed: authentication failure 2019-06-21T16:29:01.024906ns1.unifynetsol.net postfix/smtpd\[32124\]: warning: unknown\[185.137.111.136\]: SASL LOGIN authentication failed: authentication failure	2019-06-21 20:16:26
197.96.139.126	attackspambots	firewall-block, port(s): 445/tcp	2019-06-21 19:33:14
211.152.51.217	attackbotsspam	[SMB remote code execution attempt: port tcp/445] *(RWIN=1024)(06211034)	2019-06-21 20:26:03
14.29.179.99	attackbots	Blocked 14.29.179.99 For policy violation	2019-06-21 19:46:00
94.139.224.135	attackbots	0,50-05/05 concatform PostRequest-Spammer scoring: essen	2019-06-21 20:15:41
101.69.241.27	attackspam	Jun 21 11:19:59 rpi1 sshd\[23220\]: Invalid user user from 101.69.241.27 port 60576 Jun 21 11:19:59 rpi1 sshd\[23220\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.69.241.27 Jun 21 11:20:01 rpi1 sshd\[23220\]: Failed password for invalid user user from 101.69.241.27 port 60576 ssh2	2019-06-21 19:36:25
61.219.67.54	attackbots	19/6/21@05:43:17: FAIL: IoT-Telnet address from=61.219.67.54 ...	2019-06-21 19:50:14

Recently Reported IPs

1.20.87.197	45.172.108.72	52.177.168.23	45.162.99.139
54.39.196.151	137.39.86.199	13.72.51.193	60.167.176.253
92.243.125.18	182.61.168.185	178.87.181.250	45.5.194.138
86.108.88.22	102.196.213.194	59.44.152.137	207.55.57.132
202.2.10.185	162.241.76.74	40.68.220.28	52.160.40.60