JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.36.16.92

120.36.16.92 was found in our database!

This IP was reported 52 times. Confidence of Abuse is 30%: ?

30%

ISP	CHINANET FUJIAN PROVINCE NETWORK
Usage Type	Fixed Line ISP
ASN	AS4134
Domain Name	chinatelecom.cn
Country	🇨🇳 China
City	Fuzhou, Fujian

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.36.16.92

Whois 120.36.16.92

IP Abuse Reports for 120.36.16.92:

This IP address has been reported a total of 52 times from 19 distinct sources. 120.36.16.92 was first reported on January 30th 2024, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 PeravixGroup	2026-06-07 20:54:47 (3 days ago)	Honeypot detection: FTP brute-force or anonymous access attempt on port 21. Severity: MEDIUM. Aaran. ... show more Honeypot detection: FTP brute-force or anonymous access attempt on port 21. Severity: MEDIUM. Aaran.cloud show less	FTP Brute-Force Brute-Force
🇬🇧 PeravixGroup	2026-06-07 15:08:36 (3 days ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 MPL	2026-05-31 18:32:52 (1 week ago)	tcp/3306	Port Scan
🇲🇳 Public CSIRT/CC of Mongolia	2026-05-19 16:50:26 (3 weeks ago)	Honeypot hit: Empty payload (likely service probe); 12552 [1] TCP	Port Scan
🇺🇸 itsnixk	2026-05-14 01:57:17 (4 weeks ago)	(mod_security) mod_security (id:920350) triggered by 120.36.16.92 (CN/China/-): 1 in the last 3600 s ... show more (mod_security) mod_security (id:920350) triggered by 120.36.16.92 (CN/China/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: [Wed May 13 21:57:14.675618 2026] [security2:error] [pid 187788:tid 188406] [client 120.36.16.92:12938] ModSecurity: Access denied with code 406 (phase 1). Pattern match "(?:^([\\\\d.]+\|\\\\[[\\\\da-f:]+\\\\]\|[\\\\da-f:]+)(:[\\\\d]+)?$)" at REQUEST_HEADERS:Host. [file "/etc/modsecurity.d/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "774"] [id "920350"] [msg "Host header is a numeric IP address"] [redacted] [severity "WARNING"] [ver "OWASP_CRS/4.25.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL-ENFORCEMENT"] [tag "capec/1000/210/272"] [redacted] [uri "/"] [unique_id "agUr-he9d8YGrYJ4wR2L-AAAAJg"] show less	Port Scan
Anonymous	2026-05-11 03:54:10 (1 month ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2026-05-04 09:35:23 (1 month ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇲🇳 Public CSIRT/CC of Mongolia	2026-04-22 20:37:06 (1 month ago)	Honeypot hit: Empty payload (likely service probe); 33438 [1] TCP	Port Scan
🇦🇺 trentwiles.com	2026-04-22 20:37:01 (1 month ago)	Unauthorized connection attempt detected from IP address 120.36.16.92 to port 33439 [SYD]	Port Scan
🇺🇸 xmission.com	2026-04-11 16:01:28 (1 month ago)	Blocked by UFW (TCP on 666) Source port: 34834 TTL: 237 Packet length: 44 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 666) Source port: 34834 TTL: 237 Packet length: 44 TOS: 0x08 This report (for 120.36.16.92) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-04-08 14:18:58 (2 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 MPL	2025-11-17 19:54:37 (6 months ago)	tcp/81	Port Scan
🇺🇸 MPL	2025-11-17 19:54:37 (6 months ago)	tcp/81 (2 or more attempts)	Port Scan
🇧🇾 StatsMe	2025-09-28 21:08:16 (8 months ago)	2025-09-28T02:49:01.166227+0300 ET SCAN NMAP -sS window 1024	Port Scan
Anonymous	2025-09-27 11:09:01 (8 months ago)	botnet	DDoS Attack

Showing 1 to 15 of 52 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.150.188

🇨🇳 121.224.115.232

🇱🇹 77.90.185.80

🇺🇸 65.49.1.233

🇲🇾 175.142.91.239

🇦🇪 152.32.180.138

🇺🇸 137.184.153.87

🇧🇬 79.124.58.250

🇮🇹 72.146.39.127

🇮🇶 65.20.138.26

🇳🇱 64.89.162.15

🇫🇷 62.210.142.164

🇺🇸 34.23.181.150

🇫🇷 5.189.173.223

🇫🇷 185.255.126.19

🇨🇳 124.226.216.189

🇩🇪 37.221.114.17

🇺🇸 20.14.80.89

🇹🇷 5.181.87.35

🇲🇽 187.157.97.215