IP address

Passive DNS

Tags:

IP blacklists

CI Army

120.194.104.164 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2025-04-30 02:50:00.984000
Was present on blacklist at: 2025-02-17 03:50, 2025-02-18 03:50, 2025-02-19 03:50, 2025-02-20 03:50, 2025-02-21 03:50, 2025-02-22 03:50, 2025-02-23 03:50, 2025-02-24 03:50, 2025-02-25 03:50, 2025-03-08 03:50, 2025-03-09 03:50, 2025-03-12 03:50, 2025-03-13 03:50, 2025-03-16 03:50, 2025-03-19 03:50, 2025-03-20 03:50, 2025-03-22 03:50, 2025-03-23 03:50, 2025-03-24 03:50, 2025-03-25 03:50, 2025-03-26 03:50, 2025-03-27 03:50, 2025-03-30 02:50, 2025-04-03 02:50, 2025-04-04 02:50, 2025-04-05 02:50, 2025-04-07 02:50, 2025-04-08 02:50, 2025-04-09 02:50, 2025-04-10 02:50, 2025-04-11 02:50, 2025-04-14 02:50, 2025-04-15 02:50, 2025-04-16 02:50, 2025-04-17 02:50, 2025-04-20 02:50, 2025-04-21 02:50, 2025-04-22 02:50, 2025-04-25 02:50, 2025-04-27 02:50, 2025-04-28 02:50, 2025-04-30 02:50

AbuseIPDB

120.194.104.164 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2025-03-14 05:00:00.380000
Was present on blacklist at: 2025-03-10 05:00, 2025-03-14 05:00

Spamhaus SBL CSS

120.194.104.164 is listed on the Spamhaus SBL CSS blacklist.

Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-04-28 03:51:21.441000
Was present on blacklist at: 2025-04-28 03:51

Spamhaus XBL CBL

120.194.104.164 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-04-28 03:51:21.441000
Was present on blacklist at: 2025-04-28 03:51

Warden events (6)

2025-04-02: IntrusionUserCompromise+AttemptExploit (node.06f8e8): 2
2025-04-01: IntrusionUserCompromise+AttemptExploit (node.90bbae): 2
2025-03-01: IntrusionUserCompromise+AttemptExploit (node.600060): 2

DShield reports (IP summary, reports)

2025-02-21: Number of reports: 11; Distinct targets: 6
2025-03-03: Number of reports: 12; Distinct targets: 8
2025-03-11: Number of reports: 15; Distinct targets: 9
2025-03-12: Number of reports: 11; Distinct targets: 8
2025-04-18: Number of reports: 16; Distinct targets: 11

Origin AS: AS24445 - CMNET-V4henan-AS-AP
BGP Prefix: 120.194.96.0/20
geo: China, Zhengzhou; 🕑 Asia/Shanghai
hostname: (null)
Address block ('inetnum' or 'NetRange' in whois database): 120.192.0.0 - 120.255.255.255
last_activity: 2025-04-02 15:06:55.855000
last_warden_event: 2025-04-02 15:06:55.855000
rep: 0.0
reserved_range: 0
Shodan's InternetDB: Open ports: 53; Tags: –; CPEs: –
ts_added: 2025-02-17 03:51:18.583000
ts_last_update: 2025-04-30 03:14:43.740000

Warden event timeline

DShield event timeline

Presence on blacklists