This IP address has been reported a total of
47
times from
42 distinct
sources.
185.204.1.220 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
2026-06-18T19:03:04.651424+03:30 digitalogic sshd-session[3154469]: pam_unix(sshd:auth): authenticat ...
show more2026-06-18T19:03:04.651424+03:30 digitalogic sshd-session[3154469]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.204.1.220
2026-06-18T19:03:06.638935+03:30 digitalogic sshd-session[3154469]: Failed password for invalid user server from 185.204.1.220 port 54200 ssh2
2026-06-18T19:03:07.074429+03:30 digitalogic sshd-session[3154469]: Disconnected from invalid user server 185.204.1.220 port 54200 [preauth]
...
show less
2026-06-17T16:39:56.202726+03:00 nexus6 sshd[1498303]: Invalid user linuxbrew from 185.204.1.220 por ...
show more2026-06-17T16:39:56.202726+03:00 nexus6 sshd[1498303]: Invalid user linuxbrew from 185.204.1.220 port 37086
...
show less
2026-06-17T02:24:33.096551+02:00 my-vps sshd[91807]: pam_unix(sshd:auth): authentication failure; lo ...
show more2026-06-17T02:24:33.096551+02:00 my-vps sshd[91807]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.204.1.220
2026-06-17T02:24:34.945548+02:00 my-vps sshd[91807]: Failed password for invalid user test from 185.204.1.220 port 50872 ssh2
...
show less
Attacker with IP 185.204.1.220 established 2 SSH sessions using weak default credentials (administra ...
show moreAttacker with IP 185.204.1.220 established 2 SSH sessions using weak default credentials (administrator/1234) between 2026-02-27 12:57-12:59 UTC-5 via OpenSSH_10.0-hpn14v15, with no interactive commands executed but 5 distinct port forwarding attempts to external hosts across ports 80 and 443 (159.65.2.87, 128.199.207.131, 104.17.24.14, 216.58.206.42), suggesting reconnaissance or tunneling preparation. No malware artifacts or persistence mechanisms were recovered during this session.
show less
Brute-Force
SSH
Hacking
Showing 1 to
15
of 47 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ