This IP address has been reported a total of
17
times from
14 distinct
sources.
192.204.36.21 was first reported on
, and the most recent report was
.
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
Anonymous
SSH tarpit (endlessh) connection from 192.204.36.21
2026-06-30T12:39:47.538282+01:00 naomi sshd[118425]: Connection closed by authenticating user root 1 ...
show more2026-06-30T12:39:47.538282+01:00 naomi sshd[118425]: Connection closed by authenticating user root 192.204.36.21 port 10788 [preauth]
2026-06-30T12:39:54.516534+01:00 naomi sshd[118427]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.204.36.21 user=root
2026-06-30T12:39:56.324684+01:00 naomi sshd[118427]: Failed password for root from 192.204.36.21 port 10808 ssh2
...
show less
systemd timer sync; fail2ban jail=sshd host=tk ip=192.204.36.21; evidence=fail2ban log NOTICE Ban ev ...
show moresystemd timer sync; fail2ban jail=sshd host=tk ip=192.204.36.21; evidence=fail2ban log NOTICE Ban event
show less
192.204.36.21 (US/United States/-), 5 distributed sshd attacks on account [root] in the last 3600 se ...
show more192.204.36.21 (US/United States/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: Jun 30 01:26:56 15075 sshd[8939]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.140.160 user=root
Jun 30 02:23:47 15075 sshd[10635]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.204.36.21 user=root
Jun 30 02:23:49 15075 sshd[10635]: Failed password for root from 192.204.36.21 port 55310 ssh2
Jun 30 01:25:25 15075 sshd[8111]: Failed password for root from 164.92.140.160 port 37920 ssh2
Jun 30 01:25:23 15075 sshd[8111]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.92.140.160 user=root
IP Addresses Blocked:
164.92.140.160 (DE/Germany/-)
show less
Brute-Force
SSH
Showing 1 to
15
of 17 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ