Maximum Danger
IP 164.92.205.72 is a critical-risk address originating from DigitalOcean infrastructure in Germany that has accumulated 494 abuse reports, with its activity primarily characterised by SSH brute-force attempts and general hacking probes detected across 20 automated honeypot sensors during October and November 2025.
The IP, registered to DigitalOcean's AS14061 autonomous system, presents an unusual profile: despite amassing a substantial volume of reports from community and honeypot sources, the recorded activity frequency of 0/10 suggests that while the address has a significant historical record of malicious behaviour, its current rate of offensive operations may have tapered at the time of the most recent reporting period. The detection network spans 20 separate honeypot sensors, indicating broad coverage and consistent identification of the address as a threat source. SSH-related activity dominates the reported categories, accounting for 13 of the logged threat events, with a further 7 reports categorised as general hacking activity, pointing to a persistent focus on credential-based intrusion against exposed SSH services.
SSH brute-force attacks represent one of the most common and persistent threats facing publicly accessible servers, with automated tooling capable of cycling through thousands of username and password combinations per hour against default or poorly configured SSH daemons. When successful, such attacks grant threat actors direct command-line access to a target system, enabling data exfiltration, malware deployment, lateral movement within networks, or inclusion in larger botnet infrastructure. The general hacking activity reported alongside the SSH events suggests the operator behind IP 164.92.205.72 may employ multiple complementary techniques beyond simple credential guessing, increasing the risk posed to any unhardened SSH service exposed to this address.
Site operators should immediately block IP 164.92.205.72 at the firewall level and monitor for any subsequent spoofed or related addresses. SSH services should be hardened by enforcing key-based authentication exclusively, moving from the default TCP port 22, and disabling root login. Implementing fail2ban or equivalentintrusion-prevention tooling can automatically block repeated authentication failures. Regular audits of server logs for authentication attempts from this address, combined with timely patch management for SSH daemon vulnerabilities, will further reduce exposure to the intrusion patterns associated with this reported threat source.
NL 
GB 
MC 
UA 
IR 
CO