IP Address

176.120.22.13

IPv4 Public
RU RU
Proton66 OOO
679 Reports
This IP is under Observation Suspicious activity detected - monitor closely
8/10 Threat
63% Confidence
679 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Above Average Risk
RU
RU Location
Proton66 OOO ISP
679 Reports
Honeypot Data Source

Elevated Risk

IP 176.120.22.13 is a high-risk Russian address associated with repeated SSH brute-force attacks, with automated honeypot sensors recording 679 abuse reports over a two-month window in early 2026.

The IP belongs to Proton66 OOO, a Russian network operator, and was first flagged in January 2026 with continued reporting activity through February 2026. All recent threat reports consistently cite SSH as the attack vector, with honeypot sensors detecting the address on multiple occasions. While the overall report volume is substantial at 679 incidents, the activity frequency metric suggests the most recent detection window shows limited fresh attempts, likely indicating the address has been blocked by defensive systems such as fail2ban on the targeted SSH daemons. The 63% confidence score reflects reasonable certainty that this traffic represents malicious scanning behavior rather than legitimate server access, though the exact timeline of the most recent activity cannot be precisely determined from the available data.

SSH brute-force attacks represent one of the most common pathways attackers use to gain unauthorized access to Linux servers and network infrastructure. Threat actors systematically attempt username and password combinations against exposed SSH services, exploiting weak or default credentials to establish a foothold on targeted systems. Once inside, attackers can deploy malware, exfiltrate data, or use the compromised server as a jumping-off point for further network intrusion. The volume of reports for IP 176.120.22.13 indicates sustained, automated scanning activity rather than opportunistic probing.

Network administrators should immediately block IP 176.120.22.13 at the firewall level and ensure fail2ban or equivalent intrusion prevention tools are actively monitoring SSH authentication logs. Enforcing key-based authentication exclusively, disabling root login, and moving SSH to a non-standard port will significantly reduce exposure to automated scanning. Continuous monitoring of authentication logs and implementing account lockout policies after repeated failed attempts provide additional layers of defense against this threat category.

More threatening than 78% of monitored IPs

Threat Categories

SSH 30

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Reputable Network

This IP is hosted on a network (ASN 0) with generally good reputation. The ISP Proton66 OOO maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 8/10 High
Critical
Activity Frequency 0/10 Inactive
Confidence Score 60% High Confidence

Confidence History

12. Feb 2026 - 13. Feb 2026
63% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
10 of 679 shown

Technical Details

Basic Information

IP Address
176.120.22.13
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class B

Geolocation

Country
RU RU
ASN
Unknown
ISP
Proton66 OOO

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
679
First Reported
19 Jan 2026
Last Reported
13 Feb 2026, 18:22

Comparative Analysis

How this IP compares to others in our threat intelligence database

78 %

Global Threat Ranking

This IP is more threatening than 78% of all IPs in our database.

High Threat Percentile

Global Comparison

Compared against 199,492 reported IPs worldwide

Threat Level 8/10 avg: 5.3 ++
Total Reports 679 avg: 23 ++

Geographic Comparison

Compared against 4,703 IPs in RU

Threat Level 8/10 country avg: 5.3 ++
Total Reports 679 country avg: 17 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,140 threat incidents tracked globally • Last 24h: 19,043 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,446 20.5%
  2. 02
    IN
    India IN
    29,023 15.5%
  3. 03
    CN
    China CN
    26,021 13.9%
  4. 04
    BR
    Brazil BR
    10,256 5.5%
  5. 05
    DE
    Germany DE
    7,142 3.8%
  6. 06
    SG
    Singapore SG
    6,476 3.5%
  7. 07
    ID
    Indonesia ID
    5,539 3%
  8. 08
    RU
    Russia RU THIS IP
    4,703 2.5%
  9. 09
    PK
    Pakistan PK
    4,654 2.5%
  10. 10
    NL
    Netherlands NL
    4,356 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs from the same country with similar threat profiles.

15 Related IPs
8.7/10 Avg Threat
98% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
5.35.7.175 8/10
Confidence 99%
Reports 82
ISP JSC Selectel
16 May 2026
46.165.56.242 8/10
Confidence 99%
Reports 53
ISP Nizhnetagilskie...
8 Jun 2026
85.95.166.40 10/10
Confidence 99%
Reports 36
ISP Rostelecom
8 Jun 2026
176.211.42.202 10/10
Confidence 99%
Reports 31
ISP Rostelecom
8 Jun 2026
188.92.241.150 10/10
Confidence 99%
Reports 24
ISP JSC Avantel
8 Jun 2026
213.167.43.130 10/10
Confidence 99%
Reports 23
ISP Digit One LLC
20 May 2026
81.28.167.30 10/10
Confidence 98%
Reports 12
ISP Rostelecom
25 May 2026
91.205.128.170 8/10
Confidence 97%
Reports 98
ISP LTD Erline
22 Apr 2026
91.237.163.110 8/10
Confidence 97%
Reports 65
ISP Systematica LLC
3 Mar 2026
212.33.247.195 8/10
Confidence 97%
Reports 45
ISP JSC ER-Telecom ...
27 Feb 2026
37.139.53.129 8/10
Confidence 97%
Reports 40
ISP Petersburg Inte...
1 Jun 2026
94.180.238.116 8/10
Confidence 97%
Reports 39
ISP JSC ER-Telecom ...
14 May 2026
37.230.245.194 8/10
Confidence 97%
Reports 34
ISP PJSC MegaFon
27 Feb 2026
91.151.178.74 8/10
Confidence 97%
Reports 29
ISP Petersburg Inte...
2 Mar 2026
103.136.43.74 8/10
Confidence 97%
Reports 28
ISP Ip Server LLC
5 Mar 2026

IPs with similar threat level and confidence scores.

15 Related IPs
9.2/10 Avg Threat
63% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
3.130.96.91 8/10
Confidence 63%
Reports 43,462
Location US US
4 Feb 2026
3.134.148.59 8/10
Confidence 63%
Reports 14,980
Location US US
4 Feb 2026
92.118.39.87 10/10
Confidence 63%
Reports 14,713
Location US US
18 Apr 2026
87.120.191.13 10/10
Confidence 63%
Reports 13,131
Location US US
19 Feb 2026
3.137.73.221 8/10
Confidence 63%
Reports 10,228
Location US US
4 Feb 2026
3.132.23.201 8/10
Confidence 63%
Reports 9,576
Location US US
4 Feb 2026
3.149.59.26 8/10
Confidence 63%
Reports 8,795
Location US US
4 Feb 2026
167.250.224.25 10/10
Confidence 63%
Reports 8,244
Location BR BR
14 May 2026
176.117.107.74 10/10
Confidence 63%
Reports 5,739
Location NL NL
21 Dec 2025
142.202.188.211 10/10
Confidence 63%
Reports 4,136
Location US US
8 Apr 2026
176.117.107.91 10/10
Confidence 63%
Reports 3,994
Location NL NL
17 Dec 2025
196.251.70.234 10/10
Confidence 63%
Reports 3,796
Location SC SC
15 Oct 2025
45.88.186.70 8/10
Confidence 63%
Reports 3,632
Location NL NL
2 Feb 2026
2.57.122.209 10/10
Confidence 63%
Reports 2,573
Location RO RO
10 Feb 2026
64.188.91.248 10/10
Confidence 63%
Reports 2,232
Location DE DE
3 Mar 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "176.120.22.13",
    "threat_level": 8,
    "confidence_score": 63,
    "total_reports": 679,
    "country_code": "RU",
    "isp_name": "Proton66 OOO",
    "asn": "0",
    "first_reported": "2026-01-19 17:21:15",
    "last_reported": "2026-02-13 18:22:05",
    "exported_at": "2026-06-09T09:05:13+02:00",
    "source": "https://reportedip.de/ip/176.120.22.13/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses