High Risk
IP 101.36.107.103 is a high-risk address originating from Hong Kong that has been linked to sustained SSH brute-force attacks, with 890 abuse reports logged across automated honeypot sensors over approximately four months, indicating persistent automated scanning and credential-guessing activity targeting exposed SSH services.
The address operates within AS62610 under the network operator ZEN-DPS, projecting high-volume hostile traffic from a Hong Kong-based infrastructure. With a threat level rated at 8 out of 10 and a confidence score of 82 percent, this IP was first reported in November 2025 and remained active through February 2026, accumulating roughly 7 reports per day on average across the four-month window. Automated honeypot sensors captured 20 specific threat instances attributable to this address, with all reported categories falling under SSH-related activity. The activity frequency score of 8 out of 10 further underscores the consistent and aggressive nature of the probing behaviour observed from this source.
SSH brute-force attacks represent one of the most prevalent pathways for unauthorized server access in internet-facing environments. Attackers deploy automated tooling to systematically iterate through credential pairs, exploiting weak or default passwords to gain shell access. The fail2ban violation logs associated with this address confirm repeated sshd authentication failures, pattern number matching a textbook sustained brute-force campaign. Successful compromise of an SSH service grants attackers persistent remote access, potential data exfiltration, and a reliable pivot point for lateral movement within a target network.
Site operators should take immediate defensive action against inbound connections from this address, including implementing permanent block rules at the firewall or network edge. Authentication hardening is critical: deploy key-based SSH authentication exclusively, disable password-based login entirely, and ensure root login is prohibited. Adjusting the default SSH port reduces automated targeting frequency. Implementing fail2ban with appropriately tuned ban thresholds provides an additional reactive layer that automatically mitigates sustained scanning attempts. Regular audit of authentication logs and monitoring for unusual connection patterns from known hostile sources will further reduce exposure to this class of threat.
RO 
IT