Critical Alert
IP 105.155.165.177 is a critical-risk address originating from Morocco that has been linked to 192 reported hacking incidents, including detected SSH intrusion attempts targeting exposed services. With a threat level of 10 out of 10 and 20 recent reports of unauthorized access activity captured by automated honeypot sensors, this address represents an active and persistent threat to any publicly accessible SSH daemon.
The 192 total abuse reports attributed to 105.155.165.177 span the March–April 2026 window, with automated honeypot sensors identifying the address on 20 occasions within the recent reporting period. Despite a current activity frequency rated at 0 out of 10, the accumulated volume of reports and the perfect threat-score rating confirm that this address has historically conducted sustained hostile operations. The IP is registered to AS36903 (MT-MPLS), a Moroccan network operator, placing the origin infrastructure within that country's telecommunications ecosystem. The specific detection involves Suricata rules flagging SSH sessions on expected ports, indicating that the address has been actively scanning for and attempting to establish connections to SSH services.
Hacking activity of this nature poses a direct threat to any server exposing port 22 to the internet. Automated honeypot detections confirm that 105.155.165.177 has been probing for SSH entry points, likely employing credential-guessing or brute-force techniques to compromise weak authentication configurations. Successful exploitation of an exposed SSH service grants an attacker remote command execution, potentially leading to data exfiltration, lateral movement within networks, or recruitment into botnets. The confidence score of 78 percent indicates a strong but not absolute correlation between the observed activity and malicious intent.
Network operators should immediately block 105.155.165.177 at the firewall or network perimeter to eliminate this vector. Deploying fail2ban or equivalent authentication-hardening tools on any exposed SSH daemons will automatically ban sources after repeated failed login attempts. Enforcing key-based authentication, disabling root login, and applying strong password policies significantly reduce vulnerability to the intrusion patterns observed. Maintaining intrusion detection signatures updated and monitoring logs for connection attempts from this address will further strengthen defensive posture.
UA 
RO 
GB 
BG 
KZ 
FR 
PS