Notable Threat
IP 45.146.165.45 is a high-risk address operating from Russian infrastructure that has generated 305 abuse reports within a single month, with automated honeypot sensors flagging it primarily for SSH brute-force intrusion activity at a threat level of 8 out of 10. This IP address presents a clear and present danger to any publicly accessible SSH services due to the sheer volume and consistency of malicious login attempts originating from the Beget LLC network in Russia.
Analysis of the 305 reports filed against this IP reveals a concentrated attack campaign detected across 20 automated honeypot sensors between February 2026, establishing a high-confidence attribution of 94 percent for malicious activity. The 20 distinct detection sources consistently logged SSH brute-force patterns and general hacking attempts, with the IP demonstrating an activity frequency rating of 8 out of 10. The network operator, Beget LLC, controls AS198610, a commercial hosting provider based in Russia that has been associated with similar threat activity. The February 2026 reporting window indicates this is not historical but rather an ongoing, actively managed threat vector requiring immediate defensive consideration.
The dominant threat category associated with 45.146.165.45 involves SSH brute-force attacks, a well-documented attack methodology where threat actors systematically attempt to authenticate against exposed SSH servers using common username-password combinations. These automated credential-guessing campaigns pose a direct risk to servers with password-based authentication, potentially granting unauthorized shell access, enabling lateral movement within networks, and facilitating data exfiltration or further exploitation. The sheer volume of reports suggests this IP participates in organized, coordinated scanning infrastructure rather than opportunistic individual attempts.
Network defenders encountering this IP should immediately block it at the firewall or network perimeter level and implement fail2ban or equivalentintrusion-prevention tools to automatically ban repeat offenders after failed authentication thresholds. Organizations should enforce key-based SSH authentication exclusively, disable root login over SSH, and consider changing the default SSH port to reduce automated targeting. Continuous monitoring of authentication logs for source IPs matching this address or adjacent ranges remains essential given the ongoing nature of the activity.
FR 
SE 
RO 
TR