Extreme Threat
IP 183.62.127.90 is a high-risk address originating from Chinanet's AS4134 network in China, classified at the maximum threat level of 10/10 due to sustained SSH brute-force attack activity detected by 20 separate automated honeypot sensors over a six-month period, with a total of 180 abuse reports filed against this single endpoint.
Network telemetry and community reporting data covering January through June 2026 reveal that the bulk of the 180 reports against IP 183.62.127.90 centre on SSH-based intrusion attempts, accounting for 17 distinct threat categorisations, with an additional 3 reports tied to broader hacking activity. The attack pattern analysis shows that honeypot sensors recorded approximately 25 sshd violations attributed to this IP, alongside Suricata alerts flagging spurious stream retransmissions and SSH sessions established on unexpected ports. This activity volume, distributed across a six-month timeframe with consistent detection by multiple independent sensors, yields a 97% confidence score regarding the malicious nature of the address.
SSH brute-force attacks represent one of the most common and persistent threats facing internet-exposed servers, as attackers systematically attempt to guess credentials or exploit weak authentication configurations to gain unauthorised shell access. The detection of spurious retransmissions suggests the attacking system may be employing sophisticated techniques to circumvent basic detection or maintain persistent sessions, while non-standard SSH port activity indicates attempts to evade signature-based monitoring. For a server with SSH accessible to the internet, successful authentication against even a single weak account can grant attackers complete system control, enabling data exfiltration, lateral movement within networks, or deployment of secondary payloads such as cryptocurrency miners or ransomware.
Site operators should treat any connection attempts from IP 183.62.127.90 as hostile and consider implementing permanent upstream blocks at the firewall or network edge. Configuring fail2ban or similar dynamic blocking tools to automatically ban IPs with excessive failed SSH login attempts provides an effective automated defence layer. Hardening measures should include enforcing key-based authentication exclusively, disabling direct root login, changing the default SSH port to reduce automated scanning exposure, and ensuring strong password policies are in place for any accounts that may still require password authentication. Regular monitoring of authentication logs and deployment of intrusion detection systems will help identify any successful compromise attempts originating from this or related infrastructure.
BG 
CA 
PE 
HK 
MY 
FR 
KR 
SC 
GB