Critical Alert
IP 45.87.249.200 is a critical-risk address that has been extensively linked to automated intrusion activity targeting Secure Shell services. With a threat level rated at the maximum 10 out of 10 and a 94% confidence score, this address has generated 197 separate abuse reports from community sources, with automated honeypot sensors confirming sustained malicious behavior over recent months. The dominant activity pattern involves repeated authentication guessing attempts against SSH endpoints, representing a persistent and aggressive intrusion vector operated from infrastructure in Seychelles.
Geographic and network attribution places the address within AS210006, operated by Shereverov Marat Ahmedovich, with the activity originating from Seychelles. Automated honeypot sensors and community reports together documented the first observed malicious activity beginning in May 2026, with the campaign continuing through June 2026. Analysis of the 197 incident reports reveals a concentration of activity around SSH services (20 reports) and general hacking attempts (19 reports), indicating this address is primarily focused on credential-based intrusion against exposed SSH daemons. The activity frequency rating of 8 out of 10 demonstrates consistent, repeated engagement with target systems rather than opportunistic single probes.
SSH brute-force activity represents one of the most common and effective initial access vectors employed by automated threat actors. By systematically attempting username and password combinations, attackers seek to compromise servers with weak or default credentials. The real-world risk extends beyond unauthorized server access—compromised SSH endpoints frequently serve as entry points for lateral movement, data exfiltration, cryptocurrency mining, or deployment of secondary malware payloads. The sustained nature of this activity, evidenced by the high frequency rating, indicates an organized automated campaign systematically scanning and attacking exposed services.
Network defenders should implement key-based authentication as the primary login method, eliminating reliance on passwords vulnerable to guessing. Organizations should consider changing the default SSH port from 22 to a non-standard port to reduce exposure to automated reconnaissance. Implementing tools such as fail2ban can automatically detect and block IP addresses exhibiting brute-force behavior patterns. Disabling direct root login and enforcing strong password policies provide additional defensive layers. Regular monitoring of authentication logs for unusual patterns and deploying intrusion detection systems helps identify and respond to intrusion attempts in real time. Blocking or aggressively rate-limiting traffic from this IP address at the network perimeter is strongly recommended given the confirmed malicious activity documented across multiple independent sources.
DE 
LV 
BG 
RO 
FR 
SE 
TR