Significant Threat
IP 60.254.111.212 is a high-risk address originating from an Indian cable internet provider that has been linked to SSH brute-force attack attempts, accumulating 588 abuse reports with a threat level of 8/10 and an 82% confidence rating.
The address, which belongs to Hathway IP Over Cable Internet (ASN AS17488), was first and last reported in December 2025, with all 20 most recent reports identifying automated honeypot sensor detections of SSH scanning activity. Despite the substantial total report count, the activity frequency metric stands at 0/10, suggesting that while this IP has a documented history of malicious behaviour, no fresh attempts have been logged in the current reporting window. The exclusive focus on SSH threats indicates a targeted interest in gaining unauthorized shell access to exposed servers rather than diversified attack probing.
SSH brute-force attacks represent a persistent threat to any server with port 22 exposed to the internet, as threat actors systematically attempt credential combinations to compromise root or user accounts. A successful intrusion can grant attackers complete system control, enabling data exfiltration, malware deployment or use of the compromised host as a pivot point for further network penetration. The detection of SSHd activity by honeypot sensors confirms that this address is actively engaged in credential-guessing operations against Secure Shell services.
Administrators should immediately block this IP at the firewall level given its confirmed malicious history. Enabling key-based authentication exclusively and disabling password-based SSH login eliminates the primary attack vector. Implementing fail2ban with aggressive ban thresholds for repeated authentication failures provides automated protection against brute-force campaigns. Changing the default SSH port reduces automated scanning exposure, while disabling root login and enforcing strong account lockout policies after failed attempts further harden the attack surface.
HK 
RO 
IT