Critical Threat
IP 63.41.9.210 is a high-risk American address with a threat level of 10 out of 10 that has been flagged 619 times, with its most recent confirmed activity consisting of SSH brute-force attempts detected by automated honeypot sensors in October 2025. Despite the address originating from a U.S. cellular carrier network operated by CELLCO-PART on AS6167, the volume and nature of malicious activity render it dangerous to any exposed SSH service, regardless of geographic origin. The detection confidence stands at 66 percent, meaning that while the threat is confirmed, attribution specifics carry moderate uncertainty. The IP presents a concrete and immediate risk to servers running publicly accessible SSH daemons, particularly those relying on password-based authentication or default configurations.
The data shows 619 total abuse reports associated with this address, with 20 specific reports in the most recent period attributing the activity to SSH brute-force scanning. Automated honeypot sensors across the network recorded these 20 SSH-based incidents during October 2025, representing the dominant and most recently confirmed threat vector. The address's association with CELLCO-PART, a major U.S. cellular operator, indicates the source is likely a compromised mobile device, a residential customer endpoint, or a spoofed origin — all common scenarios in modern attack infrastructure where threat actors route traffic through residential ISP space to obscure their true origin. The activity frequency metric of 0 out of 10 suggests that while the IP carries a heavy historical report burden, its most recent confirmed engagement with honeypots has been limited in scope or recency within the reported window.
SSH brute-force attacks systematically attempt to guess server credentials by cycling through common username and password combinations, exploiting weak or default login pairs to gain unauthorized shell access. Once inside a server, an attacker can deploy persistent backdoors, exfiltrate sensitive data, pivot to internal network resources, or enlist the compromised host in botnet activity such as distributed denial-of-service campaigns or further scanning. The scale of 619 total reports for this single IP indicates a sustained, deliberate campaign rather than opportunistic testing, making it a reliable source of malicious traffic that any exposed SSH service should actively block or heavily restrict.
FR 
HK 
SE 
VN