Critical Alert
IP 92.118.39.83 is a critical-risk address operated by Unmanaged Ltd (AS47890) that has generated 198 total abuse reports, with SSH brute-force activity dominating the threat landscape across automated honeypot sensors. The IP's threat level of 10/10 reflects sustained, aggressive intrusion activity targeting secure shell services, a pattern confirmed by multiple Suricata alerts logged as "ET INFO SSH session in progress on Expected Port." While the activity frequency metric suggests a recent lull, the volume of historical reports and the presence of an "Exploited Host" classification indicate this address likely originates from a compromised system weaponized for unauthorized access attempts.
The 198 reports spanning August 2025 through March 2026 reveal consistent hostile intent, with 39 combined reports specifically categorizing the activity as Hacking and SSH-related. All 20 detection sources are attributed to automated honeypot infrastructure, lending credibility to the volume and pattern of observed behavior. The single "Exploited Host" report is particularly noteworthy, as it suggests this IP may belong to a system that has itself been compromised and is now being operated by threat actors as an attack platform without the owner's knowledge. Network attribution to Unmanaged Ltd places this traffic within a network operator category that warrants additional scrutiny regarding abuse handling and customer verification practices.
SSH brute-force attacks represent a persistent threat vector where attackers systematically attempt credential combinations to gain unauthorized server access. The Suricata alerts referencing "SSH session in progress" combined with "SSH brute-force attempt" patterns indicate active credential-guessing campaigns. When an IP is classified as an Exploited Host, the real-world risk extends beyond the immediate attacks — the compromised machine may be part of a botnet, conducting distributed attacks across multiple targets while its legitimate owner remains unaware. This dual classification amplifies the danger, as blocking the IP alone does not address the underlying compromise of the source system.
Site operators should immediately block IP 92.118.39.83 at network perimeters and firewall levels to eliminate the threat vector. SSH services should be hardened by enforcing key-based authentication exclusively, changing the default port from 22, and disabling root login. Deploying fail2ban or equivalent intrusion-prevention tools will automatically ban IPs demonstrating brute-force patterns after configurable threshold violations. Operators who observe this IP targeting their infrastructure should consider filing an abuse report with the hosting provider to facilitate notification of the potentially compromised system owner.
RO 
UA 
GB