Critical Threat
IP 93.152.230.150 is a Bulgarian address operated by Shereverov Marat Ahmedovich under ASN AS210006 that presents a critical threat level of 10/10 based on 1,761 cumulative abuse reports, with automated honeypot sensors consistently flagging it for SSH brute-force activity since December 2025.
The aggregate abuse database shows 1,761 total reports attributed to this address, with 20 of the most recent reports specifically documenting SSH intrusion attempts. All current threat reports originate from automated honeypot sensors distributed across the network, giving a 64 percent confidence rating that this traffic represents deliberate malicious activity rather than misconfiguration or benign scanning. The address was first reported in December 2025 and remained active through January 2026, indicating sustained rather than opportunistic targeting over approximately a two-month window.
SSH brute-force attacks systematically attempt to guess server credentials by cycling through common username and password combinations. An address with this volume of reports has almost certainly already compromised weak credentials on exposed SSH daemons, granting attackers persistent command-line access to compromised Linux and Unix systems. Once inside, threat actors typically install backdoors, cryptocurrency miners or exfiltrate sensitive data stored on the compromised host. The real-world risk extends beyond the single target: a compromised server frequently becomes a pivot point for attacking internal network infrastructure.
Site operators running publicly accessible SSH services should immediately block IP 93.152.230.150 at the firewall level and monitor logs for any successful authentication originating from this address. Implementing key-based authentication exclusively, moving SSH to a non-standard port and configuring fail2ban to automatically ban repeated login failures will substantially reduce exposure to this class of attack. Disabling root login over SSH and enforcing strong, unique passwords where keyboard authentication is required closes the most commonly exploited entry points.
DE 
SC 
LV 
GB 
TH 
HK 
CZ