Critical Threat
IP 103.86.198.162 is a high-risk address originating from Bangladesh that presents a severe threat to exposed SSH services, with a threat level of 10/10 and 683 total abuse reports logged across automated honeypot sensors over approximately seven months. The IP, operated by MAISHA NET under ASN AS18109, has been persistently engaged in SSH brute-force attacks, with recent activity documented as recently as June 2026 and initial reports dating back to November 2025, indicating sustained malicious behavior rather than a brief or isolated incident.
The detection data reveals a consistent and aggressive pattern of SSH brute-force attempts, with multiple fail2ban sensors recording between 25 and 38 violations each across various detection events, and Suricata alerts confirming active SSH sessions on expected ports combined with brute-force activity. With 20 reported SSH incidents, 3 general hacking attempts, and 1 exploited host classification among the most recent reports, the IP demonstrates a focused yet versatile attack methodology. The confidence score of 76% and activity frequency rated at 5/10 suggest this is a persistent threat actor rather than opportunistic scanning, and the volume of reports across 20 separate honeypot sources indicates widespread exposure to this malicious address.
SSH brute-force attacks represent a concrete and significant risk to any server with exposed port 22 or non-standard SSH ports, as successful authentication grants attackers immediate shell access to the underlying system. Once inside, threat actors typically install backdoors, exfiltrate data, or leverage the compromised host to launch further attacks against other targets, effectively turning the victim infrastructure into an attack platform. The exploited host classification associated with this IP suggests that either the current host or previous targets may already be under unauthorized control, amplifying the danger to any organization encountering this traffic in their logs.
Site operators should immediately block IP 103.86.198.162 at the firewall or network perimeter to prevent any incoming connections, and implement key-based authentication for all SSH access while disabling password-based login entirely. Configuring fail2ban to dynamically ban repeated SSH authentication failures will automatically block brute-force attempts, and moving SSH to a non-standard port significantly reduces exposure to automated scanning. Regular monitoring of authentication logs for attempts originating from this IP address and enforcement of strong, complex passwords for any remaining password-authenticated accounts will further harden defenses against this persistent threat actor.
MX 
CA 
UA 
UZ 
RO 
GB