Severe Risk
IP address 185.255.90.135 is a high-risk address linked to confirmed hacking activity, carrying a maximum threat score of 10/10 and accumulating 318 total abuse reports from automated honeypot sensors. The dominant threat category is general hacking intrusion attempts, specifically targeting exposed SSH services with command-input activity. Despite the elevated threat level, the 61% confidence score indicates some ambiguity in full attribution, while the activity frequency score of 0/10 suggests the malicious behavior occurs in intermittent bursts rather than as a persistent sustained assault.
The IP originates from Iranian network infrastructure operated by Green Web Samaneh Novin PJSC under ASN 61173, with all reported activity confined to September 2025, indicating a concentrated campaign during that period. All 20 recent reports consistently attribute the activity to hacking, with honeypot detections capturing SSH-related command input patterns. The substantial volume of cumulative reports demonstrates persistent interest in exploiting SSH services over time, while the exclusive detection through automated honeypot sensors confirms the activity is systematic and credentialed by external monitoring infrastructure rather than anecdotal user reports.
The hacking classification encompasses automated intrusion attempts, vulnerability exploitation probing, and unauthorized access vectors commonly associated with credential-brute-force campaigns against exposed SSH daemons. This threat profile represents a concrete risk to any internet-facing server running SSH with password-based authentication, as automated tools systematically attempt common username-password combinations or exploit known vulnerabilities. The reported SSH command-input activity suggests the attacker may be successfully executing commands on honeypot systems emulating vulnerable SSH services, potentially indicating successful exploitation or at minimum successful authentication attempts on poorly configured targets.
Site operators should implement immediate defensive controls: enforce key-based SSH authentication exclusively while disabling password authentication to eliminate the primary attack vector; deploy automated abuse-detection tools such as fail2ban to dynamically block source IPs after repeated failed authentication attempts; configure strict connection-rate limiting on SSH ports at the firewall level to slow automated scanning campaigns; and maintain continuous monitoring of authentication logs for unusual login patterns, geographic anomalies, or off-hours access attempts originating from this address range.
RO 
JP 
HK 
GB