Maximum Danger
IP 45.87.249.170 is a critical-risk address originating from the Netherlands, operated by RAPIDSEEDBOX under ASN AS210006, that has accumulated 165 independent abuse reports within a two-month window and presents an immediate threat to any publicly accessible SSH service. The volume and consistency of malicious activity detected against this address justify its maximum threat rating, with automated honeypot sensors across the network community contributing the majority of observations over a concentrated February-to-March 2026 timeframe.
Analysis of the 165 reports reveals a clear pattern dominated by SSH-related intrusions: 19 incidents classified as general hacking activity, 17 explicitly identified as SSH brute-force attempts, and 4 categorised as an exploited host being leveraged as an attack platform. The Suricata alerts consistently indicate SSH sessions in progress on expected ports, suggesting both credential-guessing campaigns and successful compromise of the address for subsequent attack operations. With a 71% confidence score and detection sourced from 20 separate honeypot instances, the activity profile demonstrates sustained, deliberate targeting of SSH services rather than opportunistic scanning.
SSH brute-force attacks represent one of the most persistent threat vectors facing internet-exposed servers, with automated tools capable of testing thousands of credential combinations per hour against default SSH daemons. When an address is additionally flagged as an exploited host, it indicates the system itself has been compromised and is now being weaponised—potentially as part of a botnet or proxy infrastructure—without the owner's knowledge. This dual characterisation significantly increases the risk that traffic originating from 45.87.249.170 may include lateral movement, data exfiltration, or secondary compromise attempts against downstream targets.
Network defenders should treat IP 45.87.249.170 as hostile and implement immediate blocking at the firewall or network perimeter level. Organisations running publicly accessible SSH services should enforce key-based authentication in place of password-based login, change the default port from 22, disable root login, and deploy rate-limiting tools such as fail2ban to automatically ban addresses exhibiting brute-force behaviour. Regular auditing of authentication logs for unusual SSH session patterns and timely application of security patches to SSH daemons further reduce exposure to the exploitation techniques this address has demonstrated.
DE 
SC 
LV 
BG 
RO 
GB 
JP 
KR 
TH