Maximum Danger
IP 92.118.39.95, registered to Unmanaged Ltd under ASN AS47890 in the United States, is a critical-risk address linked to sustained SSH brute-force intrusion attempts and broader hacking activity, generating 223 abuse reports from automated honeypot sensors over approximately seven months between September 2025 and April 2026.
Threat intelligence data confirms 223 total incident reports attributed to this address, with 20 distinct automated honeypot sensors contributing detections. The dominant threat profile centres on SSH attacks, accounting for 17 of the most recent reports, closely followed by 16 reports of general hacking activity and 3 reports classifying this IP as an exploited host. Network-based detection signatures, including Suricata alerts flagging SSH sessions in progress on expected ports and ongoing brute-force authentication attempts, corroborate the malicious nature of the observed traffic. Despite a notably low activity frequency score of 0/10, the volume of independent reports and the persistent detection pattern over an extended timeframe indicate this address is actively engaged in credential-compromise campaigns rather than opportunistic scanning. The 70% confidence score reflects standard uncertainty margins in automated threat attribution.
SSH brute-force attacks represent a direct pathway to server compromise, with threat actors deploying automated tools to cycle through authentication credentials against exposed SSH daemons until valid credentials are discovered. Successful authentication grants attackers remote command-execution capabilities, enabling data exfiltration, malware deployment, lateral movement within networks, or the weaponisation of the compromised host for subsequent attacks. The presence of "exploited host" classifications alongside brute-force activity suggests this address may itself be operating from a previously compromised system, amplifying its risk profile as an indicator of active criminal infrastructure.
Site operators exposing SSH services should immediately block IP 92.118.39.95 at the firewall or network perimeter. Enforce key-based authentication exclusively, disable password-based SSH authentication entirely, and change the default SSH listening port to a non-standard value to reduce automated target acquisition. Implementing rate-limiting rules or automated blocking tools such as fail2ban will dampen brute-force effectiveness. Maintain rigorous patch management for SSH daemons and associated software, and consider notifying the hosting provider or upstream AS47890 operator given the classification of this address as potentially compromised infrastructure.
RO 
FR 
KR 
GB 
HK