Severe Risk
IP address 93.157.248.178 is a critical-risk Russian address that has generated 2,846 abuse reports over approximately six months, with honeypot sensors across 20 distinct sources flagging it primarily for sustained SSH brute-force activity. With a threat-level score of 10 out of 10 and a 70% confidence rating, the volume and consistency of detections make this one of the most persistently active hostile IPs documented in recent reporting periods.
The IP routes through AS57128, operated by JSC Ufanet, a major Russian internet-service provider, and its geolocation places it within Russia. Automated honeypot sensors began recording activity in December 2025, with the most recent reports arriving in May 2026, indicating ongoing engagement with target infrastructure over roughly half a year. While the activity frequency rate of 2 out of 10 suggests bursts rather than uninterrupted traffic, the sheer cumulative report count of 2,846 demonstrates a sustained, high-volume campaign rather than opportunistic scanning. Fail2ban sensors specifically recorded 78 violations across multiple honeypot instances, all attributed to sshd brute-force attempts, and additional raw honeypot event logs confirm the same pattern independently.
SSH brute-force attacks represent one of the most common and effective initial-access vectors in real-world intrusions. Attackers automate the submission of username and password combinations against exposed SSH daemons, exploiting weak or default credentials to gain a foothold on servers. For any organisation running an internet-facing SSH service, a IP 93.157.248.178 hitting their logs signals a deliberate, automated intrusion attempt that, if successful, could grant the attacker command-level control over the compromised host, enabling data theft, lateral movement or the deployment of secondary payloads.
Network defenders should treat IP 93.157.248.178 as a confirmed hostile source and block it at the firewall or network perimeter without hesitation. Switching SSH access away from default port 22 to a non-standard port reduces the visibility of the service to automated scanners. Enforcing key-based authentication exclusively, disabling root login and implementing a dynamic tool such as fail2ban to automatically ban repeated offenders after a small number of failed attempts will dramatically reduce the effectiveness of any future connection attempts from this or similar addresses. Continuous monitoring of authentication logs and automated alerting on anomalous login patterns provide additional layers of defence against credential-based intrusion campaigns.
KR 
GB 
HK