Extreme Threat
IP 108.165.230.49 is a critical-risk address originating from Brazil that has been linked to 303 distinct hacking-related incidents detected by automated honeypot sensors, with all activity concentrated within April 2026 and a maximum threat score indicating severe ongoing malicious behaviour.
The address operates within AS210356 under the BattleHost network and was flagged exclusively through automated honeypot sensors, which generated 20 recent threat reports identifying hacking activity as the dominant attack category. Detection data shows TCP stream anomalies including unexpected RST (reset) and FIN (finish) packets being received by honeypot sensors without corresponding active sessions, alongside direct attack connection attempts. Despite a perfect threat-level rating and high total report volume, the activity frequency metric registered at zero, suggesting the IP may be conducting intermittent or burst-based reconnaissance rather than sustained continuous scanning. The 81% confidence score supports a strong analytical consensus that this address poses genuine risk.
The predominant threat category of hacking encompasses intrusion attempts, vulnerability exploitation, and unauthorized access vectors. The specific Suricata stream alerts observed are characteristic of attackers performing reconnaissance or testing firewall and IDS response boundaries by sending crafted TCP control packets to observe how defensive systems react. These techniques can map network defences, probe for filtering weaknesses, or serve as precursors to more targeted exploitation of exposed services.
Site operators should immediately block IP 108.165.230.49 at the network perimeter firewall and implement deny-by-default security policies targeting Brazilian address space if regional access is unnecessary. Deploying or configuring tools such as fail2ban with appropriate trigger thresholds can automate dynamic blocking based on honeypot-level anomalies. Ensuring Suricata or equivalent intrusion detection signatures are current will improve detection of the TCP stream patterns associated with this address. Continuous monitoring of connection logs for unexpected RST and FIN packets from this source is strongly recommended.
BG 
RO 
JP