Significant Threat
IP 137.184.112.103 is a high-risk address linked to sustained hacking activity, with 1,443 abuse reports filed against this DigitalOcean-hosted endpoint over approximately seven months. The address presents a threat level of 8/10 and has been flagged by automated honeypot sensors for exploitation attempts and web application probing, making it a clear candidate for blocking at network perimeters. The confidence score of 89% reflects a consistent pattern of malicious behaviour rather than isolated anomalies.
The volume of reports is striking — 1,443 reports from 20 distinct honeypot sensors between November 2025 and June 2026 represents continuous, high-frequency targeting of vulnerable services. The activity frequency score of 8/10 confirms persistent automated scanning and exploitation attempts across the internet. Network analysis reveals SMBv1 protocol usage consistent with malware and exploit delivery patterns, and web application probes detected by ElasticPot-style sensors indicate systematic vulnerability scanning. The presence of both exploitation activity and web app probing suggests this IP operates as an active node in an automated attack infrastructure, though the single Exploited Host report also raises the possibility that the DigitalOcean address itself may be a compromised host being weaponised without its owner's knowledge.
The dominant hacking activity encompasses intrusion attempts, vulnerability exploitation, and unauthorised access attempts against exposed services. Detection of SMBv1 protocol activity is particularly concerning as this legacy protocol has been repeatedly weaponised by ransomware and wormable exploits such as EternalBlue. Web application probing indicates systematic scanning for common vulnerabilities including those in the OWASP Top 10, such as file inclusion and injection flaws. The concrete real-world risk is that this IP is part of an automated campaign designed to discover and compromise internet-facing systems at scale before deploying further payloads or establishing persistent access.
Site operators should block IP 137.184.112.103 at the firewall or edge gateway to eliminate inbound threats from this source entirely. Deploying a web application firewall will help detect and neutralise probing attempts targeting application-layer vulnerabilities. Implementing fail2ban or equivalent rate-limiting tools will automatically block repeated connection attempts matching the observed attack patterns. Finally, monitoring outbound traffic from internal networks for SMBv1 anomalies and enforcing strong authentication on exposed services will reduce the risk of successful exploitation by infrastructure like this address.
NL 
GB 
HK 
UA 
IR 
NO