Significant Threat
IP 164.92.114.247 is a high-risk address associated with extensive hacking activity, presenting a significant threat to exposed network services based on more than ten thousand incident reports over approximately nine months. Operating from DigitalOcean's infrastructure in the United States under ASN AS14061, this IP demonstrates sustained malicious behavior with a threat level of 8 out of 10 and an activity frequency rating of 8 out of 10, indicating persistent and aggressive engagement with target systems. The volume of reports and elevated confidence score of 80 percent suggest this is not incidental scanning but rather deliberate, repeated intrusion activity targeting vulnerable endpoints.
Automated honeypot sensors recorded the entirety of the 10,770 reports attributed to this address, with 20 recent incidents specifically categorized as hacking activity spanning from September 2025 through June 2026. This reporting timeframe demonstrates consistent engagement over roughly nine months, indicating a persistent actor rather than a transient or opportunistic threat. The network operator, DigitalOcean-ASN, provides cloud infrastructure commonly leveraged by both legitimate organizations and threat actors due to its accessibility and global reach. The predominance of hacking-related reports points to attempts at unauthorized system access, vulnerability probing, or exploitation of misconfigured services rather than casual reconnaissance.
Hacking activity encompasses a broad spectrum of intrusion techniques including the exploitation of unpatched software vulnerabilities, credential attacks, and attempts to gain unauthorized control over target systems. For an organization with exposed services, an IP generating this volume of hacking reports represents a concrete risk of successful compromise if vulnerabilities or weak configurations exist. The sustained nature of the activity suggests automated tooling capable of systematic scanning and exploitation attempts, meaning exposed services face continuous pressure rather than isolated probe events.
Site operators should immediately block this IP at the firewall or network edge level given its clear malicious intent and high report volume. Implementing fail2ban or equivalent log-based intrusion prevention tools can automate the detection and blocking of similar patterns. Enforcing strong authentication on all exposed services, minimizing attack surface by closing unnecessary ports, and maintaining rigorous patch management schedules significantly reduce susceptibility to the intrusion techniques likely employed by this address. Continuous monitoring of authentication logs for attempts originating from this IP range will help identify any successful bypass attempts.
NL 
GB 
CH 
RO 
BG 
CA 
UA