Critical Alert
IP 172.105.128.12, allocated through Akamai Connected Cloud (AS63949) in the United States, presents a maximum threat level of 10/10 based on 950 abuse reports submitted over approximately nine months of active targeting. This address is strongly associated with persistent hacking activity, with 19 of 20 recent reports cataloguing intrusion attempts and exploitation of vulnerabilities against exposed services. Despite a moderate activity frequency rating of 3/10, the sustained volume of independent reports indicates an ongoing, deliberate campaign rather than sporadic opportunistic scanning.
Detection across 20 automated honeypot sensors confirmed malicious activity originating from this IP between September 2025 and June 2026. The reports document general hacking behavior including unauthorized access attempts and probing for security weaknesses in internet-facing systems. The 69% confidence score reflects some inherent variability in automated threat attribution, yet the sheer volume of sensor detections substantiates the assessment that this address poses a genuine risk to exposed infrastructure. Network ownership through a major cloud provider suggests the address may originate from cloud-hosted resources, which threat actors frequently abuse to conduct attacks while obscuring their true origin.
General hacking activity encompasses a broad spectrum of intrusion techniques, from credential guessing and brute-force attempts to exploitation of unpatched vulnerabilities in exposed services. For organizations running internet-connected SSH, RDP, administrative panels, or custom applications, an IP with this threat reputation poses concrete risk of unauthorized access, data compromise, and lateral movement within networks. The web application attack component (1 recent report) further indicates scanning for weaknesses in web-facing services, potentially targeting outdated CMS installations, vulnerable APIs, or file-inclusion vulnerabilities commonly abused for remote code execution.
Site operators should immediately block IP 172.105.128.12 at the network perimeter using firewall rules or web application firewall policies, enforce strong multi-factor authentication on all administrative interfaces, and implement rate-limiting to disrupt automated credential attacks. Deploying intrusion prevention tools such as fail2ban can automatically detect and ban repeated connection attempts from abusive sources. Organizations should also audit exposed services for vulnerabilities, apply security patches promptly, and monitor authentication logs for patterns consistent with brute-force or exploitation attempts originating from high-risk addresses.
AU 
GB 
FR 
PE 
CH 
HK 
PH