Critical Threat
IP 176.65.139.103 is a critical-risk address assigned to Offshore LC in Luxembourg that has generated 290 incident reports from automated honeypot sensors since May 2026, indicating sustained and aggressive unauthorized access attempts against exposed network services.
The IP carries a threat level of 10/10 with a confidence score of 94%, reflecting very high certainty of malicious activity. The reporting window spans from May 2026 through June 2026, with an activity frequency rating of 8/10 indicating persistent engagement over this period. All 290 reports uniformly cite hacking activity as the threat category, and all detections originated from automated honeypot sensors designed to monitor exploitation attempts targeting vulnerable services. The address operates within AS214472 under Offshore LC, and the observed attack patterns include anomalous connection behavior and protocol detection anomalies where only one direction of traffic is established.
Hacking activity encompasses a broad range of intrusion methodologies, including vulnerability exploitation, credential-based attacks, and systematic probing for entry points into networked systems. The specific Suricata detection signature indicating protocol detection in only one traffic direction suggests this source is engaged in reconnaissance or service fingerprinting, testing how target systems respond to incomplete or unexpected protocol sequences before launching more targeted exploitation attempts. An address with 290 reports of this nature poses significant risk to unpatched services, as the volume indicates an automated and aggressive campaign likely employing multiple attack vectors simultaneously.
Site operators should block or aggressively rate-limit this address at the network perimeter firewall and implement fail2ban or comparable dynamic blocking tools capable of automatically responding to repeated unauthorized connection attempts. All exposed services should enforce strong, multi-factor authentication and be kept current with security patches. Network intrusion detection signatures should be tuned to alert on the specific connection patterns associated with this source, and periodic review of honeypot telemetry will help identify any shift toward more sophisticated exploitation techniques.
GB 
RO 
FR 
SE 
TR