Notable Threat
IP address 184.105.139.67 is a high-risk address assessed at threat level 8/10, linked to active hacking intrusion attempts and systematic targeting of IoT devices, with 383 reported incidents logged across automated honeypot sensors over an eight-month observation window between October 2025 and June 2026.
The IP originates from the United States and operates within AS6939, the network allocated to Hurricane Electric, a major US-based bandwidth provider. Of the 383 abuse reports attributed to this address, the dominant threat category is Hacking with 18 recent incidents, complemented by 2 reports of IoT-targeted activity. Detection originated from 20 separate automated honeypot sensors, yielding a confidence score of 86% and an activity frequency rating of 8/10. Suricata intrusion-detection systems flagged protocol mismatch anomalies on this address, indicating attempts to probe or exploit services using non-standard or malformed network communications. The sustained volume and diversity of detection sources confirm this is not isolated scanning but persistent, deliberate hostile activity.
Hacking activity associated with this address encompasses general intrusion attempts, vulnerability probing, and unauthorized access vectors directed at exposed services. The concurrent IoT-targeted behaviour suggests the operator is specifically scanning for inadequately secured connected devices such as cameras, routers, and smart appliances that often ship with weak default credentials or unpatched firmware. An attacker controlling an IP with this reputation could leverage compromised IoT endpoints for botnet recruitment, lateral movement into adjacent networks, or as a persistent foothold for further exploitation. The protocol mismatch alerts point to potential fingerprinting attempts designed to identify open ports or misconfigured services before launching targeted exploits.
Administrators should block or rate-limit traffic from 184.105.139.67 at the network edge, applying rules consistent with existing blocklists for known malicious sources. Implement robust authentication requirements on all exposed services, enforce strong password policies, and ensure systems remain current with security patches. Network segmentation should isolate IoT devices from critical infrastructure, with UPnP disabled and default credentials replaced on all smart devices. Deploying tools such as fail2ban or equivalent log-analysis utilities can automate the detection and temporary blocking of this address following repeated failed login attempts, while ongoing monitoring of honeypot and community abuse feeds will provide early warning of any shift in the threat profile associated with this IP.
RO 
PL