Significant Threat
IP 184.105.247.194 is a high-risk address originating from the United States within Hurricane Electric's network (AS6939), linked to sustained hacking activity including SSH brute-force probing, port scanning and targeted exploitation of IoT infrastructure. With a threat level of 8/10 and an activity frequency rated 8/10, this IP has accumulated 1,338 abuse reports from 20 independent automated honeypot sensors since first being flagged in August 2025, with the most recent reports filed in June 2026. The volume and consistency of these reports indicate persistent, automated malicious behavior rather than isolated scanning.
The dominant threat category is general hacking activity, supported by recent detections of Ciscoasa port-scan probes, malware or exploit-related connections, and Suricata alerts flagging SSH sessions on unusual ports — a technique frequently employed to bypass detection and gain unauthorized access to systems. Two recent reports also classified this IP as an exploited host, suggesting the address may itself be running on a compromised machine being weaponized without its operator's knowledge. Combined with IoT-targeting behavior noted in recent reports, the IP presents a multi-vector threat profile spanning reconnaissance, credential attacks and vulnerable-device exploitation across a ten-month sustained campaign.
The concrete risk this IP poses is significant: its SSH probing activity suggests ongoing credential-cracking attempts against exposed servers, while its port-scan and IoT-targeted operations indicate systematic reconnaissance to map vulnerable services for later exploitation. The "exploited host" classification raises the additional concern that blocking this address alone may be insufficient, as it may represent a hijacked residential or cloud node. Organizations with exposed SSH, Telnet or IoT management interfaces are at highest risk of unauthorized access, lateral movement or recruitment into botnets.
Site operators should block or aggressively rate-limit connections from 184.105.247.194 at the firewall level and monitor for any authenticated sessions originating from this address. SSH services should be hardened by disabling password-based authentication in favor of key-based access, moving SSH to a non-standard port and enforcing fail2ban or equivalent dynamic blocking to automatically ban repeat offenders. Exposed IoT management interfaces should be isolated behind VPNs or network access controls, and intrusion-detection rules should be tuned to alert on the specific Suricata signatures associated with this threat profile. If the address is observed conducting high-volume scanning, consider notifying the network operator to report potential compromise of their infrastructure.
MX 
CA 
UA 
UZ 
RO 
GB 
BD