Critical Threat
IP address 184.105.247.195 is a high-risk address operated through Hurricane Electric's AS6939 network in the United States, with a threat-level rating of 10 out of 10 and a confidence score of 84 percent. With 577 total abuse reports logged across a 10-month window between August 2025 and June 2026, this address presents a sustained, prolific risk profile. Automated honeypot sensors generated 20 separate detections, and the dominant activity pattern centers on general hacking intrusion attempts alongside malware and exploit delivery, with secondary indicators of IoT and ICS device targeting.
The volume and consistency of reports make this one of the more actively malicious addresses documented in recent threat feeds. The activity frequency of 8 out of 10 reinforces continuous rather than sporadic engagement. The 17 hacking-category reports significantly outweigh other threat classifications, suggesting a focus on vulnerability exploitation and unauthorized access attempts rather than a single vector. The presence of exploited-host and IoT-targeted classifications alongside the primary hacking activity indicates this IP may simultaneously serve as a compromised attack platform while launching campaigns against internet-of-things infrastructure. Suricata alerts documenting protocol-mismatch patterns and general malware activity further support an attacker operating multiple automated tools across diverse target profiles.
The hacking activity associated with this IP encompasses various intrusion attempts, exploitation of vulnerabilities in exposed services, and unauthorized access campaigns. The detection of IoT and ICS targeting specifically suggests interest in smart devices, routers, cameras, and industrial control systems that often run outdated firmware with weak default credentials. An address carrying an exploited-host classification may be running attacker-controlled tooling without the knowledge of its legitimate operator, meaning blocking the IP alone does not resolve the underlying compromise. The combination of high report volume, diverse attack patterns, and sustained activity over months makes this IP a concrete threat to any exposed service.
Site operators should immediately block 184.105.247.195 at the network edge and consider deploying dynamic deny-listing tools such as fail2ban to automate this response based on failed authentication patterns. All exposed services should run current patches and hardened authentication configurations, particularly SSH and web interfaces. Organizations with IoT or operational-technology environments should segment those networks from general infrastructure, update device firmware, change default credentials, and disable universal plug-and-play where possible. If sustained contact with this address is observed despite blocking measures, consider notifying Hurricane Electric to report the compromised or malicious activity originating from their AS6939 allocation.
RO 
IR 
ES 
BG 
EE 
FR