High Risk
IP 184.105.247.196 is a high-risk address operating from Hurricane Electric's AS6939 network in the United States, with a threat level of 8/10 and 336 total abuse reports indicating persistent, automated intrusion activity primarily targeting vulnerable services and IoT infrastructure.
Automated honeypot sensors across 20 distinct detection points logged this address continuously between September 2025 and June 2026, yielding a confidence score of 92 percent and an activity frequency rating of 8/10. The overwhelming majority of recent reports—17 out of 22 categorized incidents—involved general hacking activity, while 2 reports documented port scanning behaviour and an additional 2 identified IoT-targeted operations. Detection signatures included malformed TLS record types suggesting reconnaissance or exploitation attempts, inbound scanning consistent with Zmap reconnaissance tooling, and various honeypot interaction events tied to malware or exploit delivery. The sustained volume and diversity of these reports over a nine-month period establish a clear, ongoing pattern of hostile network behaviour originating from this address.
The dominant hacking classification encompasses unauthorized access attempts, vulnerability exploitation, and intrusion activities against exposed services—the primary real-world risk being compromised systems, data exfiltration, or pivot points for further attacks. Port scanning activity compounds this threat by systematically identifying open services that could serve as entry vectors. IoT targeting further suggests the address participates in campaigns specifically exploiting poorly secured connected devices such as cameras, routers, and smart hardware, which often lack robust update mechanisms and represent attractive targets for botnet recruitment or surveillance. Together, these threat vectors indicate an address engaged in multi-stage attack operations against both traditional servers and the expanding IoT attack surface.
Network operators should implement immediate blocking or rate-limiting for this address at the firewall level, particularly for inbound connections on non-essential ports. Deploying or configuring tools such as fail2ban or equivalent intrusion prevention systems can automate detection and response to the scanning and authentication probe patterns observed. Patching exposed services, minimizing the attack surface by disabling unused daemons, and isolating IoT devices on dedicated network segments all reduce the effectiveness of campaigns originating from this source. Continuous monitoring for the associated detection signatures—particularly anomalous TLS traffic and Zmap-style user agents—will help identify any successful compromise attempts before significant damage occurs.
FR 
UA