Notable Threat
IP address 184.105.247.254, registered to Hurricane Electric's AS6939 backbone network in the United States, presents a high-risk threat profile with a threat level of 8 out of 10 based on 538 abuse reports collected over approximately ten months of sustained activity. The dominant threat category associated with this address is general hacking activity, supplemented by evidence of compromised infrastructure usage, web application probing, and Internet of Things targeting, indicating a versatile and persistent threat actor leveraging this IP for multiple attack vectors.
The aggregate threat intelligence compiled from twenty distinct automated honeypot sensors and community report sources reveals a consistent pattern of malicious engagement spanning from August 2025 through June 2026, with an activity frequency rated at 8 out of 10 demonstrating near-continuous hostile traffic. Detected attack patterns include malware and exploit delivery attempts, general attack connections, ElasticPot web application probing, Suricata TLS protocol anomalies indicating potential man-in-the-middle or protocol manipulation techniques, and deliberate targeting of IoT devices. The 83% confidence score across these diverse detection sources confirms this activity represents genuine malicious behavior rather than anomalous or misclassified traffic.
The prevalence of hacking activity and exploited host indicators suggests this IP may represent either compromised infrastructure within Hurricane Electric's network being weaponized without the operator's knowledge, or deliberately allocated attack infrastructure configured to conduct automated vulnerability scanning and exploitation campaigns. The IoT targeting and web application probing patterns are particularly concerning as they indicate systematic reconnaissance activity designed to identify and compromise vulnerable systems for potential botnet recruitment, secondary attacks, or data exfiltration, posing concrete risks to any exposed services accepting connections from this source.
Network defenders should immediately implement blocking or aggressive rate-limiting for all inbound connections from 184.105.247.254 at perimeter firewalls and intrusion prevention systems, and consider deploying automated blocking tools such as fail2ban to dynamically respond to repeated connection attempts. Organizations running publicly accessible web services should ensure web application firewalls are active and signature rules are current to defend against the observed probing patterns. Regular security audits and prompt patching of vulnerabilities remain essential given the hacking and exploitation activity detected. If this IP persists in targeting your infrastructure, engaging with the network operator through appropriate abuse channels may facilitate investigation and remediation of any compromised hosting environment.
HK 
RO 
IT