High Risk
IP 185.242.226.91 is a critical-risk address with a 10/10 threat level and 94% confidence, extensively linked to hacking activity through 391 abuse reports from automated honeypot sensors over approximately nine months of continuous operation between September 2025 and June 2026.
Observed originating from the United States within AS202425 operated by IP Volume inc, this IP has demonstrated a persistently aggressive activity pattern scoring 8/10 in frequency. The detection footprint spans 20 distinct automated honeypot sources, all consistently reporting unauthorized intrusion attempts consistent with the hacking threat classification. The sustained timeline from first to last reported activity indicates deliberate, ongoing targeting rather than opportunistic scanning.
The dominant hacking category encompasses general intrusion attempts, vulnerability exploitation, and unauthorized access vectors against exposed services. For any organization running accessible SSH, RDP, web interfaces, or other network services, this IP represents a concrete threat of credential brute-forcing, exploit delivery, and initial access brokerage for subsequent compromise chains. The high report volume and consistent activity pattern suggest an automated infrastructure systematically probing internet-facing assets at scale.
Site operators should immediately block this IP at the network edge or firewall level, implement strict rate-limiting on authentication endpoints, enforce strong credential policies supplemented by key-based authentication where feasible, and deploy defensive tools such as fail2ban or equivalent log-analysis solutions to automatically ban repeated offenders. Continuous monitoring of authentication logs and employing intrusion detection systems will further reduce exposure to similar probing activity from this and adjacent threat sources.
NG 
PH