Extreme Threat
IP address 185.73.124.28 is a critical-risk address associated with sustained hacking activity, having generated 400 abuse reports from automated honeypot sensors over approximately seven months of continuous hostile operations.
The volume of reports attributed to 185.73.124.28 is exceptionally high, with all logged incidents consistently classified under the hacking threat category, indicating an exclusive focus on intrusion and exploitation attempts rather than opportunistic scanning. Geolocated in Estonia and routed through AS209702, the network is operated by Soldatov Alexey Valerevich, an individual rather than an institutional infrastructure provider. This concentration of malicious traffic from a single source over such an extended timeframe, from August 2025 through February 2026, suggests persistent, deliberate targeting of exposed services rather than incidental contact with opportunistic threats.
Hacking activity in this context refers to structured attempts to gain unauthorized access to systems through exploitation of vulnerabilities, credential attacks, or configuration weaknesses. For an exposed service, this means the IP is actively probing for entry points such as weak authentication on remote access protocols, outdated software with known security flaws, or misconfigured services that can be leveraged for initial access. The real-world risk includes data exfiltration, system compromise, lateral movement within networks, and use of compromised resources as staging points for further attacks against other targets.
Site operators should immediately block this IP at the network perimeter firewall or web application firewall level given the sustained threat profile. Implementing automated abuse-response tools such as fail2ban can dynamically ban repeated connection attempts from high-risk sources. Strong authentication requirements, including multi-factor authentication and prohibition of default or easily guessed credentials, should be enforced across all exposed services. Regular patching of software and firmware on internet-facing systems eliminates the vulnerabilities most commonly targeted in this category of attack.
FI 
SC 
UA 
RO 
GB 
BG 
KZ 
FR 
PS