Critical Alert
IP 212.34.246.2, registered in Armenia and operated by Ucom CJSC under ASN AS44395, presents a critical threat level of 10/10 as an exploited host, with 159 abuse reports logged between August 2025 and April 2026 indicating sustained malicious activity originating from this compromised infrastructure.
Automated honeypot sensors across multiple reporting nodes logged 159 reports linking this address to exploit and intrusion activity, with the dominant threat category classified as Exploited Host, indicating the IP belongs to a machine that has been compromised and is being weaponised by threat actors without the owner's knowledge. The supplemental Hacking category, represented in three recent reports, further characterises the IP as a platform conducting active intrusion attempts. Detection sources exclusively comprise automated honeypot infrastructure, yielding a 60% confidence score in the assessed threat landscape. Despite a low reported activity frequency of 0/10, the sustained volume of reports and maximum threat rating underscore that this address poses a genuine and ongoing risk to internet-facing systems.
The exploited host classification carries significant real-world implications, as the compromised system functions as an unwitting attack vehicle, potentially distributing malware, conducting scanning operations, or launching further exploitation campaigns against target networks. The associated attack patterns reflect attempts to leverage legacy network protocols for propagation and exploitation, which historically underpin widespread ransomware and worm-style outbreaks. For network operators and security teams, an IP flagged as an exploited host represents both a direct attack source and a potential indicator that broader compromise may exist within adjacent network segments or peer systems.
Security practitioners should immediately block IP 212.34.246.2 at the network perimeter and monitor logs for any associated connection attempts. Implementing tools such as fail2ban or equivalent rate-limiting mechanisms can further mitigate repeated abuse. Systems should be audited for outdated or unnecessary services that could facilitate similar exploitation, with particular attention to legacy protocols that are commonly targeted. Operators of Armenian network infrastructure are encouraged to investigate the compromised subscriber endpoint to contain the threat and restore secure operations.
BG 
TR 
CO 
UA 
VN 
CA 
RO 
TH 
GB