Severe Risk
IP 45.142.193.197 is a critical-risk address operating from Romanian infrastructure (AS214295 / Skynet Network Ltd) that has accumulated 167 total abuse reports with a 94% confidence score, making it one of the most persistently threatening IPs observed in recent months. The dominant threat category is hacking activity, detected by automated honeypot sensors across multiple network touchpoints, with an activity frequency rated 8 out of 10 indicating sustained, repeated offensive operations rather than opportunistic scanning.
Analysis of the report metadata reveals that all 20 recent threat-category reports specifically classify the activity as hacking, a designation encompassing intrusion attempts, exploitation of vulnerable services, and sustained unauthorized access campaigns. The detection timeline spans from February 2026 through June 2026, a five-month window during which automated honeypot sensors maintained consistent visibility into the address's behaviour. This sustained detection window, combined with the high report volume and tight confidence interval, strongly suggests this IP is under active hostile control rather than serving as a compromised end-user endpoint. Network ownership traces to Skynet Network Ltd, whose AS214295 infrastructure appears to be regularly utilised for offensive network operations originating from Romania.
The hacking classification represents a serious threat to any exposed service, as the underlying activity includes repeated intrusion attempts and probing for vulnerabilities across targeted network endpoints. An IP with this reputation, operating at maximum threat intensity over an extended period, poses concrete risk of successful compromise for unpatched or misconfigured services. The sustained frequency and volume of reports indicate the operator is systematically working through target ranges, adjusting techniques as needed, and not abandoning infrastructure quickly when initial attempts fail. Services exposing SSH, RDP, web interfaces, or authentication portals to this address face immediate exposure to credential-guessing, exploit delivery, and lateral-movement preparation.
Site operators should treat this IP as definitively hostile and implement immediate blocking at the network perimeter, using tools such as fail2ban or firewall rules to drop all packets from this source. All exposed services should be audited for patch currency, with particular attention to authentication mechanisms and remote-access pathways. Rate-limiting incoming connections and enforcing strong multi-factor authentication across remote-access services will substantially reduce the viability of any continued attempts from this address. Continuous monitoring and log analysis should be maintained to detect any evasion attempts using alternate source addresses.
IR 
FR 
SE 
TR