Extreme Threat
IP address 91.92.243.197 is a critical-risk address associated with an exploited host, classified at the maximum threat level of 10/10 based on 402 cumulative abuse reports submitted by automated honeypot sensors. The IP, registered to Omegatech LTD under ASN AS202412 in the United States, has been flagged primarily for exploited host activity involving malware and exploit behaviour, indicating that the underlying system has been compromised and weaponized by threat actors without the owner's knowledge.
The detection profile shows 402 total reports spanning the March 2026 reporting window, with 20 recent reports specifically citing exploited host activity as the dominant threat category. Automated honeypot sensors across multiple locations captured the malicious patterns, generating a 72% confidence score in the assessment. The high volume of reports relative to the short reporting period suggests concentrated scanning or exploitation attempts rather than sporadic activity, though the current activity frequency reading of 0/10 indicates that aggressive phase may have subsided or shifted to a lower profile. The network operator Omegatech LTD operates this IP from US-based infrastructure, placing it within a jurisdiction where abuse coordination with the hosting provider is feasible for remediation efforts.
An exploited host represents one of the most dangerous threat profiles in network security because the compromised system functions as an unwitting attack platform, often leveraging its trusted network position to bypass perimeter defences. Threat actors routinely use such compromised hosts to conduct lateral movement, launch secondary attacks against other targets, distribute malware payloads, or harvest credentials from other systems that trust communications from this address. The confidence score of 72% reflects that the evidence strongly supports exploitation but acknowledges some uncertainty inherent in automated threat classification. For any exposed service receiving connection attempts from this IP, the risk of exploit-driven compromise or malware delivery is substantial given the confirmed hostile intent.
Site operators should immediately block IP address 91.92.243.197 at the firewall or network edge to prevent any incoming connections from this source. Deploying or configuring tools such as fail2ban to automatically ban IPs with patterns matching brute-force or exploit attempts provides adaptive defence without manual intervention. Reviewing inbound access logs for any prior successful connections originating from this address is strongly advised, and any suspicious activity should trigger a security incident review. Finally, reporting this IP to the network operator Omegatech LTD through standard abuse channels facilitates cleanup of the compromised host at the source, helping to reduce the active threat landscape beyond your own infrastructure.
UA 
GB