Critical Threat
IP 91.92.243.27 is a critical-risk address associated with 444 total abuse reports and classified as an exploited host, indicating this system has been compromised and is being weaponised by threat actors without the owner's knowledge. The IP carries a maximum threat level of 10/10, and its network is operated by Omegatech LTD under ASN AS202412 in the United States. With all reports originating from automated honeypot sensors within a single month, the concentration of malicious activity detected against this address is exceptionally high.
The data shows 444 total reports filed between March 2026, with 20 of those specifically categorising the address as an exploited host. Every detection came from automated honeypot sensors, providing a consistent detection methodology across all reports. Despite the substantial report volume, the activity frequency metric of 0/10 suggests the IP may not be currently engaged in active outreach campaigns, which is consistent with a compromised endpoint being intermittently controlled rather than continuously attacking. The 72% confidence score indicates a solid analytical basis for the classification while acknowledging some inherent uncertainty in attributing all observed activity to a single threat actor.
An exploited host presents a distinct threat profile compared to a direct attacking address. When a system is classified as exploited, it means cybercriminals have gained control of the underlying infrastructure and are using it as a launchpad for further attacks, malware distribution, or relay operations. The owner of the machine typically remains unaware of the compromise. This makes the IP dangerous not only as a potential source of inbound threats but also as an indicator that whatever network or organisation this system belongs to may harbour additional security weaknesses that enabled the initial compromise. Malware and exploit activity associated with exploited hosts can propagate laterally within networks or be used to harvest credentials from other systems.
Site operators should immediately block IP 91.92.243.27 at the firewall or network edge layer to prevent any inbound or outbound malicious traffic associated with this address. It is advisable to check server and endpoint logs for any connections originating from or directed toward this IP in recent weeks, as such contact may indicate prior reconnaissance or attempted exploitation. Implementing tools such as fail2ban or equivalent dynamic blockade mechanisms can automate this response for recurring threats. Organisations observing connections matching this pattern should also review authentication logs for suspicious credential use and consider notifying the hosting provider or system owner through appropriate abuse reporting channels, as the legitimate operator of this compromised host may be unaware their infrastructure is being misused.
UA 
GB