Severe Risk
IP 108.165.179.101 is a critical-risk Brazilian address that generated 402 abuse reports within a single month, indicating sustained hostile activity against exposed network infrastructure. The address, routed through BattleHost (AS210356), carries a maximum threat score of 10/10, with automated honeypot sensors flagging consistent hacking attempts throughout April 2026. Despite a moderate confidence rating of 80%, the volume of reporting activity and the nature of detected intrusion patterns establish this IP as a confirmed malicious actor requiring immediate defensive action.
Analysis of honeypot telemetry from the reporting period reveals the IP engaged in connection-probing behavior, with sensor alerts documenting anomalous TCP stream resets indicative of port-scanning and session-enumeration techniques. The 402 incident reports, all sourced from automated honeypot infrastructure, point to systematic reconnaissance activity rather than opportunistic noise. Geographic attribution to Brazil places this actor within a region frequently associated with automated attack campaigns targeting global internet-exposed services. The discrepancy between the high report count and low reported activity frequency may indicate either intermittent targeting or coordinated burst activity designed to evade detection thresholds.
Hacking activity of this profile typically precedes more sophisticated intrusion attempts, as threat actors use connection-probing to identify open ports, vulnerable services, and misconfigured systems before deploying payloads or credentials. The TCP stream reset pattern observed here is consistent with tools designed to elicit server configuration details without completing legitimate sessions, a common reconnaissance technique employed prior to exploitation. Organizations with SSH, RDP, or web-facing services exposed to this IP face elevated risk of subsequent credential stuffing, brute-force, or vulnerability-exploitation attempts if the address is not proactively blocked.
Site operators should implement blocking rules for 108.165.179.101 at the firewall or network perimeter immediately. Deploying fail2ban or equivalent rate-limiting solutions on exposed authentication endpoints will mitigate credential-based attack vectors. Enforcing strong authentication policies, including multi-factor authentication and certificate-based access, significantly reduces the impact of any successful intrusion attempts. Continuous monitoring of honeypot and community abuse feeds is recommended to track whether this IP's activity resumes or shifts to alternative infrastructure.
CH 
RO 
BG 
CA 
UA