Maximum Danger
IP 108.165.179.64 is a critical-risk address originating from Brazil that has accumulated 401 abuse reports since March 2026, with automated honeypot sensors flagging it for persistent hacking activity including unauthorized intrusion attempts and suspicious connection probing patterns. Despite a low activity frequency rating of 0/10, the sheer volume of reports combined with a perfect threat score of 10/10 indicates that each detected interaction carried significant malicious intent, making this IP particularly dangerous to exposed services.
Community-driven threat intelligence and automated honeypot detection systems logged 20 distinct hacking-category reports against this address within a compressed two-month window spanning March through April 2026. The targeted network is AS210356, operated by BattleHost, a provider whose infrastructure may be experiencing compromise or deliberate abuse by threat actors using it as a staging point for operations. Suricata intrusion-detection systems documented specific attack patterns involving RST packet anomalies during active sessions, a technique commonly employed to disrupt legitimate connections, map firewall states, or facilitate further exploitation attempts against vulnerable endpoints.
Hacking activity as documented for this IP encompasses a broad spectrum of intrusion methodologies, including port scanning, vulnerability probing, and attempts to exploit misconfigured or unpatched services. The observed RST-based session disruption pattern suggests the operator may be conducting reconnaissance to identify active connections before launching follow-on attacks or attempting to hijack existing sessions for unauthorized access. For any organization running publicly accessible services, this activity profile represents a concrete risk of credential compromise, data exfiltration, or system-level foothold establishment if exploitation vectors are identified.
Site operators should immediately block IP 108.165.179.64 at the firewall or network edge and implement fail2ban or equivalent rate-limiting tools to automatically reject repeated connection attempts from this source. Maintaining strict patch management cycles and disabling unnecessary services reduces the attack surface that this actor appears to be actively probing. Intrusion detection systems should be configured to alert on RST anomalies and suspicious session reset patterns, while logging all inbound traffic from Brazilian address space can assist in correlating future incidents. Regular review of honeypot and community abuse feeds ensures timely blocking of high-threat infrastructure before it can reach production systems.
CH 
RO 
BG 
CA 
UA