Is IP address 154.239.6.163 dangerous?

Yes, 154.239.6.163 is considered dangerous with a threat level of 8/10. It has been reported 470 times for malicious activities including . We recommend blocking this IP address.

Who owns or operates IP address 154.239.6.163?

IP address 154.239.6.163 is operated by Etisalat Misr (ASN 36992) and is geolocated to EG. This information is derived from public WHOIS and geolocation databases.

Should I block IP address 154.239.6.163?

Yes, blocking 154.239.6.163 is strongly recommended. With a threat level of 8/10 and 470 security reports, this IP poses significant risk. Implement firewall rules to block incoming and outgoing traffic.

How accurate is this threat assessment for 154.239.6.163?

Our threat assessment for 154.239.6.163 has a confidence score of 93%, based on 470 independent reports from multiple independent sources. Higher confidence scores indicate more reliable assessments.

IP Address

154.239.6.163

IPv4 Public

AS36992

Etisalat Misr

470 Reports

EG Location

Etisalat Misr ASN 36992

470 Reports

Honeypot Data Source

Elevated Risk

IP 154.239.6.163 is a high-risk address originating from Egypt's Etisalat Misr network (AS36992) that has generated 470 incident reports from automated honeypot sensors since April 2026, indicating sustained hostile reconnaissance and intrusion activity with an elevated 8/10 threat level and 93% confidence score.

The IP was first reported in April 2026 and remained active through May 2026, accumulating reports across 20 distinct honeypot sensor sources. Detection patterns show a primary focus on Ciscoasa port scanning operations combined with Suricata stream anomaly alerts indicating malformed acknowledgment packets, consistent with sophisticated reconnaissance probes designed to map network defenses and identify vulnerable entry points for subsequent exploitation attempts.

Port scanning activity as observed from IP 154.239.6.163 represents active network reconnaissance where the address systematically probes target systems for open ports and services that could serve as attack vectors. The accompanying Suricata alerts regarding broken acknowledgment packets suggest the scanning implementation includes techniques to evade detection or exploit stateful inspection gaps in firewall configurations. The "Hacking" classification reflects confirmed intrusion attempt patterns beyond passive reconnaissance, indicating this address has progressed from simple scanning to active exploitation attempts against exposed services. Organizations with misconfigured or unpatched services facing the internet face genuine risk of unauthorized access originating from this source.

Site operators should implement blocking or rate-limiting measures for this IP address at the network perimeter, enforce strong authentication requirements on all exposed services, and monitor logs for any authentication failures or unusual traffic patterns originating from this source. Deploying intrusion detection systems and keeping systems patched reduces vulnerability to the exploitation techniques this address has demonstrated. Additionally, configuring firewall rules to drop traffic from this address and implementing fail2ban or similar automated blocking tools provides layered defense against continued reconnaissance.

More threatening than 81% of monitored IPs

Threat Categories

Port Scan 30

Hacking 20

Technical Details

Port scanning identifies open services and potential attack vectors on target systems as reconnaissance for attacks.

Recommended Mitigations

Minimize exposed services, implement firewall rules, and monitor for scanning patterns.

Reputable Network

This IP is hosted on a network (ASN 36992) with generally good reputation. The ISP Etisalat Misr maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Continue monitoring for emerging patterns.

Reputation Summary

Threat Level 8/10 High

Critical

Activity Frequency 8/10 High

Confidence Score 80% Verified

Confidence History

3. May 2026 - 10. May 2026

93% Current

Stable Trend

Date	Categories	Source	Confidence
10. May 2026	Port Scan Hacking	Honeypot x2	75%
10. May 2026	Port Scan	Honeypot	75%
10. May 2026	Port Scan Hacking	Honeypot x2	75%
10. May 2026	Port Scan Hacking	Honeypot x2	75%
10. May 2026	Hacking Port Scan	Honeypot x2	75%
10. May 2026	Port Scan	Honeypot	75%
10. May 2026	Port Scan	Honeypot	75%
10. May 2026	Port Scan Hacking	Honeypot x2	75%
10. May 2026	Port Scan Hacking	Honeypot x2	75%
10. May 2026	Port Scan	Honeypot	75%
10. May 2026	Port Scan Hacking	Honeypot x2	75%
10. May 2026	Port Scan	Honeypot	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
9. May 2026	Port Scan	Honeypot	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
9. May 2026	Port Scan	Honeypot	75%
9. May 2026	Port Scan	Honeypot	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
9. May 2026	Hacking Port Scan	Honeypot x2	75%
9. May 2026	Port Scan	Honeypot	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
9. May 2026	Port Scan	Honeypot	75%
9. May 2026	Port Scan Hacking	Honeypot x2	75%
3. May 2026	Port Scan Hacking	Honeypot x2	75%

Basic Information

IP Address: 154.239.6.163
IP Version: IPv4
Network Type: Public
Tor Network: No
Network Class: Class B

Geolocation

Country: EG
ASN: AS36992
ISP: Etisalat Misr

DNS Information

Reverse DNS: None
PTR Record: No
Connection Type: Static

Statistics

Total Reports: 470
First Reported: 23 Apr 2026
Last Reported: 10 May 2026, 05:53

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

ASN: AS36992

Organization: Etisalat Misr

Country:

Network Threat Assessment

1/10

This network appears to be relatively clean with very low threat indicators.

Network Statistics

Total IPs Monitored

594

Total Reports

22.8

Reports per IP

Network Context

This IP address belongs to Etisalat Misr (AS36992), which manages 26 IP addresses in our monitoring system. Out of these, 594 have been reported for suspicious activities, resulting in a network-wide threat level of 1/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

81 %

Global Threat Ranking

This IP is more threatening than 81% of all IPs in our database.

High Threat Percentile

Global Comparison

Compared against 199,215 reported IPs worldwide

Threat Level 8/10 avg: 5.3 ++

Total Reports 470 avg: 23 ++

Network Comparison

Compared against 57 IPs in ASN 36992

Threat Level 8/10 network avg: 6.1 +

Total Reports 470 network avg: 17 ++

Network Etisalat Misr has overall threat level 1/10

Geographic Comparison

Compared against 1,159 IPs in EG

Threat Level 8/10 country avg: 4.8 ++

Total Reports 470 country avg: 5 ++

Daily report activity over the last 30 days showing patterns and peaks.

Peak Day 0 reports

Daily Average 0 reports/day

Most Active Saturday 110 reports

Evolution of threat level over time based on reported categories and frequency.

Initial Threat 6/10

Current Threat 6/10

Distribution of threat categories reported over time.

Top Threat Categories

Port Scan 440

Hacking 381

SSH 3

Activity patterns showing when this IP is most active during the day and week.

Hourly Activity

Peak activity at 02:00 with 24 reports

Weekly Activity

Geographic Threat Distribution

186,914 threat incidents tracked globally • Last 24h: 18,893 Logs

FEED

Top Threat Sources

01

United States US

38,421 20.6%
02

India IN

28,931 15.5%
03

China CN

26,004 13.9%
04

Brazil BR

10,236 5.5%
05

Germany DE

7,138 3.8%
06

Singapore SG

6,475 3.5%
07

Indonesia ID

5,522 3%
08

Russia RU

4,700 2.5%
09

Pakistan PK

4,646 2.5%
10

Netherlands NL

4,354 2.3%

+40 more countries

THREAT LEVEL

LOW MED HIGH

IPs from the same Autonomous System (AS) network provider.

20 Related IPs

6.5/10 Avg Threat

58% Avg Confidence

14 High Threat

High-risk network: Majority of related IPs are flagged

Elevated Risk

Threat Categories

Technical Details

Recommended Mitigations

Reputable Network

Security Recommendations

Basic Information

Geolocation

DNS Information

Statistics

Network Reputation

Network Identity

Network Threat Assessment

Network Statistics

Network Context

Global Threat Ranking

Top Threat Categories

Hourly Activity

Weekly Activity

FEED

Top Threat Sources

JSON Report

Firewall Rules

iptables / netfilter

UFW (Ubuntu)

Windows Firewall

Cloudflare

nginx

Apache .htaccess

PDF Report

Analyzed high-risk IP addresses

reportedIP

Parkstraße 19, 80339 München

Consultation

+49-89-215505888

Report a IP

[email protected]