Severe Risk
IP 172.86.95.98 is a critical-risk address assessed at a threat level of 10/10, originating from Germany and linked to automated hacking activity detected by honeypot sensors. The IP has accumulated 11,273 abuse reports, indicating sustained hostile intent against internet-facing infrastructure over the September–October 2025 reporting window. Despite a moderate confidence score of 59%, the sheer volume of reports from automated honeypot sensors establishes a clear pattern of malicious reconnaissance and intrusion activity originating from this address within the AS30823 network operated by aurologic GmbH.
The detection data reveals that honeypot sensors recorded 20 recent reports specifically categorised as hacking activity, consistent with automated exploitation attempts and vulnerability probing. The 11,273 total reports underscore a persistent campaign rather than isolated scanning. Geolocation places this activity within German network infrastructure, suggesting either a compromised host or an attacker operating through infrastructure in that jurisdiction. The moderate confidence score reflects inherent uncertainty in attributing automated attack patterns, but the threat level of 10/10 compensates by prioritising the risk posed to exposed services.
Hacking activity in this context encompasses automated intrusion attempts, exploitation of known vulnerabilities, and repeated login probes against services such as SSH, Telnet, or web interfaces left accessible on public networks. The concrete risk to an exposed service is unauthorised access, data exfiltration, or the recruitment of the target system into a botnet. Even low-volume activity frequency should not inspire complacency, as automated attack tools can rapidly escalate attempts against a vulnerable target within a short timeframe.
Site operators should treat IP 172.86.95.98 as hostile and implement defensive controls accordingly. Block or rate-limit traffic from this address at the firewall or web application layer. Enforce strong, unique credentials and disable unused services on internet-facing systems. Deploy intrusion detection tools and consider implementing fail2ban or similar dynamic blocking mechanisms to automatically reject repeated connection attempts from abusive sources. Maintain a practice of patching internet-facing services on a regular schedule to reduce the attack surface available to automated exploitation toolkits.
RO 
PH 
UA 
VN