Significant Threat
IP 184.105.139.68, registered to Hurricane Electric (AS6939) in the United States, presents a high-risk threat profile with a threat level of 8/10 and a confidence score of 92%, based on 400 total abuse reports collected over approximately ten months between August 2025 and May 2026. The dominant activity associated with this address is general hacking activity, accounting for 17 of the 20 most recent reported threat categories, supplemented by isolated IoT-targeted probes and a single exploitation event. Its activity frequency score of 8/10 indicates persistent, repeated scanning and intrusion attempts rather than isolated opportunistic contact.
Automated honeypot sensors across 20 distinct reporting sources have consistently logged connection attempts from this IP, with the volume of reports suggesting a systematic, automated scanning campaign rather than manual probing. The presence of IoT-targeted activity alongside generic hacking attempts indicates this address is being used in a multi-vector reconnaissance and exploitation operation, likely probing for vulnerable devices and unpatched services across a broad target surface. The network operator, Hurricane Electric, operates a major US-based backbone network commonly used by hosting providers, which may explain why this IP appears to originate from what could be a compromised host or a bulletproof hosting environment.
The hacking activity associated with 184.105.139.68 represents unauthorized access attempts, vulnerability probing, and potential exploitation of unpatched systems. When paired with IoT-targeted behavior, this suggests the operator may be building a footprint of susceptible devices—routers, cameras, and networked appliances with weak default configurations—for later compromise or inclusion in a botnet. The single exploited-host report raises the possibility that this IP itself may belong to a compromised system being weaponized without its owner's knowledge, which is a common characteristic of residential proxy or botnet infrastructure.
Network defenders should treat 184.105.139.68 as a hostile source and block or heavily rate-limit connections originating from this address at the firewall or network perimeter. Implementing automated blocking via intrusion prevention tools such as fail2ban or equivalent log-based blocking solutions can reduce manual response burden. Organizations should ensure all exposed services are patched to the latest vendor releases, enforce strong authentication requirements, and segment IoT devices onto isolated network zones. Monitoring inbound connection logs for this IP and similar scanning patterns from adjacent address space will help identify broader campaign activity targeting your infrastructure.
FR 
UA