Critical Threat
184.105.247.252 is a critical-risk address that has accumulated 412 abuse reports across automated honeypot sensors, with the bulk of recent activity classified as general hacking intrusion attempts originating from a US-based Hurricane Electric network (AS6939). This IP reputation profile warrants immediate defensive attention for any organization with internet-facing services.
The volume of reported activity tells a clear story about the persistence behind this address. With 412 total reports spanning from August 2025 through June 2026, the detection data reveals sustained engagement with honeypot infrastructure over approximately eleven months. The 89% confidence score and the 8/10 activity frequency both indicate that this is not incidental or opportunistic scanning but rather consistent, deliberate probing. Twenty separate automated honeypot sensors flagged this address, suggesting it has been deployed across multiple target environments. The dominant threat category in recent reports is Hacking, cited in 18 separate incidents, supplemented by isolated detections of IoT-targeted activity and exploited-host behavior.
The hacking activity linked to this IP encompasses general intrusion attempts, vulnerability exploitation, and unauthorized access probes against exposed services. Combined with the IoT-targeted and exploited-host signals in the dataset, this pattern suggests an actor running adaptive tools or scripts capable of probing diverse system configurations. The presence of exploited-host indicators raises the possibility that this address may itself represent a compromised system being leveraged as an intermediary platform, multiplying the real-world risk to any vulnerable service it encounters. Organizations asking whether they should block this IP can find strong justification in the sustained volume, diverse attack vectors, and confirmed hostile intent documented across the reporting window.
Site operators should treat 184.105.247.252 as a high-priority block at the network perimeter. Implementing fail2ban or equivalent dynamic firewall rules that automatically ban repeated offenders provides an effective first line of defense against the brute-force and scanning patterns this address exhibits. All internet-facing services should be verified as fully patched, with particular attention to services commonly targeted in IoT and hacking campaigns. If this IP is observed communicating with internal systems despite perimeter blocks, an immediate forensic review of those systems is warranted to rule out successful compromise or lateral movement. Blocking known malicious addresses at the network edge remains the most resource-efficient mitigation for threats of this calibre.
HK 
UA 
IR 
NO