IP Address

185.193.240.246

IPv4 Public
MK MK
AS212645
Globalsat Dooel
497 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
10/10 Threat
78% Confidence
497 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Top 10% High Threat
MK
MK Location
Globalsat Dooel ASN 212645
497 Reports
Honeypot Data Source

Maximum Danger

IP 185.193.240.246, registered in North Macedonia and operated by Globalsat Dooel under ASN AS212645, is a high-risk threat actor with a perfect 10/10 threat level and an 8/10 activity frequency score, generating 492 total abuse reports from 20 independent automated honeypot sensors. The overwhelming majority of recent reports (19 out of 22 categorized incidents) document repeated SSH brute-force attempts, indicating a sustained, methodical campaign to compromise servers with open SSH services.

Detection data spanning from September 2025 through June 2026 reveals consistent, high-volume SSH intrusion activity originating from this address. Suricata sensors flagged multiple active SSH sessions on expected ports, while Fail2ban logging documented between 25 and 37 authentication violations per blocking event, demonstrating persistent credential-guessing behaviour that automated defences have repeatedly triggered. The confidence score of 78% reflects the certainty that this traffic represents deliberate malicious probing rather than accidental or incidental network activity.

SSH brute-force attacks systematically attempt to gain unauthorized server access by iterating through common username/password combinations until valid credentials are discovered. Even when individual attempts fail, the sheer volume exhausts server resources, creates log noise that can mask genuine incidents, and exposes any weak or default credentials to compromise. If successful, attackers typically deploy backdoors, cryptocurrency miners, or use the compromised host as a pivot point for further network intrusion, transforming the victim server into an additional threat vector.

Site operators should immediately block 185.193.240.246 at the firewall level given its confirmed malicious status. Enforcing key-based SSH authentication and disabling password-based login entirely eliminates the attack vector these attempts target. Moving SSH to a non-standard port reduces exposure to automated scanning. Implementing fail2ban with aggressive ban thresholds will automatically block repeat offenders like this address. Regular audit of authentication logs and enforcement of strong, unique credentials on any exposed SSH services are essential complementary measures.

More threatening than 94% of monitored IPs

Threat Categories

SSH 28
Hacking 5
Exploited Host 2

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 2 weeks indicates persistent threat actor operations.

First Observed 25. May 2026
Last Activity 8. June 2026
Recent (7 days) 5 incidents

High-Risk Network Association

This IP belongs to a network (ASN 212645) with elevated threat levels. The ISP Globalsat Dooel hosts multiple reported malicious addresses, suggesting systemic security issues or permissive policies.

Network-wide patterns may indicate this is part of a larger malicious infrastructure.

Security Recommendations

Long-term blocking recommended.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 10/10 Critical
Critical
Activity Frequency 6/10 Moderate
Confidence Score 78% Verified

Confidence History

20. Apr 2026 - 8. Jun 2026
78% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
New SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot x2 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Hacking Honeypot x2 75%
Exploited Host Honeypot 75%
Hacking SSH Honeypot x2 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot x2 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Hacking Honeypot x2 75%
SSH Hacking Honeypot x2 75%
Exploited Host Honeypot 75%
SSH Hacking Honeypot x2 75%
10 of 497 shown

Technical Details

Basic Information

IP Address
185.193.240.246
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class B

Geolocation

Country
MK MK
ASN
AS212645
ISP
Globalsat Dooel

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
497
First Reported
9 Sep 2025
Last Reported
8 Jun 2026, 10:46

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS212645
Globalsat Dooel
MK MK

Network Threat Assessment

8/10
This network has a high threat level with significant malicious activity reported across multiple IPs.

Network Statistics

1
Total IPs Monitored
478
Total Reports
478
Reports per IP

Network Context

This IP address belongs to Globalsat Dooel (AS212645), which manages 1 IP addresses in our monitoring system. Out of these, 478 have been reported for suspicious activities, resulting in a network-wide threat level of 8/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

94 %

Global Threat Ranking

This IP is more threatening than 94% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,500 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++
Total Reports 497 avg: 23 ++

Geographic Comparison

Compared against 81 IPs in MK

Threat Level 10/10 country avg: 6.1 ++
Total Reports 497 country avg: 12 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,140 threat incidents tracked globally • Last 24h: 19,043 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,446 20.5%
  2. 02
    IN
    India IN
    29,023 15.5%
  3. 03
    CN
    China CN
    26,021 13.9%
  4. 04
    BR
    Brazil BR
    10,256 5.5%
  5. 05
    DE
    Germany DE
    7,142 3.8%
  6. 06
    SG
    Singapore SG
    6,476 3.5%
  7. 07
    ID
    Indonesia ID
    5,539 3%
  8. 08
    RU
    Russia RU
    4,703 2.5%
  9. 09
    PK
    Pakistan PK
    4,654 2.5%
  10. 10
    NL
    Netherlands NL
    4,356 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs with similar threat level and confidence scores.

15 Related IPs
9.2/10 Avg Threat
78% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
207.90.244.5 8/10
Confidence 78%
Reports 18,182
Location US US
9 Jun 2026
143.110.239.2 8/10
Confidence 78%
Reports 11,934
Location US US
9 Jun 2026
64.225.74.178 8/10
Confidence 78%
Reports 9,571
Location NL NL
9 Jun 2026
185.156.73.167 8/10
Confidence 78%
Reports 2,534
Location UA UA
28 Apr 2026
80.94.92.67 10/10
Confidence 78%
Reports 1,569
Location RO RO
11 May 2026
64.62.197.137 8/10
Confidence 78%
Reports 911
Location US US
9 Jun 2026
95.215.0.144 8/10
Confidence 78%
Reports 832
Location RU RU
9 Jun 2026
216.126.239.150 10/10
Confidence 78%
Reports 828
Location US US
7 Dec 2025
78.153.140.147 10/10
Confidence 78%
Reports 819
Location GB GB
26 May 2026
93.123.109.192 10/10
Confidence 78%
Reports 804
Location BG BG
9 May 2026
5.188.154.78 10/10
Confidence 78%
Reports 695
Location KZ KZ
5 Dec 2025
80.94.92.182 10/10
Confidence 78%
Reports 671
Location RO RO
23 May 2026
34.58.124.191 10/10
Confidence 78%
Reports 644
Location US US
8 Jun 2026
109.199.98.14 10/10
Confidence 78%
Reports 573
Location FR FR
8 Apr 2026
178.214.77.7 10/10
Confidence 78%
Reports 536
Location PS PS
5 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "185.193.240.246",
    "threat_level": 10,
    "confidence_score": 78,
    "total_reports": 497,
    "country_code": "MK",
    "isp_name": "Globalsat Dooel",
    "asn": "212645",
    "first_reported": "2025-09-09 06:16:49",
    "last_reported": "2026-06-08 10:46:19",
    "exported_at": "2026-06-09T09:10:51+02:00",
    "source": "https://reportedip.de/ip/185.193.240.246/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses