Critical Threat
IP 185.93.89.190 is a critical-risk address with a 10/10 threat rating that has generated 355 abuse reports across 20 automated honeypot sensors since March 2026, making it one of the most actively hostile infrastructure nodes observed in recent weeks.
Reporting data indicates this Iranian address, operated by Limited Network LTD under autonomous system AS213790, has sustained a high activity frequency of 8/10 over an approximately two-month window between March and April 2026. The confidence score of 94 percent reflects strong corroboration across multiple detection sources. Community reports and honeypot telemetry both flagged repeated intrusion patterns, with the dominant threat category being general hacking activity alongside targeted IoT and industrial control system probes and systematic credential-guessing attacks against SOCKS5 proxy authentication mechanisms.
The attack patterns detected—particularly the SOCKS5 brute-force activity—suggest this host is being leveraged to compromise proxy infrastructure and potentially establish anonymised relay points for further malicious operations. IoT and ICS targeting indicates an interest in exploiting insufficiently secured connected devices and industrial systems, which often lack robust update mechanisms or default credential protections. Combined with the volume and diversity of reports, this behaviour profile points to an automated, persistent campaign rather than opportunistic scanning.
Site operators should immediately block or heavily restrict traffic from this address at the network perimeter and monitor inbound authentication attempts for patterns consistent with credential brute-forcing. Deploying rate-limiting rules and account lockout policies on exposed authentication endpoints substantially raises the cost of successful brute-force attacks. Implementing multi-factor authentication across all remote-access interfaces and using defensive tools such as fail2ban to automatically ban repeat offenders provides layered protection. Ensuring IoT and ICS devices operate on isolated network segments, have firmware kept current, and use non-default credentials eliminates the specific attack surface this host is observed targeting.
RO 
FR 
SE 
TR