Severe Risk
IP address 185.93.89.192, allocated to Iranian network operator Limited Network LTD under ASN AS213790, presents a critical threat profile with a maximum threat-level rating of 10 out of 10 and a 94 percent confidence score based on 358 separate incident reports. Automated honeypot sensors across multiple locations recorded this address engaging in persistent intrusion activity between March and April 2026, yielding an activity frequency score of 7 out of 10. The volume and consistency of these reports, originating from 20 distinct sensor installations, indicate sustained hostile intent rather than opportunistic scanning. Security databases frequently flag this address when operators query IP reputation, and the combined evidence positions it as a reliable candidate for immediate blocking at network perimeters.
The dominant threat category associated with 185.93.89.192 is general hacking activity, supplemented by targeted exploitation of Internet of Things infrastructure and authentication brute-force attempts. Sensor data and community reports document connection patterns consistent with vulnerability probing, along with explicit attempts to compromise IoT and ICS devices and brute-force attacks against SOCKS5 proxy authentication endpoints. The 358 total reports break down into 17 hacking incidents, 2 IoT-targeted incidents, and 1 brute-force incident, though the underlying connection logs suggest these categories often overlap during a single intrusion campaign. The two-month observation window demonstrates that this address returns repeatedly to target exposed services, indicating an automated scanning and exploitation infrastructure rather than manual human-driven attacks.
Hacking activity of this severity exposes organisations to remote code execution, data exfiltration, and complete system compromise if unpatched vulnerabilities exist on internet-facing services. When combined with IoT-targeted exploitation, the risk extends to operational technology environments where insecure cameras, routers, or industrial controllers may serve as entry points into deeper network segments. SOCKS5 brute-force attempts specifically target proxy infrastructure, potentially enabling attackers to route malicious traffic through compromised systems or pivot further into internal networks. The pattern of repeated targeting within a compressed timeframe suggests the attacking infrastructure treats this IP as part of an ongoing campaign rather than a one-time probe, meaning exposure duration directly correlates with compromise likelihood.
RO 
FR 
SE 
TR