Maximum Danger
IP 92.63.197.22 is a critical-risk address operated from Ukraine that has generated 989 abuse reports over approximately ten months, indicating a highly active source of hacking activity against exposed network services. With a threat level of 10 out of 10 and an activity frequency rating of 8 out of 10, this IP represents one of the most consistently hostile observers in recent threat telemetry, warranting immediate blocking by any organization exposing relevant services to the internet.
Automated honeypot sensors across multiple reporting nodes recorded all 989 reports attributed to this address between August 2025 and June 2026, yielding a 94 percent confidence score that the observed activity is malicious rather than incidental. The IP routes through AS211736, operated by FOP Dmytro Nedilskyi, a Ukrainian network entity. All 20 most recent report entries classify the activity under the hacking category, specifically noting attack connection patterns. The sustained volume of reports over a concentrated timeframe demonstrates persistent, automated probing rather than isolated scanning events, suggesting dedicated hostile infrastructure rather than a single compromised host.
Hacking activity encompasses a broad range of intrusion attempts, including exploitation of known vulnerabilities, credential stuffing, and unauthorized access probes against exposed services. The dominant attack connection behavior indicates this address actively establishes sessions with target systems to map attack surface or deliver payloads. For organizations running exposed SSH, Telnet, HTTP APIs, or similar services, such an IP poses direct risk of compromise if defensive controls are absent. The prolific report volume suggests this actor targets many organizations simultaneously, increasing the statistical likelihood of successful exploitation against unpatched or misconfigured systems.
Site operators should block 92.63.197.22 at the network perimeter or firewall level immediately, and consider implementing deny-by-default firewall rules for the entire AS211736 address range if Ukrainian routing is not required for legitimate business. Deploying intrusion detection systems and logging anomalous connection attempts will surface any subsequent attempts from related infrastructure. Rate-limiting authentication endpoints and enforcing strong, unique credentials with multi-factor authentication dramatically reduces the effectiveness of credential-based attacks originating from such sources. Regularly auditing exposed services and applying security patches promptly closes the vulnerabilities this category of threat actor typically exploits.
RO 
FR 
SE 
TR