Severe Risk
IP 108.165.179.190 is a critical-risk address originating from Brazil under network operator BattleHost (ASN AS210356) that has been linked to sustained intrusion activity, accumulating 173 abuse reports from automated honeypot sensors with a threat-level score of 10 out of 10. The dominant threat category recorded against this IP is general hacking activity, indicating repeated attempts to exploit vulnerabilities or gain unauthorized access to exposed services.
Analysis of the available reporting data reveals that all 173 incident reports were generated during April 2026, with every report sourced from automated honeypot detection systems. The confidence score of 80 percent reflects a substantial but not absolute correlation between this address and the observed malicious behavior. The SURICATA intrusion-detection system flagged anomalous TCP behavior characterized by reset packets received without corresponding active sessions, a pattern often associated with port-scanning, connection-probing or attempts to disrupt existing network flows. Despite a recorded activity frequency of 0 out of 10, the volume of distinct reports over a compressed timeframe indicates persistent automated scanning activity targeting vulnerable endpoints.
The specific detection signature — a stream reset received without an existing session context — suggests the address is engaged in reconnaissance or exploitation probes designed to identify open ports, misconfigured services or stateful firewall weaknesses. Such techniques are frequently deployed as precursors to more targeted attacks, allowing threat actors to map network topology and identify unpatched services before launching credential-based or exploit-based intrusions. Exposed services receiving connections from this IP face elevated risk of enumeration attacks and potential vulnerability exploitation if not properly hardened.
Network administrators should immediately block or rate-limit traffic originating from 108.165.179.190 at the firewall or network perimeter level. Deploying or strengthening fail2ban or equivalent dynamic blocking tools can automate this response based on repeated hostile probes. Ensure all exposed services are patched to current security versions, enforce strong authentication requirements, and confirm that intrusion-detection signatures are updated to alert on anomalous TCP state anomalies. Ongoing monitoring of logs for repeated connection attempts from this address will help identify any successful compromise attempts.
CH 
RO 
BG 
CA 
UA