High Risk
IP 146.190.149.252 is a high-risk address originating from DigitalOcean's infrastructure in the United States, linked to extensive hacking activity with 9,967 abuse reports filed through automated honeypot sensors over approximately nine months. With a threat level of 8 out of 10 and an activity frequency rated 8 out of 10, this IP represents a persistent, automated threat targeting exposed services across the internet. The concentration of identical threat-category reports—hacking intrusion attempts—underscores a focused campaign rather than opportunistic scanning.
Analysis of the detection data reveals consistent hostile activity from this address between September 2025 and June 2026, indicating sustained engagement by automated attack tools. All 9,967 reports were generated by automated honeypot sensors, providing high confidence (81%) that the observed behavior represents genuine malicious intent. The AS14061 network allocation through DIGITALOCEAN-ASN places this activity within a major cloud hosting provider frequently abused by threat actors for its global IP pools and relative reputation anonymity. The uniform "Hacking" classification across all recent reports confirms a singular, determined intrusion strategy.
Hacking activity encompasses exploitation of known vulnerabilities, credential brute-forcing, and unauthorized access attempts against internet-facing services. For organizations with exposed SSH, HTTP APIs, or application-layer interfaces, an IP generating this volume of hostile connection attempts poses concrete risk of credential compromise, data exfiltration, or foothold establishment within internal networks. The sustained nine-month timeframe and 8/10 activity frequency indicate persistent scanning infrastructure rather than transient compromise attempts, meaning defenders cannot assume the threat will abate on its own.
Network defenders should implement immediate blocking for IP 146.190.149.252 at the firewall or network perimeter level and configure automated response tools such as fail2ban to dynamically ban repeated offenders matching this attack signature. All internet-facing services must enforce strong authentication policies, apply security patches within 24–48 hours of release, and maintain continuous intrusion detection monitoring to identify anomalous traffic patterns associated with this source and similar addresses on the same network block.
NL 
GB 
CH 
RO 
BG 
CA 
UA