High Risk
IP 157.245.222.108 is a high-risk address operating from DigitalOcean's network infrastructure (AS14061) in the United States, linked to sustained hacking activity with 2,656 abuse reports filed against it over approximately nine months. With a threat level of 8/10 and an activity frequency rated equally severe, this IP represents a persistent, active threat to internet-facing services. The concentration of recent reports categorizing all activity as hacking attempts underscores its consistent malicious intent rather than isolated scanning behavior.
Analysis of the available data reveals that all 20 most recent reports specifically classify the activity as hacking, indicating a focused campaign rather than opportunistic reconnaissance. The IP was first reported in September 2025 and remained active through June 2026, demonstrating sustained engagement over an extended period. Detection originated exclusively from automated honeypot sensors, suggesting the address is actively probing for vulnerable services across the internet. The 81% confidence score aligns with the volume and consistency of reports, reinforcing that this activity pattern is not incidental but reflects deliberate, repeated intrusion attempts.
The dominant hacking classification encompasses various intrusion methodologies, including exploitation attempts against known vulnerabilities, credential-based attacks, and unauthorized access probes targeting exposed services. For organizations running SSH, RDP, web applications, or other network-accessible interfaces, an IP with this reputation poses concrete risks including potential account compromise, data exfiltration, and foothold establishment within internal networks. The sustained frequency of reports indicates the operator behind this address is persistent and likely automated, meaning attacks may occur continuously rather than in isolated bursts.
Site operators should implement immediate defensive measures: block or restrict access from this IP at the firewall or network edge level, enforce strong authentication mechanisms on all exposed services, and deploy rate-limiting rules to mitigate automated attack tooling. Implementing intrusion detection systems and monitoring for the specific attack patterns associated with this address will provide early warning of any compromise attempts. Regularly auditing access logs for connections originating from this range and maintaining current security patches across all internet-facing systems are critical steps to reduce vulnerability to the intrusion methodologies this IP employs.
NL 
GB 
CH 
RO 
BG 
CA 
UA