Severe Risk
IP 170.39.218.254 is a high-risk address linked to general hacking activity. With a maximum threat score of 10/10 and 221 total abuse reports detected by automated honeypot sensors, this Canadian IP presents a significant danger to any exposed network service.
The address resolves within the REDHEBERG network (ASN AS52053) and was first reported in January 2026, with continued activity through the same month. All 221 reports originate from automated honeypot sensors, indicating sustained and systematic intrusion attempts rather than isolated scanning. The activity frequency rating of 8/10 demonstrates consistent, repeated contact with vulnerable targets over a compressed timeframe. This concentrated pattern of automated detection across multiple honeypot deployments signals an active, persistent threat actor operating within Canadian network infrastructure.
General hacking activity encompasses a broad spectrum of unauthorized intrusion attempts, vulnerability exploitation, and credential-based attacks. This IP's profile suggests systematic scanning and exploitation of exposed services, with the high volume of reports indicating either a sophisticated automated toolkit or a determined manual operator. Services such as SSH, Telnet, FTP, or other remotely accessible systems face the greatest risk from this activity, as attackers probe for weak credentials and known vulnerabilities to gain initial access.
Site operators should implement immediate defensive measures: block or rate-limit the address at the network perimeter using standard intrusion prevention tools, enforce strong, unique credentials and multi-factor authentication on all accessible services, maintain current patching across all exposed systems, and monitor authentication logs for corresponding brute-force or exploitation patterns. Proactive blocking of known-malicious IPs at the firewall level remains one of the most effective first-line defenses against this type of persistent scanning activity.
FR 
RO 
SE 
TR