Is IP address 194.107.115.199 dangerous?

Yes, 194.107.115.199 is considered dangerous with a threat level of 10/10. It has been reported 1,957 times for malicious activities including . We recommend blocking this IP address.

Should I block IP address 194.107.115.199?

Yes, blocking 194.107.115.199 is strongly recommended. With a threat level of 10/10 and 1,957 security reports, this IP poses significant risk. Implement firewall rules to block incoming and outgoing traffic.

How accurate is this threat assessment for 194.107.115.199?

Our threat assessment for 194.107.115.199 has a confidence score of 76%, based on 1,957 independent reports from multiple independent sources. Higher confidence scores indicate more reliable assessments.

IP Address

194.107.115.199

IPv4 Public

AS197984

State Unitary Enterprise Scientific Engineering...

1,957 Reports

UZ Location

State Unitary Enterprise ... ASN 197984

1,957 Reports

Honeypot Data Source

Extreme Threat

IP 194.107.115.199 is a maximum-threat-level address originating from Uzbekistan that has been flagged in 1,944 abuse reports by automated honeypot sensors over approximately eight months. With a threat rating of 10 out of 10 and an activity frequency score of 8 out of 10, this address demonstrates sustained, high-volume SSH brute-force activity that places it among the most persistently malicious IPs observed in recent threat telemetry. The overwhelming majority of recent reports document systematic credential-guessing attempts targeting exposed SSH services, while isolated instances of general hacking activity and exploited-host signatures suggest this infrastructure may be operating as part of a broader attack campaign.

Automated honeypot sensors detected this activity across 20 distinct detection points between October 2025 and June 2026, yielding a confidence score of 75 percent. The IP routes through AS197984, operated by the State Unitary Enterprise Scientific Engineering and Marketing Researches Center UNICON.UZ, a state-affiliated entity in Uzbekistan. Sensor logs repeatedly captured fail2ban triggers with 25 to 28 violations per instance, alongside Suricata alerts documenting active SSH sessions on expected ports. The consistent pattern of brute-force detection across multiple independent sensors, combined with the exploited-host classification in two recent reports, indicates this address is either actively scanning for vulnerable servers or has itself been compromised and weaponized without the operator's knowledge.

SSH brute-force attacks represent a well-established intrusion vector in which threat actors use automated tools to rapidly cycle through username and password combinations until valid credentials are discovered. For any organization exposing port 22 to the internet, this activity creates an immediate risk of unauthorized server access, privilege escalation and data exfiltration. The sustained eight-month campaign from this address, combined with its high report volume and exploited-host indicators, suggests it is part of an organized scanning infrastructure rather than opportunistic noise. Servers running default SSH configurations with password-based authentication face the greatest exposure to such attacks, as successful compromise grants attackers a persistent foothold for further exploitation.

More threatening than 94% of monitored IPs

Threat Categories

SSH 27

Hacking 8

Exploited Host 4

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 4 weeks indicates persistent threat actor operations.

First Observed 10. May 2026

Last Activity 8. June 2026

Recent (7 days) 13 incidents

Reputable Network

This IP is hosted on a network (ASN 197984) with generally good reputation. The ISP State Unitary Enterprise Scientific Engineering and Marketing Researches Center UNICON.UZ maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Long-term blocking recommended.

Reputation Summary

Threat Level 10/10 Critical

Critical

Activity Frequency 8/10 High

Confidence Score 76% Verified

Confidence History

19. May 2026 - 8. Jun 2026

76% Current

Stable Trend

Date	Categories	Source	Confidence
8. Jun 2026 New	SSH	Honeypot	75%
7. Jun 2026	SSH	Honeypot	75%
6. Jun 2026	SSH	Honeypot	75%
6. Jun 2026	SSH Hacking Exploited Host	Honeypot x3	75%
5. Jun 2026	SSH Hacking	Honeypot x2	75%
5. Jun 2026	Hacking	Honeypot	75%
5. Jun 2026	SSH	Honeypot	75%
5. Jun 2026	Exploited Host	Honeypot	75%
5. Jun 2026	Hacking SSH	Honeypot x2	75%
5. Jun 2026	SSH	Honeypot	75%
5. Jun 2026	SSH	Honeypot	75%
3. Jun 2026	SSH	Honeypot	75%
2. Jun 2026	SSH	Honeypot	75%
1. Jun 2026	SSH	Honeypot	75%
31. May 2026	SSH	Honeypot	75%
29. May 2026	Hacking	Honeypot	75%
29. May 2026	Exploited Host SSH	Honeypot x2	75%
29. May 2026	Hacking SSH	Honeypot x2	75%
27. May 2026	SSH	Honeypot	75%
26. May 2026	SSH	Honeypot	75%
26. May 2026	SSH	Honeypot	75%
26. May 2026	SSH	Honeypot	75%
26. May 2026	SSH	Honeypot	75%
26. May 2026	SSH	Honeypot x2	75%
26. May 2026	SSH	Honeypot x2	75%
25. May 2026	SSH	Honeypot	75%
25. May 2026	SSH	Honeypot	75%
21. May 2026	SSH	Honeypot	75%
19. May 2026	SSH Hacking	Honeypot x2	75%
19. May 2026	Hacking SSH Exploited Host	Honeypot x3	75%

Basic Information

IP Address: 194.107.115.199
IP Version: IPv4
Network Type: Public
Tor Network: No
Network Class: Class C

Geolocation

Country: UZ
ASN: AS197984
ISP: State Unitary Enterprise Scientific Engineering and Marketing Researches Center UNICON.UZ

DNS Information

Reverse DNS: None
PTR Record: No
Connection Type: Static

Statistics

Total Reports: 1,957
First Reported: 15 Oct 2025
Last Reported: 8 Jun 2026, 01:37

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

ASN: AS197984

Organization: State Unitary Enterprise Scientific Engineering and Marketing Researches Center UNICON.UZ

Country:

Network Threat Assessment

2/10

This network appears to be relatively clean with very low threat indicators.

Network Statistics

Total IPs Monitored

2,197

Total Reports

549.3

Reports per IP

Network Context

This IP address belongs to State Unitary Enterprise Scientific Engineering and Marketing Researches Center UNICON.UZ (AS197984), which manages 4 IP addresses in our monitoring system. Out of these, 2,197 have been reported for suspicious activities, resulting in a network-wide threat level of 2/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

94 %

Global Threat Ranking

This IP is more threatening than 94% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 198,782 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++

Total Reports 1,957 avg: 23 ++

Network Comparison

Compared against 4 IPs in ASN 197984

Threat Level 10/10 network avg: 10.0 =

Total Reports 1,957 network avg: 561 ++

Network State Unitary Enterprise Scientific Engineering and Marketing Researches Center UNICON.UZ has overall threat level 2/10

Geographic Comparison

Compared against 155 IPs in UZ

Threat Level 10/10 country avg: 5.7 ++

Total Reports 1,957 country avg: 21 ++

Daily report activity over the last 30 days showing patterns and peaks.

Peak Day 5 Jun 2026 7 reports

Daily Average 1.1 reports/day

Most Active Wednesday 1,845 reports

Evolution of threat level over time based on reported categories and frequency.

Initial Threat 6/10

Current Threat 6/10

Distribution of threat categories reported over time.

Top Threat Categories

Hacking 1,809

SSH 162

Exploited Host 9

Activity patterns showing when this IP is most active during the day and week.

Hourly Activity

Peak activity at 08:00 with 302 reports

Weekly Activity

Geographic Threat Distribution

186,538 threat incidents tracked globally • Last 24h: 18,649 Logs

FEED

Top Threat Sources

01

United States US

38,338 20.6%
02

India IN

28,859 15.5%
03

China CN

25,971 13.9%
04

Brazil BR

10,208 5.5%
05

Germany DE

7,133 3.8%
06

Singapore SG

6,457 3.5%
07

Indonesia ID

5,497 2.9%
08

Russia RU

4,694 2.5%
09

Pakistan PK

4,635 2.5%
10

Netherlands NL

4,351 2.3%

+40 more countries

THREAT LEVEL

LOW MED HIGH

IPs from the same Autonomous System (AS) network provider.

3 Related IPs

10/10 Avg Threat

83% Avg Confidence

3 High Threat

High-risk network: Majority of related IPs are flagged

Extreme Threat

Threat Categories

Technical Details

Recommended Mitigations

Behavioral Analysis

Reputable Network

Security Recommendations

Basic Information

Geolocation

DNS Information

Statistics

Network Reputation

Network Identity

Network Threat Assessment

Network Statistics

Network Context

Global Threat Ranking

Top Threat Categories

Hourly Activity

Weekly Activity

FEED

Top Threat Sources

JSON Report

Firewall Rules

iptables / netfilter

UFW (Ubuntu)

Windows Firewall

Cloudflare

nginx

Apache .htaccess

PDF Report

Analyzed high-risk IP addresses

reportedIP

Parkstraße 19, 80339 München

Consultation

+49-89-215505888

Report a IP

[email protected]