Extreme Threat
IP 197.248.144.117 is a high-risk address originating from Safaricom's Kenyan network (AS37061) that has accumulated 556 abuse reports from automated honeypot sensors since September 2025, with recent activity continuing through March 2026, making it a confirmed source of sustained hacking activity that warrants immediate blocking.
The IP demonstrated notably high activity frequency (8/10) across a six-month window, with all 556 reports attributed to a single threat category: hacking-related intrusion attempts. Every single report originated from automated honeypot sensors, yielding a 75% confidence score in the assessment. The geographic placement within Kenya on a major East African ISP network suggests the activity may originate from compromised infrastructure within that network or from an actor leveraging these routes for regional targeting.
Hacking activity in this context refers to automated intrusion attempts, vulnerability probing and exploitation attempts directed at exposed services. The volume of reports and sustained frequency indicate a systematic scanning or brute-force campaign rather than opportunistic probing. Real-world risk includes unauthorized access to servers, web applications or network devices if proper hardening is absent; credential compromise if weak authentication is used on targeted services; and potential pivot points for further network reconnaissance or lateral movement.
Network operators should block or rate-limit this IP at the perimeter firewall, enforce strong key-based authentication on any exposed services, apply security patches promptly to eliminate known vulnerabilities and deploy defensive tools such as fail2ban to automatically ban repeated offending sources. Monitoring logs for correlated activity patterns from adjacent IP ranges within the same ASN is also recommended.
KR 
UA 
RO 
MX 
UG 
FR 
CA