Critical Alert
IP 37.77.150.83 is a critical-risk address operated from Russia that has generated 288 abuse reports from automated honeypot sensors in a concentrated three-month window, making it one of the most actively threatening IPs currently under observation for intrusion activity.
The IP, registered to Proton66 OOO under autonomous system AS198953, was first flagged in March 2026 and continues to generate reports through May 2026, indicating sustained rather than opportunistic behaviour. With a threat level rated at the maximum 10 out of 10 and a confidence score of 92 percent, the 288 total reports represent a notably high volume of malicious connections concentrated within this timeframe. Activity frequency scored at 8 out of 10 confirms this is not a passive or dormant threat but an actively scanning and probing address. All 20 recent reports categorise the activity under the broad "Hacking" classification, encompassing various intrusion attempts, vulnerability probing, and unauthorized access vectors. The consistent volume of connections detected across multiple automated honeypot sensors points to automated, scripted scanning behaviour rather than manual targeted attacks.
The dominant hacking activity associated with this address poses genuine risk to any exposed service listening on common ports or running vulnerable software. Such probes typically attempt to identify weaknesses in perimeter defences, exploit known vulnerabilities in unpatched systems, or test default and weak credentials across exposed services. The sustained frequency suggests this IP is part of an automated scanning campaign that cycles through target ranges systematically, meaning any organisation with internet-facing services in the observed scanning patterns could encounter these connection attempts. The geographic origin and autonomous system operator suggest this address participates in broad infrastructure scanning operations rather than narrowly targeted intrusion.
Organisations with internet-facing assets should consider blocking IP 37.77.150.83 at the firewall level given its confirmed malicious history. Implementing automated tools such as fail2ban or crowdsec can detect and dynamically block repeated connection attempts from this address. Ensuring all exposed services run current patches and disabling unnecessary services reduces the attack surface these probes can exploit. Rate-limiting incoming connections and enforcing strong authentication on accessible services adds additional friction against automated intrusion attempts. Monitoring logs for this IP address and related scanning patterns helps refine defensive rules and identify potential compromise if any connection succeeds.
FR