Severe Risk
IP address 45.79.181.104 is a high-risk threat actor associated with sustained intrusion activity and IoT-specific targeting, accumulating 575 abuse reports from automated honeypot sensors since August 2025. With a maximum threat rating and activity frequency of 8 out of 10, this US-based address demonstrates persistent scanning and probing behavior against exposed network services and connected devices. The volume and consistency of reports indicate this is not isolated opportunistic activity but rather an organized scanning campaign originating from Akamai Connected Cloud infrastructure.
Data from twenty separate automated honeypot sensors confirms the threat assessment for IP 45.79.181.104, with reporting activity spanning approximately ten months from August 2025 through June 2026. The detection confidence stands at 72 percent, reflecting substantial evidence tying this address to malicious conduct. Network analysis reveals the address operates within AS63949, managed by Akamai Connected Cloud, suggesting the activity likely originates from either compromised cloud resources or intentionally hosted scanning infrastructure. The dominant threat categories include general hacking attempts and specifically targeted probes against Internet of Things devices, with nineteen hacking reports and one IoT-specific report recorded.
The hacking activity linked to IP 45.79.181.104 represents automated intrusion attempts, vulnerability scanning, and unauthorized access probes targeting exposed services. The IoT targeting component indicates deliberate reconnaissance of poorly secured connected devices such as cameras, routers, and smart sensors, often running outdated firmware with default credentials or exposed management interfaces. Detection signatures flagged anomalous protocol behavior consistent with connection attempts that establish contact without completing full handshakes, a characteristic pattern of automated reconnaissance tools that identify listening services before attempting exploitation. This combination of broad scanning and IoT-specific probing poses concrete risk to any exposed device lacking proper hardening.
Network operators should immediately block or rate-limit traffic from IP 45.79.181.104 at the firewall level and consider implementing automated blocking tools such as fail2ban to respond to repeated connection attempts. All IoT devices on the network should be isolated in dedicated segments, updated with current firmware patches, and configured with non-default credentials. Exposed services should be reviewed for unnecessary accessibility, with strong authentication enforced on any that must remain public. Ongoing monitoring for emerging threats and regular security audits will help mitigate risks from this and similar hostile addresses.
AU 
GB 
UA