Significant Threat
IP 45.84.107.198 is a high-risk address operated by QuxLabs AB in Sweden and is linked to persistent brute-force and hacking activity, with 515 abuse reports filed over an eight-month window. The IP presents a threat level of 8/10, driven primarily by automated honeypot detections and community submissions flagging it for SSH brute-force attempts, SMB exploitation probes, and general port-scanning behaviour against CiscoASA firewall infrastructure. The volume of reports and the diversity of attack vectors indicate this address is actively used in hostile reconnaissance and credential-compromise operations rather than isolated probing.
According to available intelligence, automated honeypot sensors generated the majority of the 515 reports, with additional corroboration from four community sources. The IP was first reported in September 2025 and remained active through May 2026, spanning roughly eight months of documented hostile engagement. While the activity frequency score of 2/10 suggests the attacks are intermittent rather than constant, the sustained timeline and the confirmed presence of SMBv1 exploitation attempts and CiscoASA port-scan probes demonstrate deliberate, methodical targeting of common network vulnerabilities. The 69% confidence score reflects reasonable certainty that this traffic originates from deliberate malicious intent rather than misconfiguration or benign scanning.
The dominant threat category, brute-force activity, involves systematic credential-guessing against authentication endpoints such as SSH services. When combined with SMB exploitation probes and port-scanning behaviour, this pattern suggests the operator is attempting to compromise exposed services for either direct system access or subsequent deployment of tooling such as ransomware or remote-access trojans. The detection of SMBv1 usage is particularly concerning, as this legacy protocol is known to contain critical vulnerabilities that have been weaponised in widespread campaigns. An IP exhibiting this cluster of behaviours poses a concrete risk to any organisation running outdated or poorly configured network services without multi-factor authentication or rate-limiting controls.
Site operators should block IP 45.84.107.198 at the firewall or intrusion-prevention level to immediately eliminate the threat vector. Enforcing strong, unique passwords alongside multi-factor authentication on all remote-access services significantly reduces the effectiveness of brute-force attempts. Implementing rate-limiting rules or tools such as fail2ban can automatically detect and throttle repeated authentication failures. Finally, ensuring that SMBv1 is disabled and that CiscoASA and similar firewall devices run current firmware patches will eliminate the specific vulnerabilities this IP has been observed probing.
RO 
GB 
JP 
LV 
KR 
TH