Significant Threat
IP 86.54.31.38 is a high-risk address with a threat level of 8/10, operated by Black HOST Ltd and registered to a Canadian network, that has been linked to persistent hacking activity detected through 195 abuse reports filed over approximately ten months, indicating a sustained campaign of intrusion attempts against exposed services.
The IP received its first report in August 2025 and most recently in June 2026, with all 195 reports originating from automated honeypot sensors, yielding a confidence score of 88%. The activity frequency of 5/10 reflects a moderate but consistent pattern of connections rather than sporadic spikes, suggesting an automated or semi-automated attack infrastructure. Every one of the twenty most recent threat reports categorises the activity as general hacking attempts, encompassing intrusion probing, vulnerability scanning, and unauthorized access vectors. The concentration of reports through honeypot infrastructure indicates this IP is systematically scanning and targeting systems across the internet rather than reacting to specific victim profiles.
Hacking activity of this nature poses a concrete threat to any exposed service, particularly secure shell services, remote administration interfaces, web applications, and network infrastructure components. Attackers deploying addresses associated with sustained scanning campaigns typically conduct reconnaissance to identify outdated software, misconfigured authentication mechanisms, or known vulnerabilities that can be exploited for initial access, data exfiltration, or lateral movement within networks. The persistent nature of the connections suggests the operator may be part of a larger botnet or scanning pool, increasing the likelihood that multiple attack techniques are being trialled simultaneously against any reachable target.
Network defenders should immediately block or heavily rate-limit traffic from this IP at the firewall level, particularly for services accessible from the internet such as SSH, RDP, and web administration panels. Implementing strong authentication mechanisms including public key authentication for SSH, multi-factor authentication where available, and robust password policies will reduce the effectiveness of any credential-based attempts. Deploying intrusion detection systems and configuring automated response tools such as fail2ban can actively monitor and mitigate repeated connection attempts. Organizations should also ensure all internet-facing systems are fully patched, apply the principle of least privilege for network access, and review authentication logs regularly for signs of scanning or brute-force activity originating from this address.
SC 
RO 
GB 
BG