Critical Alert
IP 91.224.92.125 is a high-risk address with a maximum threat level of 10/10, exhibiting persistent unauthorized access attempts and IoT-directed exploitation activity against exposed honeypot sensors. With 713 abuse reports sourced from 20 distinct automated honeypot sensors over a two-month window spanning March to April 2026, this IP demonstrates a concentrated and deliberate campaign targeting vulnerable systems. The confidence score of 76% reflects substantial corroboration across detection systems, establishing reliable attribution of malicious behavior.
The report volume of 713 complaints distributed across 20 independent honeypot sensors averages roughly 35 detections per sensor, indicating that 91.224.92.125 systematically probes network infrastructure across multiple vantage points. Despite a low activity frequency rating of 0/10, the sheer volume of reports within the compressed March–April 2026 timeframe suggests intermittent but high-intensity attack bursts rather than sustained low-level reconnaissance. Geographically mapped to Great Britain, the IP routes through autonomous system AS209605, operated by UAB Host Baltic, a hosting provider whose infrastructure has been associated with previous abuse campaign tracking. The dual threat composition—16 hacking-category incidents and 4 IoT-targeted incidents—reveals a dual-vector approach combining generic intrusion attempts with specialized exploitation of Internet-of-Things device vulnerabilities.
The hacking-category activity indicates general intrusion vector testing, including vulnerability probing and unauthorized access attempts against exposed services. The concurrent IoT-targeted activity signals that 91.224.92.125 operators are actively scanning for misconfigured smart devices, routers, and connected hardware with weak or default credentials. Together, these attack patterns suggest an adversary seeking both immediate unauthorized access and long-term persistent footholds through compromised IoT endpoints, which can serve as reliable egress points or pivot nodes within a target network.
Network defenders encountering this IP should immediately block or rate-limit inbound connections from 91.224.92.125 at the network perimeter firewall or web application firewall level. Organizations with IoT deployments should audit device firmware status, replace default credentials with strong unique passphrases, disable universal plug-and-play on routers, and segment IoT devices onto isolated VLANs to contain potential compromise spread. Deploying automated authentication hardening tools such as fail2ban on SSH and Telnet services reduces the effectiveness of brute-force attempts associated with this address. Continuous monitoring of abuse feeds and log analysis for source IP 91.224.92.125 will enable rapid detection of any follow-on reconnaissance or repeated targeting attempts against your infrastructure.
LT 
MX 
CA 
UA 
UZ 
RO 
BD