Maximum Danger
IP 91.92.243.24 presents a maximum threat level of 10/10 and is classified as an exploited host, indicating this address belongs to a compromised system being weaponised by threat actors without the owner's knowledge. The IP has accumulated 439 total abuse reports across automated honeypot sensors, with the dominant activity category consistently identified as an exploited host. Despite an activity frequency rating of 0/10 suggesting a cessation of recent operations, the sheer volume of historical reports and maximum threat classification demand immediate defensive action.
Detection data shows all 439 reports originated from automated honeypot infrastructure during March 2026, indicating a concentrated period of hostile activity. The 72% confidence score reflects reasonable certainty that this IP is definitively malicious rather than misclassified, though a portion of the evidence base remains circumstantial. Geolocation places the address within United States network space, specifically routed through AS202412 under the operator Omegatech LTD, a hosting provider whose network has been flagged for harbouring malicious infrastructure. The consistent identification of this address as an exploited host across multiple independent sensor sources strengthens the assessment that the underlying system has been fully compromised.
An exploited host represents one of the more dangerous categories in network threat intelligence because the compromised machine serves as an unwitting attack platform, often bypassing reputation-based filters that would block known malicious exit nodes. Attackers frequently repurpose such systems for secondary campaigns including distributed denial-of-service traffic, credential stuffing against external services, malware distribution, and reconnaissance probes. The presence of 439 distinct abuse events confirms sustained, systematic exploitation rather than isolated scanning, meaning this address has been actively weaponised for an extended campaign against honeypot infrastructure simulating vulnerable services.
Site operators should block IP 91.92.243.24 at the network perimeter firewall or intrusion prevention system immediately, as blocking remains the most effective mitigation for confirmed exploited hosts. Implement fail2ban or equivalent log analysis tools to automatically ban IPs generating authentication failure patterns associated with brute-force attempts. Review outbound traffic logs for any communication between internal systems and this address, as lateral movement may have occurred during the active exploitation window. Finally, consider filing an abuse report with Omegatech LTD to facilitate notification to the legitimate system owner whose infrastructure is being weaponised without authorisation.
UA 
GB