Elevated Risk
IP 91.92.243.76 is a high-risk address with a threat level of 8 out of 10, linked predominantly to sustained port-scanning activity against exposed network infrastructure. This IP has accumulated 1,584 abuse reports through automated honeypot sensors, reflecting a high-volume reconnaissance campaign that warrants immediate defensive attention.
The activity against IP 91.92.243.76 was first reported in May 2026 and continued through June 2026, with an activity frequency rated 8 out of 10. All 20 most recent report sources consist of automated honeypot sensors, indicating systematic automated scanning rather than isolated manual probing. The IP is registered to Omegatech LTD operating under ASN AS202412, and is geographically attributed to the United States. The confidence score of 91% in the threat assessment provides substantial reliability that this address is intentionally engaged in hostile network reconnaissance. The 1,584 total reports far exceed typical background scanning noise, placing this IP firmly in the category of persistent threat actors rather than casual or inadvertent scanning.
Port scanning represents the initial phase of a targeted attack, where adversaries systematically probe target systems to identify open services, unpatched software and potential entry points. The specific detection of Ciscoasa port scan and probe activity targeting this IP suggests the actor is cataloguing exposed Cisco security appliances, which are high-value targets due to their network-critical positioning. Successful reconnaissance enables subsequent attacks such as credential stuffing, exploit delivery or lateral movement. For any organization with CiscoASA or similar perimeter devices exposed to this scanning IP, the risk of eventual compromise escalates significantly with continued exposure.
Site operators should immediately block IP 91.92.243.76 at the firewall level and implement geolocation-based filtering if the United States origin is inconsistent with expected traffic. Enforcing strict inbound connection rules, disabling unnecessary services on exposed hosts and applying rate-limiting to authentication endpoints will reduce the effectiveness of any follow-on attacks. Deploying fail2ban or equivalent intrusion-prevention tools to automatically ban repeated scanning behaviour provides automated protection. Continuous monitoring of honeypot and firewall logs for renewed activity from this or adjacent addresses will help detect escalation attempts before they succeed.
HK 
UA