Significant Threat
IP 158.94.211.35 is a moderate-to-high-risk address operated by Railnet LLC under ASN AS214943 in the United States, with 301 total abuse reports filed against it over a two-month period in early 2026. The dominant threat activity centres on SMTP spam and general hacking intrusion attempts, suggesting the host may be participating in mass email abuse campaigns or serving as a stepping stone for broader network intrusion operations.
Analysis of the available reporting data reveals that automated honeypot sensors logged the majority of detections across 20 distinct sources. The 301 total reports span two primary categories: Email Spam accounting for 20 individual reports and Hacking activity contributing 14 reports, with both threat types active between February and March 2026. Notably, the activity frequency metric reads at 0/10, indicating that while the cumulative report volume is substantial, the detected abuse events were clustered rather than sustained continuously over the reporting window. The Suricata intrusion-detection signatures flagged repeated instances of broken acknowledgment packets within SMTP streams, a pattern often associated with automated reconnaissance tools and malformed traffic used to evade basic spam filters.
The combination of SMTP abuse and intrusion-probing activity presents concrete risks to any exposed mail or network services. Email spam originating from this address could harm recipient mail systems through reputation damage, bounce-back amplification, and potential phishing or malware distribution if messages reach end users. The accompanying hacking probes suggest attempts to exploit vulnerabilities or brute-force authentication on exposed services, which could lead to unauthorized access, data exfiltration, or further compromise of connected infrastructure. The broken ACK packet pattern specifically indicates potential evasion techniques designed to bypass stateless packet filtering.
Site operators should take the following defensive actions: implement strict egress filtering to block known spam-source IPs from sending outbound mail, enforce strong authentication requirements on any exposed services including multi-factor authentication and non-default credentials, configure intrusion detection systems to alert and optionally drop traffic matching the observed broken-ACK SMTP pattern, and consider deploying tools such as fail2ban to automatically ban repeat offenders. Ongoing monitoring of IP reputation feeds and blocklists is recommended to ensure this address remains blocked if the abuse pattern escalates.
BG 
HK 
UA 
GB