Severe Risk
IP 78.153.140.252 is a critical-risk address associated with sustained hacking activity, having generated 509 abuse reports from automated honeypot sensors over an approximately ten-month window between August 2025 and June 2026. Hosted within AS202306 (operated by Hostglobal.plus Ltd) and originating from the United Kingdom, this IP exhibits a maximum threat rating of 10 out of 10 with an activity frequency score of 8 out of 10, indicating persistent and aggressive intrusion-oriented behavior. With a confidence score of 74 percent, analysts assess that this address is almost certainly engaged in malicious reconnaissance and exploit attempts against exposed network services rather than incidental or misconfigured traffic.
The evidence base for this assessment derives entirely from automated honeypot detections across 20 distinct sensor instances, which collectively logged hundreds of incidents attributed to this single source address. The dominant reported threat category is general hacking activity encompassing vulnerability exploitation attempts, unauthorized access probing, and intrusion pattern behavior consistent with automated attack toolkits. The geographic origin in the United Kingdom and the presence of a formally registered ASN operator do not mitigate the threat profile, as compromised or abused legitimate infrastructure is a well-documented phenomenon in threat intelligence. The sustained reporting window and high volume of detections confirm this is not an isolated incident but rather an ongoing campaign.
Hacking activity of this nature represents a concrete risk to any internet-facing service with weak or unpatched configurations. Attackers leverage automated tooling to scan broad IP ranges, identifying exposed SSH, RDP, web applications, or other entry points susceptible to brute-force credential attacks, default password exploitation, or known software vulnerabilities. An IP with a threat level of 10/10 and hundreds of reports almost certainly participates in credential stuffing, exploit delivery, or lateral movement reconnaissance, meaning exposed systems face immediate risk of compromise, data exfiltration, or enrollment in botnet infrastructure.
Site operators should block or heavily rate-limit connections from this address at the network perimeter firewall or WAF layer. Enforcing strong password policies, disabling password-based authentication where feasible, and implementing multi-factor authentication on all accessible services significantly reduces the attack surface. Deploying intrusion detection tools such as fail2ban or similar dynamic blocking mechanisms can automatically mitigate repeated login attempts. Regular security patching and vulnerability scanning of internet-facing assets are essential to close the exploitation vectors this IP likely targets.
BG 
UA 
RO 
SE 
HK 
FR