Extreme Threat
IP 78.153.140.43 is a critical-risk address linked to sustained, high-volume hacking activity. Operated by Hostglobal.plus Ltd in the United Kingdom under ASN AS202306, this IP has accumulated 618 confirmed abuse reports from automated honeypot sensors over roughly nine months of active detection, earning a threat level of 10/10 and an activity frequency score of 8/10.
The reported activity spans September 2025 through May 2026, indicating persistent malicious behavior across an extended period rather than isolated incident spikes. All 618 reports across the detection window were classified as hacking attempts, encompassing various intrusion patterns detected by honeypot infrastructure. The consistent volume of reports — averaging approximately 69 per month — combined with the high activity frequency rating suggests this address functions as either a compromised host participating in automated attack campaigns or dedicated attack infrastructure operating continuously against target systems.
The hacking classification for this IP encompasses unauthorized access attempts, exploitation of vulnerabilities in exposed services, and intrusion activities that directly threaten network security. Real-world risks include credential stuffing attacks against SSH, RDP, or web authentication portals, exploitation of unpatched software on internet-facing servers, and potential lateral movement if initial compromise succeeds. The sustained nature of the activity indicates an automated, opportunistic approach targeting any vulnerable service encountered rather than selective attacks.
Organizations should block this IP at the network perimeter firewall or through intrusion prevention systems, as immediate mitigation eliminates exposure to its confirmed malicious traffic. Deploying automated abuse-response tools such as fail2ban can detect and dynamically block repeated connection attempts. Enforcing strong authentication policies — including key-based authentication for SSH, complex password requirements, and account lockout thresholds — reduces the effectiveness of any intrusion attempts that do reach services. Continuous monitoring of authentication logs for patterns associated with brute-force or scanning activity enables rapid incident response. Ensuring all internet-facing systems receive timely security patches eliminates the vulnerabilities this IP likely attempts to exploit.
UA