Maximum Danger
IP 78.153.140.93 is a high-risk address associated with sustained web application reconnaissance and probing activity, registered to Hostglobal.plus Ltd in the United Kingdom and operating within ASN AS202306. With a threat level of 10/10 and an activity frequency rating of 8/10, this IP has generated 1,120 total abuse reports across an 11-month reporting window from August 2025 through June 2026, indicating persistent rather than opportunistic behaviour. The confidence score of 73% reflects a solid evidentiary basis for the threat assessment, derived from 20 automated honeypot sensor detections that captured web application probe patterns targeting exposed services.
The geographic location in Great Britain and the network operator's commercial hosting profile are consistent with infrastructure used for scanning operations, whether conducted by threat actors leasing servers or through compromised hosting accounts repurposed for hostile activity. The dominance of Web App Attack categorisation in recent reports, combined with the abstract pattern description of "web app/probe," signals that this address has been systematically testing web-facing applications for known vulnerabilities rather than conducting high-volume network scanning. The sustained report volume over an extended period and the high activity frequency both suggest deliberate, methodical reconnaissance rather than transient scanning noise.
Web application attacks exploit vulnerabilities in internet-facing software, including injection flaws, authentication weaknesses, and misconfiguration errors that could allow unauthorised access, data exfiltration, or further intrusion into backend systems. The probe activity attributed to IP 78.153.140.93 represents the reconnaissance phase of this threat chain, where attackers identify potentially vulnerable endpoints before deploying exploitation tooling. Any organisation running unprotected or unpatched web applications represents a high-value target for this type of sustained probing.
Site operators should immediately block or rate-limit this IP at the firewall or load-balancer level, particularly for HTTP/HTTPS traffic to web application endpoints. Deploying a Web Application Firewall with rulesets covering OWASP Top 10 vulnerabilities will intercept probe requests before they reach application logic. Audit publicly accessible web services for known vulnerabilities and apply patches promptly. Implementing intrusion-detection monitoring to alert on repeated probe patterns from any single source will enable rapid response to persistent scanners of this kind.
UA 
CO 
CA 
VN