Substantial Risk
IP address 95.215.0.144 is a high-risk address with a threat level of 8 out of 10 that has generated 814 abuse reports from automated honeypot sensors since August 2025, with the most recent activity logged in June 2026. This Russian-origin IP, operating through ASN AS34665 under the control of Petersburg Internet Network ltd., demonstrates an activity frequency rated 8 out of 10, indicating sustained and persistent hostile operations against target systems worldwide.
The volume and consistency of reports paint a concerning picture. With 814 total reports sourced from 20 distinct automated honeypot sensors, the detection confidence stands at 78%, reflecting reliable identification of malicious behavior patterns. The reported threat categories split between Hacking activity (17 recent reports) and Exploited Host behavior (7 recent reports), suggesting this infrastructure may simultaneously serve as an attack platform while potentially being leveraged from compromised upstream systems. Network detection systems recorded multiple Suricata alerts including broken packet acknowledgments, bidirectional protocol mismatches, and unexpected protocol detections, alongside direct evidence of Redis attack patterns and SSH sessions established on non-standard ports.
The predominant Hacking classification encompasses intrusion attempts, vulnerability exploitation, and unauthorized access vectors. The specific attack patterns observed, particularly Redis exploitation attempts and anomalous SSH session establishment, represent concrete entry-point strategies used to compromise web-facing services and authentication systems. The Exploited Host indicators suggest this IP may itself be operating from a previously compromised system, meaning the true origin operators could be obscured. These combined patterns indicate this address is actively probing and attacking infrastructure at scale, with the goal of establishing persistent unauthorized access or deploying additional attack payloads.
Network defenders should treat IP 95.215.0.144 as a hostile source requiring immediate blocking at the firewall or network perimeter. Implementing fail2ban or similar dynamic deny-listing tools that automatically block repeated malicious connection attempts provides automated protection against the observed attack patterns. All Redis instances should be network-isolated and protected with strong authentication, as the detected Redis attack vectors indicate active targeting of misconfigured deployments. Organizations running SSH services should enforce key-based authentication, disable password authentication entirely, and consider relocating services to non-standard ports to reduce exposure to the SSH probing activity documented in honeypot reports. Regular monitoring of authentication logs for source IPs matching this address or adjacent ranges will help identify any successful compromise attempts.
UA 
RO 
GB 
BG 
KZ 
FR 
PS 
VN