Critical Threat
IP 193.143.1.78 is a high-risk address operating from Russian infrastructure that has been classified as an exploited host, meaning it is a compromised system weaponised by threat actors without the owner's knowledge; the address generated 284 abuse reports through automated honeypot sensors during October 2025 alone, warranting immediate blocking by any exposed service.
The 284 reports collected against 193.143.1.78 originated exclusively from automated honeypot sensors during October 2025, placing all activity within a concentrated four-week window. The associated ASN 198953 is operated by Proton66 OOO, a Russian entity, with the IP geolocated to Russia. Despite the maximum threat level rating of 10 out of 10, the confidence score sits at 65%, suggesting the classification relies on pattern matching rather than deep packet inspection in every instance. The reported activity falls under the "Exploited Host" category, indicating this address was itself compromised and subsequently used as an attack platform rather than originating the compromise itself. Detection logs specifically reference Redis-targeted attack patterns, pointing to automated exploitation attempts against exposed Redis instances across the internet.
An exploited host poses a distinct threat profile compared to a standard scanner: the underlying system is already under adversarial control, often via malware or unpatched vulnerabilities, and is being leveraged to relay attacks that mask the true source. The Redis attack pattern associated with this address suggests automated exploitation of misconfigured or vulnerable Redis deployments, which can lead to remote code execution or data exposure depending on the specific environment. Because the attacking traffic originates from a legitimate-looking host rather than a known botnet address, it may evade reputation-based filters that rely solely on blocklists, making it more likely to reach targeted services during the initial reconnaissance and exploitation phases.
Site operators should block 193.143.1.78 at the firewall or network edge immediately, as the threat level and report volume indicate active malicious use. Redis instances should be hardened by binding to localhost, enforcing authentication via the requirepass directive, and disabling dangerous commands such as CONFIG and FLUSHALL. Implementing fail2ban or similar dynamic blocklist tools can automate the blocking process based on repeated honeypot-level hits. Finally, consider notifying the hosting provider or upstream ASN operator about the compromised host, as the system owner may be unaware their infrastructure is being weaponised for automated exploitation campaigns.
TM 
VN 
UA 
BE 
DZ