Elevated Risk
IP 45.144.212.136 is a high-risk address operated by Kprohost LLC in Ukraine that has generated 604 abuse reports from automated honeypot sensors, indicating sustained malicious activity centred on email spam distribution and hacking intrusion attempts against exposed services.
The IP, registered to ASN AS214940 under Kprohost LLC, was first reported in March 2026 and has accumulated a significant volume of community and sensor reports within that short timeframe. With a threat level of 7 out of 10 and a confidence score of 72 percent, the address has been flagged across 20 distinct honeypot sensors for both SMTP spam and general hacking activity. The reported threat categories break down to 16 email spam incidents and 14 hacking-related incidents, suggesting a dual-track approach by the actor controlling this address. Network analysis reveals the address has been associated with Suricata alerts flagging broken acknowledgment packets during SMTP sessions, a pattern consistent with reconnaissance and exploitation attempts against mail infrastructure.
The dominant threat vector involves mass email spam operations, which typically serve as a delivery mechanism for phishing campaigns, credential harvesting, or malware distribution. The concurrent hacking activity, evidenced by malformed TCP stream behaviour detected via Suricata, points to attempts at service enumeration or exploitation of vulnerable mail transfer agents. Broken acknowledgment packets in SMTP contexts often indicate automated scanning tools probing for open relays or misconfigured mail servers. The combination of these vectors suggests a threat actor leveraging compromised or purpose-built infrastructure to conduct high-volume abuse while evading basic detection through protocol-level anomalies.
Site operators should block or aggressively rate-limit traffic from this address at the network perimeter. For exposed mail servers, enforcing strict SPF, DKIM and DMARC records will reduce the effectiveness of any spam originating from or impersonating this infrastructure. Implementing fail2ban or similar dynamic firewall rules can automatically mitigate repeated connection attempts tied to this source. Ongoing monitoring of SMTP logs for anomalous ACK patterns and enforcing TLS requirement on inbound mail connections will further harden exposure to this class of threat.
GB