Substantial Risk
IP 158.94.210.190, originating from Railnet LLC's network in the Netherlands, presents a moderate-to-elevated threat with a 7/10 threat level, supported by 603 total reports across automated honeypot sensors from December 2025 through March 2026. The dominant threat categories are Email Spam and Hacking, accounting for 33 recent category-specific reports, with detection patterns indicating SMTP abuse activity and anomalous TCP stream behavior frequently associated with mail server reconnaissance or spam distribution infrastructure.
Despite the high absolute report count, the activity frequency score of 0/10 suggests the IP engages in sustained, low-intensity probing rather than concentrated burst attacks. Detection systems recorded malformed TCP packets including broken acknowledgment segments and spurious retransmissions, which are characteristic of clients probing mail server defenses, testing open-relay configurations, or enumerating valid recipient accounts through protocol-level manipulation. Such patterns frequently precede more targeted credential harvesting or phishing campaigns directed at exposed SMTP services.
The Suricata stream anomalies detected from this address indicate potential evasion techniques or intentional packet malformedness, possibly attempting to exploit weaknesses in mail server implementations. Organizations operating publicly accessible SMTP services should implement strict ingress filtering for this address and enforce comprehensive email authentication standards including SPF, DKIM, and DMARC to reduce the effectiveness of any spoofing or spam distribution attempts. Configuring automated threat response tools such as fail2ban to detect and temporarily block repeated SMTP anomalies provides an additional defensive layer. Continuous monitoring of mail server logs for connection attempts from 158.94.210.190 and regular review of IP reputation feeds will help maintain awareness of this address's behavior over time.
US 
BG 
RO 
PH 
UA 
VN