Elevated Risk
IP 185.169.4.164 is a high-risk address associated with email spam distribution and general hacking activity, with 213 independent abuse reports filed against it over approximately three months in 2026. The IP earned a threat-level score of 7 out of 10 and a confidence rating of 91 percent, reflecting a well-established pattern of malicious behavior across automated honeypot sensors and community reporting sources.
The address, registered to UAB Host Baltic under autonomous system AS209605, has been actively reported since March 2026 with the most recent filing in May 2026, demonstrating persistent threat activity over a sustained period. All 20 reporting sources were automated honeypot sensors, which detected both SMTP spam and abuse patterns alongside Suricata stream-analysis alerts indicating malformed TCP acknowledgment packets during SMTP sessions. The 213 total reports translate to an activity frequency of 8 out of 10, confirming near-continuous engagement in hostile network behavior. Although the geolocation lists the country as Great Britain, the hosting provider's Baltic regional operations suggest the physical infrastructure may be located elsewhere, a common characteristic of bulletproof hosting environments used to obfuscate malicious operations.
Email spam activity represents a direct pathway for phishing campaigns, credential-harvesting schemes, and malware delivery to legitimate users, while the concurrent hacking category signals ongoing intrusion attempts and exploitation vectors against exposed services. The broken acknowledgment packet patterns observed in the detection logs are consistent with techniques used to evade basic traffic filtering or to test firewall rule effectiveness before launching more sophisticated attacks. Combined, these behaviors indicate a compromised or deliberately malicious host being leveraged for bulk malicious email dispatch and automated vulnerability scanning or exploitation attempts against target networks.
Site operators should immediately block this IP address at the network perimeter firewall and implement reputation-based filtering to prevent inbound connections. SMTP traffic from this address should be rejected at the mail relay level, and DNS blocklists should be updated to flag future contact attempts. Organizations running exposed services should enforce strong authentication mechanisms, apply rate-limiting to authentication endpoints, and deploy intrusion detection systems such as fail2ban to automatically ban repeated offenders. Regular monitoring of abuse databases and maintenance of updated threat-feeds will ensure continued protection against similar addresses engaged in comparable patterns of hostile activity.
LT 
HK 
UA