Severe Risk
IP 195.3.221.86, allocated to MEVSPACE sp. z o.o. in Poland under ASN AS201814, presents a critical threat level of 10/10 and has accumulated 524 independent abuse reports from 20 automated honeypot sensors, making its IP reputation extremely poor across threat-intelligence feeds. The address was first flagged in February 2026 and most recently reported in March 2026, indicating concentrated malicious activity over a roughly one-month window. While the current activity frequency registers at 0/10, the sheer volume of historical reports and the severity of the associated threat categories firmly establish this IP as a high-risk source that network defenders should treat with significant caution.
The dominant threat category associated with 195.3.221.86 is Hacking, accounting for 19 of the most recent reports and reflecting general intrusion attempts, vulnerability exploitation and unauthorized access probing against exposed services. Notably, a single report also classifies this IP as an Exploited Host, suggesting that the address itself may be a compromised system being weaponized as an attack platform without the knowledge of its operator. The combined pattern of active intrusion activity alongside indicators of host compromise points to a node that is simultaneously conducting hostile operations while potentially operating under attacker control, which amplifies its risk profile considerably.
The implications for exposed infrastructure are concrete: services reachable from this IP face repeated connection attempts that follow known hacking TTPs, including probing for vulnerable entry points and attempting to establish footholds through exploited weaknesses. When an IP also carries an Exploited Host classification, it means the origin infrastructure has already been breached, meaning its traffic may exhibit unusual routing, spoofed characteristics or secondary compromise chains that complicate attribution and response. Blocking this address at the network perimeter provides an immediate layer of defence, while rate-limiting inbound connections and enforcing strong authentication on any exposed login interfaces reduces the effectiveness of the underlying intrusion tactics being deployed.
Site operators encountering traffic from 195.3.221.86 should implement immediate defensive controls: block the address at the firewall or WAF level, audit access logs for any successful or attempted connections originating from this source, and ensure all exposed services are fully patched against the vulnerability classes most commonly targeted in hacking campaigns. Deploying tools such as fail2ban or equivalent connection-throttling mechanisms can automatically respond to repeated hostile probes. Given the Exploited Host classification, it is also advisable to report the activity to MEVSPACE sp. z o.o. or the relevant abuse contact for ASN AS201814 so the operator can investigate and remediate the compromised infrastructure originating these attacks.
BG 
AZ 
RO 
GB 
JP 
LV 
KR 
TH