Substantial Risk
IP 45.144.212.98 is a high-risk address operating from Ukrainian hosting infrastructure managed by Kprohost LLC (AS214940), with a threat level of 7/10 driven by sustained email spam distribution and hacking activity, generating 566 abuse reports from automated honeypot sensors between April and May 2026.
The volume of reports combined with an activity frequency rating of 8/10 indicates this IP has been engaged in continuous hostile operations over a compressed two-month timeframe. Detection data from 20 automated honeypot sensors recorded threat categories including Email Spam (20 reports) and Hacking (18 reports), with the dominant attack patterns showing SMTP abuse activity. Suricata alerts specifically flagged broken acknowledgment packets within SMTP streams, a known technique employed during mass email distribution campaigns to evade basic traffic filters. The network operator Kprohost LLC provides hosting services, placing this IP within a commercial infrastructure segment frequently leveraged for both legitimate and malicious email operations. The geographic assignment to Ukraine and the specific autonomous system further contextualize the operational environment from which these activities originate.
Email spam emanating from addresses like 45.144.212.98 poses concrete risks including phishing propagation, malware delivery through malicious attachments or links, and degradation of email delivery reputation for any compromised or abused mail servers. The simultaneous presence of hacking activity alongside spam operations suggests the IP may be involved in broader infrastructure abuse, potentially scanning for vulnerable SMTP relays or exploiting misconfigured mail systems to amplify distribution. Broken acknowledgment packet patterns are often used to test firewall resilience or identify filtering weaknesses before launching larger campaigns. For organizations with exposed mail services or weak authentication requirements, these patterns represent a direct pathway to compromise.
Site operators should implement robust email authentication protocols including SPF, DKIM, and DMARC records to validate incoming mail and prevent spoofing abuse. Deploying reputable email filtering services with real-time threat intelligence will block known malicious senders. Configuring fail2ban or equivalent intrusion prevention tools to automatically detect and block the observed SMTP anomalies and repeated connection attempts from this address will reduce manual monitoring burden. Regular patching of mail server software and enforcing strong authentication requirements on exposed services will further harden defenses against the exploitation vectors this IP demonstrates.
HK