Extreme Threat
IP 106.75.156.189 is a critical-risk address operating from CHINANET's Guangdong province network in China, linked to 610 reported hacking incidents detected by automated honeypot sensors between August 2025 and June 2026, representing one of the most persistently active malicious sources in recent threat telemetry.
The address originates from AS58466, a large Chinese telecommunications infrastructure operator, and has accumulated a threat-level score of 10 out of 10 across 20 distinct reporting sensors. With a confidence rating of 96 percent and an activity frequency score of 8 out of 10, the volume and consistency of these reports indicate sustained, intentional probing rather than opportunistic scanning. The 610 aggregate reports spanning approximately eleven months demonstrate persistent engagement with honeypot infrastructure designed to emulate vulnerable services, suggesting the operator behind this IP is systematically cataloguing and exploiting internet-facing systems at scale.
The dominant threat classification for this IP is general hacking activity, which encompasses unauthorized access attempts, vulnerability exploitation, and intrusion operations against exposed services. The abstract attack-pattern data references connection-based intrusion techniques. For any organization running SSH, Telnet, HTTP APIs, or database services on publicly routable addresses, this IP represents a direct threat vector. The sustained report volume indicates the associated actor is actively cycling through target networks, making it likely that exposure to this address without defensive controls would result in credential compromise, service disruption, or deeper network penetration.
Site operators should immediately block or heavily rate-limit traffic originating from 106.75.156.189 at the network perimeter firewall. Deploying fail2ban or equivalent dynamic blocklist tools configured to auto-ban sources exceeding authentication failure thresholds will disrupt the actor's credential-guessing workflow. Enforcing key-based authentication for remote access services, disabling password authentication entirely, and applying vendor-issued patches within standard remediation windows will substantially reduce the impact of any successful intrusion attempt. Continuous monitoring of authentication logs for patterns matching this source will enable rapid identification of any evasion attempts.
GB