Extreme Threat
IP 123.253.35.182 is a critical-risk address linked to sustained hacking activity, with 554 abuse reports filed through automated honeypot sensors indicating a persistent automated intrusion campaign originating from a Malaysian hosting infrastructure.
The IP is registered to Gigabit Hosting Sdn Bhd operating under ASN AS55720, and all reported activity was documented during April 2026. The sheer volume of 554 reports from automated honeypot sensors over a compressed timeframe demonstrates coordinated, high-volume probing rather than opportunistic scanning. Network traffic analysis revealed specific Suricata alerts flagging malformed TCP acknowledgment packets, a known technique used to disrupt stateful inspection or evade basic intrusion detection by fragmenting legitimate stream management.
The dominant threat classification of hacking encompasses broad intrusion activity including exploitation attempts and unauthorized access probes. The observed broken acknowledgment packet anomalies suggest the operator is actively testing firewall evasion techniques or attempting to disrupt active network sessions on target services. This behaviour poses a concrete risk to any exposed SSH, Telnet, or authentication interfaces, where automated credential attacks and session hijacking attempts are most likely to succeed against poorly hardened systems.
Site operators should immediately block this IP at the firewall level and configure automated defensive tools such as fail2ban to detect and reject repeated connection attempts. Authentication hardening—including mandatory key-based authentication, account lockout policies, and non-default SSH port placement—is strongly advised for any exposed login services. Keeping intrusion detection signatures current ensures detection of evolving packet-level evasion techniques similar to those observed from this source.
