Maximum Danger
IP 152.32.253.152 is a critical-risk address that has generated 601 abuse reports from automated honeypot sensors, indicating sustained and widespread malicious activity originating from a Hong Kong-hosted network. The IP operates under ASN AS62610 via ZEN-DPS and carries a maximum threat level of 10/10, with its reported activity concentrated entirely within November 2025 across both general hacking attempts and SSH-specific intrusion categories.
The volume and distribution of reports paint a clear picture of aggressive, automated attack infrastructure. Across 20 distinct honeypot deployments, this single address generated 601 independent threat reports, with 13 classified under general hacking activity and 7 specifically involving SSH login attempts. This breadth of reporting sources confirms the activity is not isolated to one sensor but reflects a methodical scanning campaign visible across multiple detection points. The 74% confidence score reflects that while the threat is well-documented, attribution to a definitive threat actor remains partially uncertain. The activity frequency reading of 0/10 suggests that while the IP has accumulated significant historical reports, recent automated detection has been limited, potentially indicating intermittent use or deliberate operational pacing by the actor.
The dominant threat vectors here are SSH brute-force attacks, a well-established method where threat actors use automated tools to repeatedly guess login credentials against exposed SSH services. This approach is particularly effective against servers running default configurations with password-based authentication enabled. A successful compromise grants the attacker remote command execution, potentially leading to data exfiltration, malware deployment or the recruitment of the host into a botnet. The accompanying general hacking category suggests the operator may also be probing for additional vulnerabilities beyond the SSH service, indicating a multi-vector intrusion strategy.
Site operators with exposed SSH services should treat this IP as an active threat and implement immediate defensive controls. Enforcing key-based authentication exclusively, disabling password-based SSH login entirely and changing the default port significantly reduce attack surface. Deploying automated abuse-management tools such as fail2ban can dynamically block repeated login failures, while restricting root login and enforcing strong account lockout policies add further friction. Regular security patching, continuous monitoring of authentication logs and the principle of least privilege remain foundational practices against credential-guessing campaigns of this nature.
BG 
UA 
RO 
SE 
FR 
GB