Critical Threat
IP 152.32.174.186 is a critical-risk address operating from Hong Kong through ASN AS62610 (ZEN-DPS) that has generated 187 independent abuse reports between August 2025 and May 2026, with automated honeypot sensors flagging persistent hacking activity including malformed network streams and spurious retransmissions consistent with vulnerability probing and intrusion attempts.
The report volume of 187 combined with a threat level of 10 out of 10 establishes this IP as a prolific hostile actor in global threat-intelligence feeds. Detection across 20 distinct automated honeypot sensors over approximately nine months indicates sustained, systematic scanning behaviour rather than opportunistic or transient activity. The SURICATA STREAM spurious retransmission signatures specifically point to reconnaissance of firewall and intrusion-detection evasion techniques, while the generic attack-connection pattern reflects ongoing attempts to establish unauthorized sessions against exposed services. With an activity frequency rated 5 out of 10, the behaviour is deliberate and methodical rather than burst-based, suggesting an automated campaign or sustained compromise operation.
Hacking activity at this intensity represents a concrete risk to any exposed service, particularly those with unpatched software, weak authentication mechanisms, or misconfigured network stacks. Spurious retransmission patterns often precede exploitation attempts against stateful inspection systems, making the associated network infrastructure vulnerable to denial-of-service or session-hijacking vectors. The 73% confidence score indicates strong but not definitive attribution, meaning this address may be hosting multiple concurrent threat types or originating from infrastructure that also carries legitimate traffic.
Site operators should immediately block 152.32.174.186 at the network perimeter and monitor for similar activity from the surrounding IP range. Implementing fail2ban or equivalent log-based rate-limiting on exposed services significantly reduces the effectiveness of brute-force and scanning techniques. Ensuring all systems remain current with security patches, deploying network intrusion detection with stream-normalization rules, and enforcing strong authentication policies are critical defensive layers against the intrusion patterns this address exemplifies.
UA 
GB 
CO 
CA 
VN