Critical Threat
IP 101.36.116.45 is a critical-risk address originating from Hong Kong, assessed at a threat level of 10/10 based on 538 total abuse reports spanning from October 2025 through June 2026. With a 70% confidence score, this IP has been flagged across 20 automated honeypot sensors for sustained hacking activity and targeted exploitation of internet-of-things infrastructure, making it a significant concern for any exposed service.
The report volume of 538 incidents over approximately nine months, combined with activity detected by 20 separate honeypot sources, indicates persistent and automated malicious behavior. Community and sensor reporting shows that the dominant threat category is general hacking activity, accounting for 19 of the 20 most recent categorized reports, with a single report noting IoT-specific targeting. Detection signatures include connection attempts from this address, IoT-targeted probes, and TLS protocol anomalies involving invalid record types. The network is associated with ZEN-DPS under ASN AS62610 in Hong Kong, a jurisdiction with varied internet infrastructure that can host both legitimate and malicious actors.
The prevailing hacking activity suggests systematic intrusion attempts, likely encompassing vulnerability scanning, exploitation of unpatched services, or credential-based attacks against exposed entry points. The IoT targeting component signals interest in compromising poorly secured connected devices such as cameras, routers, or sensors, which frequently operate with default credentials and minimal firmware updates. The TLS invalid record type alerts indicate probing behavior aimed at testing SSL/TLS implementations or exploiting misconfigurations in encrypted communication channels, potentially as a precursor to more sophisticated attacks.
Site operators should block or strictly rate-limit access from 101.36.116.45 at the network perimeter, particularly for services exposed to the public internet. Implementing automated blocking tools such as fail2ban can dynamically respond to the observed connection attempts. Hardening authentication by enforcing multi-factor authentication, key-based authentication for SSH, and prohibiting weak or default credentials reduces the effectiveness of credential-stuffing campaigns. IoT and connected device networks should be segmented from critical infrastructure, with firmware kept current and unnecessary services disabled. Ongoing monitoring for the detected TLS anomalies and regular review of honeypot intelligence feeds will help maintain situational awareness against this threat source.
KR 
GB