Critical Threat
IP 106.75.169.149 is a high-risk address originating from CHINANET's Guangdong province network in China, assessed at a maximum threat level of 10/10 based on 595 reported incidents of hacking activity logged between September 2025 and June 2026. This IP has demonstrated sustained malicious behaviour over approximately nine months, with an activity frequency rating of 8/10 indicating persistent rather than opportunistic targeting. The 96% confidence score reflects highly reliable detection by automated honeypot sensors, confirming the address poses a genuine and ongoing threat to exposed network services.
The abuse reports catalogued against 106.75.169.149 total 595 entries, all attributed to automated honeypot sensors that detected general hacking intrusion attempts. This volume of reporting is substantial and places the IP among the most actively monitored threat sources in shared intelligence feeds. The network is operated by AS58466 (CHINANET Guangdong province network), a large Chinese telecommunications infrastructure provider, which hosts diverse customer traffic. The consistent reporting window from autumn 2025 through mid-2026 suggests this address has been continuously employed for reconnaissance and exploitation attempts rather than representing a transient or one-time compromise.
Hacking activity, as categorised by the detecting sensors, encompasses intrusion attempts, vulnerability exploitation and unauthorized access vectors against exposed services. For organisations running publicly accessible SSH, Telnet, HTTP or database services, an IP with this profile represents a direct pathway to system compromise if left unmitigated. The sustained frequency and volume of reports indicate automated scanning or credential brute-forcing campaigns rather than manual targeting, meaning any exposed service matching the attack profile faces repeated, systematic attempts at breach.
Network administrators should immediately block 106.75.169.149 at the firewall or network edge to eliminate incoming connections from this source. Deploying fail2ban or equivalent log-based intrusion prevention tools can automatically ban IPs generating repeated authentication failures or suspicious request patterns. All exposed services should enforce strong, unique credentials and disable root/admin access where possible. Regular patch management and configuration audits reduce the window for exploitation, while monitoring logs for the patterns associated with this IP helps identify any successful reconnaissance prior to blocking.
GB