Maximum Danger
IP 106.75.189.197 is a high-risk address with a threat level of 10 out of 10, linked to 588 reported incidents of hacking activity including intrusion attempts, vulnerability exploitation and unauthorized access attempts. Operating from CHINANET's Guangdong province network in China under ASN AS58466, this IP has been continuously flagged by automated honeypot sensors over approximately nine months, demonstrating sustained offensive behavior against exposed services worldwide.
The abuse database contains 588 independent reports attributed to this single address, with all 20 most recent threat reports categorizing the activity as hacking. Detection has been confirmed through 20 distinct automated honeypot sensors, yielding a 96% confidence score in the threat assessment. The IP was first reported in September 2025 and most recently reported in June 2026, indicating persistent activity across a nine-month window with an activity frequency rating of 8 out of 10. The volume of reports combined with the sustained timeline and high detection consistency paints a clear picture of systematic unauthorized access attempts originating from this Chinese telecommunications infrastructure.
Hacking activity at this scale represents a concrete and immediate threat to any exposed service. The pattern of "attack connection" observed across multiple sensor sources suggests automated exploitation tools are being used to probe for vulnerabilities, attempt credential-based intrusion, or exploit known software weaknesses. Organizations running exposed SSH, RDP, web applications, or other network services without proper hardening face a high probability of receiving connection attempts from this address. The nine-month sustained campaign indicates this is not opportunistic scanning but deliberate, repeated targeting of vulnerable endpoints.
Site operators should immediately block or rate-limit connections from 106.75.189.197 at the firewall or network edge. Keep all systems patched and up to date to reduce vulnerability exposure. Implement intrusion detection systems or enable defensive tools such as fail2ban to automatically ban repeated attack sources. Enforce strong authentication, use non-standard ports where possible and monitor logs for any connection attempts from this address to identify potential compromise indicators.
GB