Critical Threat
IP 152.32.189.128 is a critical-risk address operating from Hong Kong that has been definitively linked to sustained hacking activity, accumulating 1515 abuse reports with a 94% confidence score since September 2025. With an activity frequency rated 8 out of 10 and a threat level of 10 out of 10, this IP represents one of the most persistently hostile addresses documented in recent threat-intelligence feeds, warranting immediate blocking by any exposed infrastructure.
The volume and consistency of malicious traffic originating from this address are exceptional. Automated honeypot sensors across multiple networks recorded 1515 distinct incident reports attributed to 152.32.189.128 over approximately nine months, from September 2025 through June 2026. All 20 of the most recent reports consistently classify the activity as general hacking attempts, including connection-based intrusion probes and vulnerability exploitation targeting exposed services. The IP is registered to ZEN-DPS under ASN AS62610 in Hong Kong, a network operator frequently associated with aggressive scanning and exploitation campaigns in open-source intelligence communities. The 94% confidence score indicates near-certain attribution, with minimal ambiguity in the threat assessment data.
The dominant threat category, hacking activity, encompasses a broad spectrum of unauthorized access attempts including brute-force authentication attacks, exploitation of unpatched software vulnerabilities, and repeated connection probes designed to identify weaknesses in exposed services. The sustained 9-month operational window demonstrates persistent intent rather than opportunistic scanning; this IP has actively and continuously targeted systems over an extended period. Any service with open SSH, Telnet, RDP or web-facing administrative interfaces exposed to this address faces a concrete and ongoing risk of compromise, credential theft or exploitation of known vulnerabilities.
Site operators should treat 152.32.189.128 as a mandatory block at the firewall or network perimeter level. Implement fail2ban or similar dynamic blocking tools to automatically ban addresses exhibiting brute-force patterns. Enforce strong, unique credentials and disable password-based authentication in favour of key-based access for any remote administration services. Keep all exposed software packages fully patched and consider restricting access to administrative interfaces to trusted IP ranges only. Continuous monitoring for connection attempts from this address will help identify any gaps in defensive controls.
RO 
FR 
SE 
TR