Critical Threat
165.154.110.106 is a critical-risk address linked to confirmed hacking activity, having generated 178 abuse reports in September 2025 with automated honeypot sensors cataloguing repeated intrusion attempts against exposed network services.
165.154.110.106 is flagged with a maximum threat level of 10/10, reflecting 178 reported abuse incidents attributed to this address during September 2025. While the confidence score stands at 61%, the volume of community and automated honeypot reports provides substantial evidence of malicious intent. This address operates within the ZEN-DPS network (ASN AS62610) in Hong Kong, with the majority of recent reports specifically categorizing the activity as hacking attempts detected by honeypot infrastructure. The concentration of all reported activity within a single month suggests an active and sustained threat campaign rather than isolated probing.
The hacking classification assigned to 165.154.110.106 encompasses automated exploitation attempts, vulnerability scanning, and unauthorized access probes targeting exposed services. Such activity represents a concrete risk to internet-facing systems, as successful exploitation could grant attackers persistent access, data exfiltration capabilities, or the ability to leverage compromised infrastructure for further attacks. The real-world danger lies not in the sophistication of individual attempts but in the relentless, automated nature of these campaigns, which systematically scan vast IP ranges for exploitable weaknesses. Organizations with exposed SSH, RDP, web applications, or other network services are the primary targets of such activity.
Network operators should immediately block 165.154.110.106 at the firewall or edge-device level given its critical threat classification. Deploying automated abuse-response tools such as fail2ban can provide real-time mitigation against brute-force and scanning activity originating from this address. Hardening authentication mechanisms, maintaining comprehensive system patching schedules, and implementing network intrusion detection systems constitute essential defensive layers against the types of intrusion attempts associated with this IP. Regular monitoring of connection logs and integration with threat-intelligence feeds will further enhance an organization's ability to identify and neutralize similar threats proactively.
RO 
JP 
GB