Is IP address 103.181.143.216 dangerous?

Yes, 103.181.143.216 is considered dangerous with a threat level of 10/10. It has been reported 495 times for malicious activities including . We recommend blocking this IP address.

Who owns or operates IP address 103.181.143.216?

IP address 103.181.143.216 is operated by PT Cloud Hosting Indonesia (ASN 136052) and is geolocated to ID. This information is derived from public WHOIS and geolocation databases.

Should I block IP address 103.181.143.216?

Yes, blocking 103.181.143.216 is strongly recommended. With a threat level of 10/10 and 495 security reports, this IP poses significant risk. Implement firewall rules to block incoming and outgoing traffic.

How accurate is this threat assessment for 103.181.143.216?

Our threat assessment for 103.181.143.216 has a confidence score of 70%, based on 495 independent reports from multiple independent sources. Higher confidence scores indicate more reliable assessments.

IP Address

103.181.143.216

IPv4 Public

AS136052

PT Cloud Hosting Indonesia

495 Reports

ID Location

PT Cloud Hosting Indonesi... ASN 136052

495 Reports

Honeypot Data Source

Severe Risk

IP 103.181.143.216, registered in Indonesia and operated by PT Cloud Hosting Indonesia under ASN AS136052, represents a critical threat asset with a maximum threat level rating of 10 out of 10. This address has accumulated 494 abuse reports from twenty separate automated honeypot sensors over approximately seven months between October 2025 and May 2026, with the overwhelming majority of detections specifically documenting SSH brute-force activity. Despite a relatively low activity frequency score of 2 out of 10, the sheer volume of reported incidents combined with confirmed exploited-host status elevates this IP to an immediate blocking priority for any organisation exposing Secure Shell services to the internet.

The detection data reveals a sustained and systematic campaign of automated credential-attack activity originating from this address. Sensors documented repeated Fail2ban trigger events indicating tens of violation events per detection cycle, alongside Suricata alerts flagging active SSH sessions on expected ports and explicit ssh brute-force signatures. While the activity frequency remains modest, the consistency of these reports spanning multiple months demonstrates persistent rather than opportunistic behaviour. The geographic origin in Indonesia places this IP within a region that security teams frequently flag for inbound attack traffic, and the hosting-provider context suggests this address may belong to either a dedicated attack infrastructure node or a compromised system being weaponised without the owner's awareness.

SSH brute-force attacks remain one of the most prevalent initial-access vectors in internet-facing environments, with automated tooling capable of cycling through thousands of credential combinations per hour. When successful, such attacks grant attackers persistent command-line access to servers, enabling data exfiltration, malware deployment, lateral movement through internal networks, and long-term persistent compromise. The confirmed exploited-host classification for IP 103.181.143.216 indicates that security systems have positively identified this address as operating under hostile control, meaning legitimate services or endpoints may have already been compromised and are now participating in further attacks against other targets across the internet.

More threatening than 92% of monitored IPs

Threat Categories

SSH 28

Hacking 4

Exploited Host 2

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over 3 weeks indicates persistent threat actor operations.

First Observed 14. May 2026

Last Activity 9. June 2026

Recent (7 days) 1 incidents

Reputable Network

This IP is hosted on a network (ASN 136052) with generally good reputation. The ISP PT Cloud Hosting Indonesia maintains standard security practices.

The malicious activity may represent an isolated compromised system rather than systematic abuse.

Security Recommendations

Long-term blocking recommended.

Reputation Summary

Threat Level 10/10 Critical

Critical

Activity Frequency 2/10 Very Low

Confidence Score 70% High Confidence

Confidence History

1. Mar 2026 - 9. Jun 2026

70% Current

Stable Trend

Date	Categories	Source	Confidence
9. Jun 2026 New	SSH	Honeypot	75%
26. May 2026	SSH	Honeypot	75%
14. May 2026	SSH	Honeypot	75%
24. Apr 2026	SSH	Honeypot	75%
12. Mar 2026	SSH	Honeypot	75%
10. Mar 2026	SSH	Honeypot	75%
10. Mar 2026	SSH	Honeypot	75%
9. Mar 2026	SSH	Honeypot	75%
9. Mar 2026	SSH	Honeypot	75%
8. Mar 2026	SSH	Honeypot	75%
8. Mar 2026	SSH	Honeypot	75%
8. Mar 2026	SSH Hacking	Honeypot x2	75%
8. Mar 2026	Exploited Host	Honeypot	75%
8. Mar 2026	Hacking SSH	Honeypot x2	75%
7. Mar 2026	SSH	Honeypot	75%
6. Mar 2026	SSH	Honeypot	75%
5. Mar 2026	SSH	Honeypot	75%
5. Mar 2026	SSH	Honeypot	75%
5. Mar 2026	SSH	Honeypot	75%
5. Mar 2026	SSH	Honeypot	75%
5. Mar 2026	SSH	Honeypot	75%
4. Mar 2026	SSH	Honeypot	75%
4. Mar 2026	SSH Hacking	Honeypot x2	75%
4. Mar 2026	Exploited Host	Honeypot	75%
4. Mar 2026	Hacking SSH	Honeypot x2	75%
4. Mar 2026	SSH	Honeypot	75%
4. Mar 2026	SSH	Honeypot	75%
2. Mar 2026	SSH	Honeypot	75%
2. Mar 2026	SSH	Honeypot	75%
1. Mar 2026	SSH	Honeypot	75%

Basic Information

IP Address: 103.181.143.216
IP Version: IPv4
Network Type: Public
Tor Network: No
Network Class: Class A

Geolocation

Country: ID
ASN: AS136052
ISP: PT Cloud Hosting Indonesia

DNS Information

Reverse DNS: None
PTR Record: No
Connection Type: Static

Statistics

Total Reports: 495
First Reported: 15 Oct 2025
Last Reported: 9 Jun 2026, 03:32

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

ASN: AS136052

Organization: PT Cloud Hosting Indonesia

Country:

Network Threat Assessment

2/10

This network appears to be relatively clean with very low threat indicators.

Network Statistics

341

Total IPs Monitored

50,007

Total Reports

146.6

Reports per IP

Network Context

This IP address belongs to PT Cloud Hosting Indonesia (AS136052), which manages 341 IP addresses in our monitoring system. Out of these, 50,007 have been reported for suspicious activities, resulting in a network-wide threat level of 2/10.

Network status: This network appears to be well-maintained with low threat indicators.

Comparative Analysis

How this IP compares to others in our threat intelligence database

92 %

Global Threat Ranking

This IP is more threatening than 92% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,575 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++

Total Reports 495 avg: 23 ++

Network Comparison

Compared against 383 IPs in ASN 136052

Threat Level 10/10 network avg: 7.5 +

Total Reports 495 network avg: 132 ++

Network PT Cloud Hosting Indonesia has overall threat level 2/10

Geographic Comparison

Compared against 5,543 IPs in ID

Threat Level 10/10 country avg: 5.4 ++

Total Reports 495 country avg: 16 ++

Daily report activity over the last 30 days showing patterns and peaks.

Peak Day 14 May 2026 1 reports

Daily Average 0.1 reports/day

Most Active Wednesday 365 reports

Evolution of threat level over time based on reported categories and frequency.

Initial Threat 6/10

Current Threat 6/10

Distribution of threat categories reported over time.

Top Threat Categories

Hacking 401

SSH 96

Exploited Host 2

Activity patterns showing when this IP is most active during the day and week.

Hourly Activity

Peak activity at 06:00 with 189 reports

Weekly Activity

Geographic Threat Distribution

187,273 threat incidents tracked globally • Last 24h: 18,965 Logs

FEED

Top Threat Sources

01

United States US

38,457 20.5%
02

India IN

29,090 15.5%
03

China CN

26,027 13.9%
04

Brazil BR

10,256 5.5%
05

Germany DE

7,143 3.8%
06

Singapore SG

6,476 3.5%
07

Indonesia ID THIS IP

5,543 3%
08

Russia RU

4,703 2.5%
09

Pakistan PK

4,670 2.5%
10

Netherlands NL

4,357 2.3%

+40 more countries

THREAT LEVEL

LOW MED HIGH

IPs from the same Autonomous System (AS) network provider.

20 Related IPs

8.5/10 Avg Threat

98% Avg Confidence

20 High Threat

High-risk network: Majority of related IPs are flagged

Severe Risk

Threat Categories

Technical Details

Recommended Mitigations

Behavioral Analysis

Reputable Network

Security Recommendations

Basic Information

Geolocation

DNS Information

Statistics

Network Reputation

Network Identity

Network Threat Assessment

Network Statistics

Network Context

Global Threat Ranking

Top Threat Categories

Hourly Activity

Weekly Activity

FEED

Top Threat Sources

JSON Report

Firewall Rules

iptables / netfilter

UFW (Ubuntu)

Windows Firewall

Cloudflare

nginx

Apache .htaccess

PDF Report

Analyzed high-risk IP addresses

reportedIP

Parkstraße 19, 80339 München

Consultation

+49-89-215505888

Report a IP

[email protected]