Maximum Danger
IP 103.237.38.14 is a critical-risk address originating from Bangladesh that has accumulated 311 total abuse reports and is associated with active hacking intrusion attempts, making it a threat that defenders should treat with high urgency. The address, registered to Antaranga Dot Com Ltd under autonomous system AS132298, was first flagged by automated honeypot sensors in March 2026 and most recently reported in April 2026, indicating sustained hostile activity over a concentrated timeframe. With a threat-level score of 10 out of 10 and an 80 percent confidence rating, this IP presents a credible and dangerous risk to any exposed network service.
The detection picture is entirely driven by automated honeypot infrastructure, which logged all 20 recent hacking-category reports against this address. The volume of 311 total reports across all categories far exceeds typical noise levels, signalling deliberate and repeated targeting behaviour rather than incidental scanning. Network-level telemetry further shows Suricata stream-anomaly alerts consistent with retransmission manipulation, a technique frequently employed to fragment or evade detection signatures during intrusion attempts. The geographic origin in Bangladesh places this actor outside many Western threat-intelligence feeds, potentially reducing the IP's visibility in some defensive pipelines.
The dominant hacking activity represents general intrusion attempts, vulnerability probing and unauthorized-access efforts against exposed services. These are not passive reconnaissance probes but active exploitation attempts that, if successful, could grant initial access to a target environment for further compromise. The stream-retransmission pattern observed suggests the actor may be attempting to bypass stateful inspection or intrusion-detection systems by injecting malformed packets designed to trigger reassembly errors. For any service directly reachable from the internet, this IP represents a concrete, documented threat vector.
Site operators are advised to block 103.237.38.14 at the network perimeter and ensure the block extends to any related subnets operated by Antaranga Dot Com Ltd. Implement fail2ban or equivalent rate-limiting rules on exposed services, particularly SSH and authentication endpoints, to absorb brute-force patterns. Enforce strong multi-factor authentication on all remote-access pathways and maintain up-to-date patching cycles to close vulnerabilities targeted by this actor. Continuous monitoring for repeated connection attempts from this address will help confirm whether blocks are effective and whether the actor attempts to circumvent restrictions using alternate source addresses.
UA 
KR