Extreme Threat
IP 103.153.190.105, registered to PT Wahyu Adidaya Network in Indonesia, is a critical-risk address with a threat level of 10/10 and 357 abuse reports logged by automated honeypot sensors since November 2025. The dominant activity associated with this IP is SSH brute-force intrusion, supplemented by general hacking probes and indicators of a possible exploited-host status, making it a high-priority candidate for immediate blocking at network perimeters.
The IP has been reported through 20 distinct automated honeypot sensors generating 357 total reports across the approximately six-month observation window between November 2025 and April 2026. Of the categorized threats, SSH-related activity dominates with 19 confirmed reports, followed by 7 hacking category reports and 1 exploited-host designation. Detection signatures include Suricata alerts matching SSH brute-force patterns and multiple fail2ban triggers for sshd violations. The activity frequency metric of 0/10 suggests the IP may be currently dormant, yet the substantial historical report volume and threat-level score leave no ambiguity about its intent. The address originates from AS140469 operated by PT Wahyu Adidaya Network, an Indonesian entity whose infrastructure is being actively misused for automated intrusion attempts.
SSH brute-force attacks represent one of the most common and effective initial-access vectors used by threat actors to compromise servers and establish persistent footholds within target networks. Repeated authentication guesses against exposed SSH daemons exploit weak or default credentials, and successful access grants adversaries the same privileges as a legitimate user, often including lateral-movement capabilities. The presence of an exploited-host classification alongside the brute-force reports indicates this IP may already belong to a compromised system being weaponized by a third party, amplifying the severity of the threat beyond mere scanning activity.
Site operators exposing SSH services to the internet should implement strict access controls: enforce key-based authentication exclusively, move SSH away from default ports, disable direct root login, and deploy fail2ban to automatically throttle repeated authentication failures from any single source. Network-level blocking based on the IP's ASN and geographic origin provides an additional defensive layer, while security teams should monitor for resumed scanning activity given the high historical report count. Organizations unable to block entirely may consider strict source-IP allowlisting for SSH access. If the IP represents an exploited host rather than a deliberate attack platform, defenders can escalate to the hosting provider to initiate remediation of the compromised infrastructure.
GB 
FR 
HK 
SE 
TH