IP Address

103.213.127.100

IPv4 Public
NP NP
AS45424
Network Pool Allocated for HONS Network
158 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
8/10 Threat
99% Confidence
158 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Above Average Risk
NP
NP Location
Network Pool Allocated fo... ASN 45424
158 Reports
Honeypot Data Source

Notable Threat

IP 103.213.127.100 is a high-risk address originating from Nepal (NP) that has generated 158 abuse reports through automated honeypot sensors since February 2026, with the vast majority of activity linked to SSH brute-force intrusion attempts against exposed services. With a threat level of 8 out of 10 and a confidence score of 99%, this IP represents a persistent, automated scanning and credential-guessing threat that poses a concrete risk to any internet-facing SSH servers.

Network intelligence places the address within ASN AS45424, operated by Network Pool Allocated for HONS Network, and the sustained activity frequency rating of 8 out of 10 indicates repeated, systematic attacks rather than isolated probes. The 158 total reports across 20 independent honeypot detection points confirm broad scanning behaviour consistent with botnet-assisted operations. The dominant threat categories — SSH attacks at 15 reports and general hacking activity at 12 reports — align precisely with the honeypot event logs, which consistently document sshd brute-force attempts targeting the Secure Shell service.

SSH brute-force attacks systematically attempt to guess server credentials by cycling through common username-password combinations, exploiting weak or default passwords to gain unauthorized shell access. Once inside, threat actors can deploy malware, exfiltrate data, or use the compromised host as a pivot point for further network intrusion. The concentrated focus on SSH across multiple detection sensors suggests this IP is part of an automated dictionary-attack campaign rather than opportunistic single-target probing.

Site operators should block this IP at the firewall level and implement key-based authentication as the primary login method, eliminating password-based access entirely. Changing the default SSH port reduces exposure to automated scanners, while deploying tools such as fail2ban can dynamically ban IPs after a configurable number of failed login attempts. Intrusion detection monitoring and prompt application of security patches across all SSH-enabled hosts further harden defences against this class of persistent credential-guessing threat.

More threatening than 82% of monitored IPs

Threat Categories

SSH 25
Hacking 12

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

High-Risk Network Association

This IP belongs to a network (ASN 45424) with elevated threat levels. The ISP Network Pool Allocated for HONS Network hosts multiple reported malicious addresses, suggesting systemic security issues or permissive policies.

Network-wide patterns may indicate this is part of a larger malicious infrastructure.

Security Recommendations

Continue monitoring for emerging patterns.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 8/10 High
Critical
Activity Frequency 8/10 High
Confidence Score 70% High Confidence

Confidence History

23. Feb 2026 - 2. Mar 2026
99% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
Hacking Honeypot x4 75%
Hacking SSH Honeypot x5 75%
SSH Honeypot 75%
Hacking Honeypot x4 75%
Hacking SSH Honeypot x5 75%
Hacking SSH Honeypot x4 75%
Hacking Honeypot x25 75%
Hacking SSH Honeypot x43 75%
SSH Hacking Honeypot x7 75%
Hacking Honeypot x4 75%
SSH Honeypot 75%
Hacking Honeypot x4 75%
Hacking SSH Honeypot x5 75%
Hacking SSH Honeypot x5 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot x2 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
10 of 43 shown

Technical Details

Basic Information

IP Address
103.213.127.100
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class A

Geolocation

Country
NP NP
ASN
AS45424
ISP
Network Pool Allocated for HONS Network

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
158
First Reported
18 Feb 2026
Last Reported
2 Mar 2026, 00:29

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS45424
Network Pool Allocated for HONS Network
NP NP

Network Threat Assessment

8/10
This network has a high threat level with significant malicious activity reported across multiple IPs.

Network Statistics

1
Total IPs Monitored
158
Total Reports
158
Reports per IP

Network Context

This IP address belongs to Network Pool Allocated for HONS Network (AS45424), which manages 1 IP addresses in our monitoring system. Out of these, 158 have been reported for suspicious activities, resulting in a network-wide threat level of 8/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

82 %

Global Threat Ranking

This IP is more threatening than 82% of all IPs in our database.

High Threat Percentile

Global Comparison

Compared against 199,353 reported IPs worldwide

Threat Level 8/10 avg: 5.3 ++
Total Reports 158 avg: 23 ++

Geographic Comparison

Compared against 1,129 IPs in NP

Threat Level 8/10 country avg: 5.4 +
Total Reports 158 country avg: 2 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,017 threat incidents tracked globally • Last 24h: 18,967 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,426 20.5%
  2. 02
    IN
    India IN
    28,977 15.5%
  3. 03
    CN
    China CN
    26,016 13.9%
  4. 04
    BR
    Brazil BR
    10,249 5.5%
  5. 05
    DE
    Germany DE
    7,139 3.8%
  6. 06
    SG
    Singapore SG
    6,475 3.5%
  7. 07
    ID
    Indonesia ID
    5,533 3%
  8. 08
    RU
    Russia RU
    4,701 2.5%
  9. 09
    PK
    Pakistan PK
    4,647 2.5%
  10. 10
    NL
    Netherlands NL
    4,355 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs with similar threat level and confidence scores.

15 Related IPs
8.8/10 Avg Threat
99% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
103.61.123.221 8/10
Confidence 99%
Reports 337
Location VN VN
23 Feb 2026
212.89.15.132 8/10
Confidence 99%
Reports 237
Location ES ES
24 Apr 2026
103.8.59.250 10/10
Confidence 99%
Reports 206
Location ID ID
7 Jun 2026
77.90.185.37 8/10
Confidence 99%
Reports 202
Location DE DE
9 Jun 2026
103.216.117.42 8/10
Confidence 99%
Reports 191
Location VN VN
11 May 2026
121.200.217.27 8/10
Confidence 99%
Reports 169
Location VN VN
12 May 2026
220.71.199.64 10/10
Confidence 99%
Reports 155
Location KR KR
7 Jun 2026
87.121.84.81 8/10
Confidence 99%
Reports 152
Location US US
20 Apr 2026
121.200.217.28 8/10
Confidence 99%
Reports 151
Location VN VN
8 Jun 2026
121.168.139.251 10/10
Confidence 99%
Reports 146
Location KR KR
1 Jun 2026
38.95.35.85 8/10
Confidence 99%
Reports 133
Location US US
8 May 2026
196.189.237.92 10/10
Confidence 99%
Reports 111
Location ET ET
18 May 2026
34.39.58.191 8/10
Confidence 99%
Reports 108
Location GB GB
3 May 2026
141.148.33.145 10/10
Confidence 99%
Reports 104
Location US US
8 Jun 2026
93.14.117.117 10/10
Confidence 99%
Reports 103
Location FR FR
9 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "103.213.127.100",
    "threat_level": 8,
    "confidence_score": 99,
    "total_reports": 158,
    "country_code": "NP",
    "isp_name": "Network Pool Allocated for HONS Network",
    "asn": "45424",
    "first_reported": "2026-02-18 19:29:42",
    "last_reported": "2026-03-02 00:29:57",
    "exported_at": "2026-06-09T08:02:32+02:00",
    "source": "https://reportedip.de/ip/103.213.127.100/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses