Extreme Threat
IP 103.67.78.90 is a high-risk address linked to automated intrusion activity, with a threat level of 10/10 and 397 reports logged by honeypot sensors since September 2025. The dominant threat profile consists of SSH brute-force attempts and broader hacking activity targeting exposed services.
Detection data from 20 automated honeypot sensors shows concentrated malicious behavior originating from PT Cloud Hosting Indonesia's network (AS136052) in Indonesia. The reported threat categories break down to 19 Hacking incidents and 1 SSH-specific report, indicating systematic unauthorized access attempts. All activity was recorded within September 2025, establishing a clear and recent threat window. The volume of reports relative to the detection window suggests persistent automated scanning rather than isolated manual probes.
SSH brute-force activity represents a critical credential-comromise threat where automated tools systematically attempt common username and password combinations against exposed secure shell services. A successful authentication grants attackers persistent remote access to server infrastructure, potentially enabling data exfiltration, secondary payload delivery, or use of the compromised host as a pivot point for further network intrusions.
Site operators running publicly accessible SSH services should immediately implement automated rate-limiting and blocking mechanisms such as fail2ban to reject sources demonstrating repeated authentication failures. Transitioning exclusively to key-based authentication, disabling direct root login, and using non-standard SSH ports significantly reduces attack surface. Continuous log monitoring for anomalous authentication patterns and prompt investigation of any suspicious activity remains essential for maintaining defensive posture against this threat category.
RO 
JP 
HK 
GB