IP Address

202.125.94.71

IPv4 Public
ID ID
AS46042
Gunadarma University
799 Reports
This IP is on the Blacklist High confidence threat - blocking recommended
10/10 Threat
77% Confidence
799 Reports

Threat Intelligence Analysis

AI-generated security assessment based on aggregated threat data

Top 10% High Threat
ID
ID Location
Gunadarma University ASN 46042
799 Reports
Honeypot Data Source

Severe Risk

IP 202.125.94.71 is a critical-risk address with a threat level of 10 out of 10 that has been linked to 799 abuse reports over approximately six months, predominantly for sustained SSH brute-force activity. The dominant threat profile involves repeated automated password-guessing attempts against exposed SSH services, with 20 distinct detection events logged by automated honeypot sensors and supplementary reports from the wider security community.

The IP address 202.125.94.71 originates from Indonesia and is associated with ASN AS46042, operated by Gunadarma University. Automated honeypot sensors first reported the address in December 2025, with activity persisting through May 2026. The sheer volume of reports—combined with the confirmed presence of active SSH sessions on expected ports and multiple fail2ban violations—indicates a systematic, high-frequency attack campaign rather than opportunistic scanning. While the activity frequency is scored at 1 out of 10 due to the concentrated nature of these attacks, the persistence and scale of the intrusion attempts represent a significant and ongoing threat to any exposed SSH infrastructure.

Analysis of reported threat categories reveals SSH activity as the dominant vector, accounting for the vast majority of the 799 abuse reports. The attack pattern notes confirm repeated SSH brute-force attempts alongside Suricata alerts indicating active SSH sessions on expected ports, suggesting either successful authentication or sustained credential-probing against honeypot targets. If these techniques succeed against legitimate servers, attackers gain command-line access enabling data exfiltration, lateral movement, malware deployment, or recruitment into botnets. The presence of exploitation markers further indicates the host itself may be compromised and leveraged as an attack platform without the operator's knowledge.

Site operators should immediately block 202.125.94.71 at the firewall or network perimeter to prevent further probing. Implementing automated abuse-response tools such as fail2ban will dynamically ban addresses that exceed configurable login-failure thresholds. Organizations should enforce key-based authentication exclusively, disable direct root login, and consider relocating SSH to non-standard ports. Continuous monitoring of authentication logs combined with intrusion detection deployment will help identify and block follow-up attempts from this or related sources.

More threatening than 94% of monitored IPs

Threat Categories

SSH 28
Hacking 5
Exploited Host 2

Technical Details

SSH attacks attempt to gain server access through password guessing or exploitation of SSH vulnerabilities.

Recommended Mitigations

Use key-based authentication, change default ports, implement fail2ban, and disable root login.

Behavioral Analysis

Activity Pattern: Consistent Activity

Steady malicious activity over less than a day indicates persistent threat actor operations.

First Observed 16. May 2026
Last Activity 16. May 2026
Recent (7 days) 0 incidents

High-Risk Network Association

This IP belongs to a network (ASN 46042) with elevated threat levels. The ISP Gunadarma University hosts multiple reported malicious addresses, suggesting systemic security issues or permissive policies.

Network-wide patterns may indicate this is part of a larger malicious infrastructure.

Security Recommendations

Long-term blocking recommended.

This analysis is automatically generated from aggregated, anonymized threat intelligence data. No personal information is displayed or stored. Assessment accuracy depends on available data volume and diversity.

Reputation Summary

Threat Level 10/10 Critical
Critical
Activity Frequency 1/10 Very Low
Confidence Score 67% High Confidence

Confidence History

4. Apr 2026 - 16. May 2026
77% Current
Stable Trend

The confidence score shows the reliability of the threat assessment based on the number and quality of reports.

Security Reports (30)

Date Categories Source Confidence
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Hacking Honeypot x2 75%
Exploited Host Hacking SSH Honeypot x3 75%
Hacking SSH Honeypot x2 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
SSH Honeypot 75%
Hacking Honeypot 75%
SSH Honeypot 75%
Exploited Host Honeypot 75%
SSH Hacking Honeypot x2 75%
10 of 799 shown

Technical Details

Basic Information

IP Address
202.125.94.71
IP Version
IPv4
Network Type
Public
Tor Network
No
Network Class
Class C

Geolocation

Country
ID ID
ASN
AS46042
ISP
Gunadarma University

DNS Information

Reverse DNS
None
PTR Record
No
Connection Type
Static

Statistics

Total Reports
799
First Reported
3 Dec 2025
Last Reported
16 May 2026, 01:55

Network Reputation

Analysis of the entire network (ASN) that this IP address belongs to, providing context about the hosting provider and network-wide threat patterns.

Network Identity

AS46042
Gunadarma University
ID ID

Network Threat Assessment

8/10
This network has a high threat level with significant malicious activity reported across multiple IPs.

Network Statistics

1
Total IPs Monitored
788
Total Reports
788
Reports per IP

Network Context

This IP address belongs to Gunadarma University (AS46042), which manages 1 IP addresses in our monitoring system. Out of these, 788 have been reported for suspicious activities, resulting in a network-wide threat level of 8/10.

Network warning: This network has elevated threat levels. Exercise caution when interacting with IPs from this ASN.

Comparative Analysis

How this IP compares to others in our threat intelligence database

94 %

Global Threat Ranking

This IP is more threatening than 94% of all IPs in our database.

Top 10% Most Dangerous

Global Comparison

Compared against 199,475 reported IPs worldwide

Threat Level 10/10 avg: 5.3 ++
Total Reports 799 avg: 23 ++

Geographic Comparison

Compared against 5,540 IPs in ID

Threat Level 10/10 country avg: 5.4 ++
Total Reports 799 country avg: 16 ++
Indicators:
++ Much Higher + Higher = Similar - Lower -- Much Lower

Geographic Threat Distribution

187,140 threat incidents tracked globally • Last 24h: 19,043 Logs

FEED

Top Threat Sources

  1. 01
    US
    United States US
    38,446 20.5%
  2. 02
    IN
    India IN
    29,023 15.5%
  3. 03
    CN
    China CN
    26,021 13.9%
  4. 04
    BR
    Brazil BR
    10,256 5.5%
  5. 05
    DE
    Germany DE
    7,142 3.8%
  6. 06
    SG
    Singapore SG
    6,476 3.5%
  7. 07
    ID
    Indonesia ID THIS IP
    5,539 3%
  8. 08
    RU
    Russia RU
    4,703 2.5%
  9. 09
    PK
    Pakistan PK
    4,654 2.5%
  10. 10
    NL
    Netherlands NL
    4,356 2.3%

+40 more countries

THREAT LEVEL
LOW MED HIGH

Geographic data is aggregated and anonymized. No personal information displayed.

Map: simplemaps.com (MIT License)

Related IPs

Other IPs associated with this address through network or behavioral similarity

IPs with similar threat level and confidence scores.

15 Related IPs
8.7/10 Avg Threat
77% Avg Confidence
15 High Threat
High-risk network: Majority of related IPs are flagged
207.90.244.20 8/10
Confidence 77%
Reports 20,140
Location US US
9 Jun 2026
64.23.161.101 8/10
Confidence 77%
Reports 14,590
Location US US
9 Jun 2026
164.92.106.15 8/10
Confidence 77%
Reports 14,523
Location US US
9 Jun 2026
134.209.95.237 8/10
Confidence 77%
Reports 9,742
Location NL NL
9 Jun 2026
64.62.197.92 8/10
Confidence 77%
Reports 1,818
Location US US
9 Jun 2026
65.49.20.68 8/10
Confidence 77%
Reports 1,070
Location US US
8 Jun 2026
45.82.78.102 10/10
Confidence 77%
Reports 998
Location DE DE
9 Jun 2026
74.82.47.5 8/10
Confidence 77%
Reports 986
Location US US
8 Jun 2026
64.62.156.212 8/10
Confidence 77%
Reports 791
Location US US
8 Jun 2026
79.137.123.148 10/10
Confidence 77%
Reports 765
Location FR FR
5 Dec 2025
81.192.46.29 10/10
Confidence 77%
Reports 701
Location MA MA
4 Jun 2026
78.153.140.148 10/10
Confidence 77%
Reports 661
Location GB GB
7 Jun 2026
45.144.212.240 8/10
Confidence 77%
Reports 645
Location UA UA
29 Jan 2026
4.145.113.4 10/10
Confidence 77%
Reports 585
Location SG SG
9 Jun 2026
85.217.140.3 8/10
Confidence 77%
Reports 555
Location FR FR
8 Jun 2026

Export & Firewall Rules

Download threat data or generate firewall rules to block this IP

JSON Report

Structured data format for integration with security tools and SIEM systems.

{
    "ip_address": "202.125.94.71",
    "threat_level": 10,
    "confidence_score": 77,
    "total_reports": 799,
    "country_code": "ID",
    "isp_name": "Gunadarma University",
    "asn": "46042",
    "first_reported": "2025-12-03 05:17:33",
    "last_reported": "2026-05-16 01:55:11",
    "exported_at": "2026-06-09T08:57:45+02:00",
    "source": "https://reportedip.de/ip/202.125.94.71/"
}
Download JSON

GDPR Compliant: Exports contain only IP-related threat data. No personal information or reporter details are included.

Analyzed high-risk IP addresses