Critical Threat
IP 103.56.148.184 is a high-risk address associated with persistent hacking activity, including detected SSH session establishment attempts against exposed services, drawing 585 total abuse reports at a threat level of 10/10 with 94% confidence. The volume and consistency of malicious traffic from this Indonesian IP make it a clear candidate for immediate blocking and continuous monitoring by any exposed network.
Reported across a five-month window from February 2026 through June 2026, this address accumulated 585 reports with an activity frequency rated 8/10, indicating sustained rather than opportunistic targeting. All 20 most recent reports consistently classify the activity as hacking, with automated honeypot sensors flagging Suricata alerts matching SSH session patterns on expected ports. The IP is registered to PT. Beon Intermedia in Indonesia, operating through ASN AS55688, placing the source within a commercial hosting environment commonly exploited for abuse due to relative anonymity and broad network access.
The dominance of SSH-related detection patterns suggests this address is engaged in systematic remote-access probing, consistent with credential-guessing campaigns targeting exposed SSH services worldwide. An established SSH session on an expected port signals active reconnaissance or authentication brute-forcing, which can lead to unauthorized server entry, lateral movement within networks, data exfiltration, or integration into botnets for further distributed attacks. The sustained frequency indicates persistent rather than one-time scanning, raising the real-world risk that successful compromise is a concrete possibility for unhardened targets.
Administrators should block this IP at the network perimeter firewall, implement automated dynamic blocking using tools like fail2ban to detect and ban repeated authentication failures, enforce key-based SSH authentication to eliminate password-based entry vectors, and restrict SSH access to known trusted IP ranges through allowlist configuration. Continuous monitoring for anomalous authentication patterns on port 22 and regular review of access logs will further reduce exposure to threats originating from this address.
MU 
MX 
SC 
UA 
RO 
EG