IOC Radar
IPMediumSignal 53/100

103.139.192.221

Location
IndonesiaIndonesia
Jakarta, Jakarta
ASN
AS136052
PT. Halto Petirah Angrowangi
First Seen
May 19, 2025
Last Seen
Jun 8, 2026
May 19
First Seen
397d ago
Jun 8
Last Seen
12d ago
26
Reports
source reports
53%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

87 techniques

Network Information

CountryIDIndonesia
RegionJakarta, Jakarta
ASNAS136052
OrganizationPT. Halto Petirah Angrowangi

IP Category

VPN
VPN exit node

Feed Intelligence Summary

26 reports53% confidence
26
Source reports
53%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanninganomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningaptasiaattackattack attemptattack sourceattack source ipattacker hostattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication bypassauthentication failureauthentication failuresautomated attackautomated attacksautomated threatbad reputationbad web botbanned ipblacklisted ipblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec&cc2c2 communicationchinachina mobilecisco devicecloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommunication protocolcompany limitedcompromised credentialscompromised hostcompromised systemscowriecowrie honeypotcowrie interactionscredential accesscredential access attemptscredential attackcredential brute-forcingcredential guessingcredential harvestingcredential stuffingcredentialsdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase login attemptsdatabase securityddosddos attackddos attacksddos preparationdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandionaeadionaea honeypotdionaea interactionsdistributed attacksemerging threatsencryptionenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostexport-to-otxexposed servicesexternal remote servicesexternal scanextortionfail2ban alertsfail2ban triggeredfailed loginfailed login attemptsfattfatt signaturesfinlandfranceftpftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/httpshttpshurricane usididentity & access exploitationimapindiaindicatorindonesiainformation technologyinfrastructure-as-a-serviceinitial accessinjection activityinjection attacksinternet scaninternet-facing assetsinternet-wide scanintrusion detectioniociot securityiot targetedipv4ipv4 addressipv4 trafficit infrastructurelamplamp server targetinglateral movementlcialinux systemlinux systemslogin attacklogin attackslogin attemptlogin attemptslogin failurelondonmailmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious ip activitymalicious ipsmalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmispmod securitymodsecurity alertsmodsecurity attacksnetworknetwork accessnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork trafficnorth americanoticeobserved malicious activityoceaniap0fp0f signaturesparispassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible ddos reconnaissancepossible malware distributionpotential malware uploadprocess injectionprotocol exploitationpublicly accessible infrastructureransomwarereconnaissancereconnaissance activityremote accessremote access attemptsremote servicesresearchedresource hijackingscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsserver securityservice scansftp access attemptsftp attacksingaporesmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh bruteforcessh monitoringsuricata alertsswedensynsystem accesssystem disruptiont-pott1003t1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1189t1190t1195t1203t1204t1204.002t1210t1486t1490t1496t1497t1499.001t1499.002t1499.003t1550t1550.002t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1567t1573t1573.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp/22telecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpotudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited kingdomunited statesus abuseus nonevalid accountsvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvultr infrastructureweb app attackweb application attackweb attackweb attacksweb brute forceweb crawlerweb crawlingweb exploitweb exploitationweb loginweb login attemptsweb serversweb spamweb trafficwordpress brute force

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
26
Reports
First seenMay 19, 2025
Last seenJun 8, 2026
GeolocationID
CountryIndonesia
LocationJakarta, Jakarta
ASNAS136052
OrgPT. Halto Petirah Angrowangi
Coords-6.2385, 106.8240
VPN

VirusTotal

Not checked

WHOIS

description
List of SSH attacking IPs detected by the Rimba Siber honeypot.

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 12 days ago
Appeared in 26 threat reports