IPMediumSignal 21/100
103.146.203.11
Location
IndonesiaCicurug, West Java
ASN
AS136052
PT Cloud Hosting Indonesia
First Seen
Jan 9, 2025
Last Seen
Jun 2, 2026
Found in 16 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
21%
Signal Score
21 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryIndonesia
IndonesiaRegionCicurug, West Java
ASNAS136052
OrganizationPT Cloud Hosting Indonesia
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
16 reports21% confidence
16
Source reports
21%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotanonymity network abuseanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyantispamapplication layer protocolaptasiaattackattack infrastructureattack-vector:brute-forceattack-vector:port-scanaustraliaauthentication attemptsautomated feedautomated network attacksautomated_attackbad reputationbad web botbotnetbotnet activitybotnet c2botnet indicatorsbotnet infrastructurebrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcebrute_force_attackc2c2 addressesc2 communicationc2 infrastructurec2 servercisco asacisco devicecommand & controlcommand and controlcommand injectioncommunication protocolcompromised hostcompromised host indicatorscompromised infrastructure indicatorscowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingdata encryptiondata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attacksdnsdns attackencryptionenterprise networkingenumerationenumeration activityeuropeevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexit nodeexit node threatexploitexploitation activityexploitation attemptexploited hostexternal threatfailed login attemptsfattfeedfeed-harvestfeodofeodo trackerfeodo-trackerfinlandfireholfranceftpftp brute forceftp_attemptsftp_brute_forcegermanyhackinghashhoneynet connecthoneytrap honeypothttp brute forcehttp scannerhttp/shttp_httpshttpsi2p networkididentity & access exploitationindicatorindicatorsindicators of compromiseindicators_of_compromiseindonesiainformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinitial_access_attemptinjection activityinternet-facingintrusion detectioniociocsit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashinglamplamp stack exploitationlateral movementlog4jlogin attemptmailoney honeypotmalicious activitymalicious domainmalicious domainsmalicious hashesmalicious ip addressesmalicious ipsmalicious linksmalicious softwaremalicious urlsmalicious_activitymalicious_ip_activitymalwaremalware behaviourmalware capturemalware communicationmalware distributionmalware domainmalware domainsmalware indicatorsmalware urlsmanualnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenorth americaoceaniaopenphish feedopenphish iocp0fpassword attackpassword attacksphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlspolandpossible credential stuffingpossible reconnaissancepotential botnet activitypotential credential compromiseprocess injectionprotocol exploitationprotocol scanningprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy ipsproxy networkproxy serverproxy serversransomwarerdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscannerscanning activitysecurity operationssecurity policysecurity_eventsensor-taggedsentrypeer botnetservice discoveryservice enumerationservice scanservice scanningsftp attacksmb brute forcesmtpsmtp brute forcesocial engineeringsoftware developmentspamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsshssh attackssh monitoringssh_attemptsssh_brute_forcessl blacklistssl certificatessl certificatessslblsslblackliststixstix feedsuspected malicious activitysyn scant1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1048t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1083t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1192t1195t1195.001t1195.002t1203t1204t1204.001t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.005t1592t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tannertcp protocoltcp scantcp scanningtelecommunicationstelnet threattelnet_attemptsthreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-actor:unattributedthreat-intelthreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtls fingerprinttortor activitytor exit nodetor exit nodestor networktor network activitytor nodetor_exit_nodetorexittorexitnodestpotudp scanunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunited statesunknown threat actorurlhausvoipvoip attackvpnvpn networkvpn servicevpn trafficvulnerability scanweb app attackweb application attackweb exploitationweb securityweb spamweb traffic
Activity Timeline
Jun 2Jun 2
Threat Activity Heatmap
· Peak: 2026-06-02LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
This Indicator of Compromise (IOC), an IPv4 address (103.146.203.11), is identified as a low-risk network component with a score of 20.63. Its primary association is with Tor exit nodes, which are widely utilized for anonymization, encompassing both legitimate and potentially illicit activities. While this IP address frequently appears in various threat intelligence feeds, this presence largely reflects its role within the Tor network rather than direct evidence of specific malicious activity or…
Threat ScoreLow Risk
21
SIGNAL
Signal Score
21%
Confidence
16
Reports
First seenJan 9, 2025
Last seenJun 2, 2026
GeolocationID
CountryIndonesia
LocationCicurug, West Java
ASNAS136052
OrgPT Cloud Hosting Indonesia
Coords-6.1728, 106.8272
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
- raw
- inetnum: 103.146.203.0 - 103.146.203.255 netname: IDNIC-IDCLOUDHOST-ID descr: PT Cloud Hosting Indonesia descr: Corporate / Direct Member IDNIC descr: Pinus Raya Reni Jaya AG-1 No.01 descr: Pamulang Barat, Pamulang descr: Tangerang Selatan, Banten admin-c: APS20-AP tech-c: APS20-AP country: ID mnt-by: MNT-APJII-ID mnt-irt: IRT-IDCLOUDHOST-ID mnt-routes: MAINT-ID-IDCLOUDHOST status: ASSIGNED NON-PORTABLE last-modified: 2021-08-24T03:04:37Z source: APNIC irt: IRT-IDCLOUDHOST-ID address: PT Cloud Hosting Indonesia address: Jl. Bojonggenteng No. 2 address: Sukabumi, Jawa Barat e-mail: [email protected] abuse-mailbox: [email protected] admin-c: APS20-AP tech-c: APS20-AP auth: # Filtered mnt-by: MAINT-ID-IDCLOUDHOST last-modified: 2018-05-31T22:30:59Z source: APNIC person: Alfian Pamungkas Sakawiguna address: Jl. Bojonggenteng No.2 address: Sukabumi, Jawa Barat country: ID phone: +62-266-620073 e-mail: [email protected] nic-hdl: APS20-AP mnt-by: MAINT-ID-IDCLOUDHOST last-modified: 2017-01-23T07:34:14Z source: APNIC inetnum: 103.146.203.0 - 103.146.203.255 netname: IDNIC-IDCLOUDHOST-ID descr: PT Cloud Hosting Indonesia descr: Corporate / Direct Member IDNIC descr: Pinus Raya Reni Jaya AG-1 No.01 descr: Pamulang Barat, Pamulang descr: Tangerang Selatan, Banten admin-c: APS20-AP tech-c: APS20-AP country: ID mnt-by: MNT-APJII-ID mnt-irt: IRT-IDCLOUDHOST-ID mnt-routes: MAINT-ID-IDCLOUDHOST status: ASSIGNED NON-PORTABLE last-modified: 2021-08-24T03:13:38Z source: IDNIC irt: IRT-IDCLOUDHOST-ID address: PT Cloud Hosting Indonesia address: Jl. Bojonggenteng No. 2 address: Sukabumi, Jawa Barat e-mail: [email protected] abuse-mailbox: [email protected] admin-c: APS20-AP tech-c: APS20-AP auth: # Filtered mnt-by: MAINT-ID-IDCLOUDHOST last-modified: 2017-01-23T07:33:21Z source: IDNIC person: Alfian Pamungkas Sakawiguna address: Jl. Bojonggenteng No.2 address: Sukabumi, Jawa Barat country: ID phone: +62-266-620073 e-mail: [email protected] nic-hdl: APS20-AP mnt-by: MAINT-ID-IDCLOUDHOST last-modified: 2017-01-23T07:34:14Z source: IDNIC
- references
- https://github.com/telekom-security/tpotce, https://check.torproject.org/torbulkexitlist
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 9 days ago
Appeared in 16 threat reports