IOC Radar
IPMediumSignal 73/100

103.148.100.146

Location
IndonesiaIndonesia
Denpasar, Bali
ASN
AS139988
FLYNET
First Seen
Sep 4, 2024
Last Seen
Jun 8, 2026
Sep 4
First Seen
662d ago
Jun 8
Last Seen
19d ago
29
Reports
source reports
73%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

85 techniques

Network Information

CountryIDIndonesia
RegionDenpasar, Bali
ASNAS139988
OrganizationFLYNET

IP Category

VPN
VPN exit node

Feed Intelligence Summary

29 reports73% confidence
29
Source reports
73%
Confidence score
Category tags
abuseaccess attemptaccess attemptsaccess controlaccess managementaccount accessaccount compromiseactive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningapplication layer protocolaptasiaasnatif feedattackattack origin: franceattack sourceattacker hostattacker-ipattackers ip addressesaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication_failuresauto-generated securityautomated attackautomated attacksautomated botnet activityautomated-attackbad reputationbad web botbanlist feedbanner-grabbingbinary defenseblacklisted ipblock listblock.txtblocked ipblocklistblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute force: ftpbrute force: httpbrute force: sshbrute-forcbrute-forcebrute_forcebruteforcec2c2 communicationc2 serverchina mobilecisco devicecisco device attackcloud infrastructurecloud infrastructure attackcloud servicescode-injectioncolumnscommand & controlcommand and controlcommunication protocolcommunity-sharedcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcredential accesscredential attackcredential brute forcecredential compromise attemptcredential harvestingcredential stuffingcredential-accesscredential-attackcredential-harvestingcredential_accesscredential_stuffingcredentialsctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean cliftondigitalocean vpsdionaeadionaea honeypotdistributed attacksdos attemptenterprise networkingenumerationenv-huntingeuropeexecutable fileexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexport-to-otxexternal remote servicesexternal scanexternal-facing serviceexternal_threatfail2ban alertfail2ban alertsfail2ban blocked ipfail2ban blocked ipsfail2ban eventfail2ban logfail2ban triggeredfail2ban_eventfailed loginfailed login attemptsfattfilefinlandfranceftpftp brute forceftp brute-forceftp_brute_forcegame_servergb_hosted_servergeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttp/shttpshurricane usididentity & access exploitationindiaindicatorindicators of compromiseindonesiainfoinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access attemptinitial-accessinjection activityinjection attacksinternet scaninternet scannerintrusion attemptsintrusion detectionintrusion prevention systemiociot securityiot targetedipv4ipv4 indicatorit infrastructurejapankill-chain exploitationkill-chain reconnaissancelamplamp stacklateral movementlinux securitylinux systemsloginlogin attacklogin attemptlogin attemptslogin brute forcelogin brute-forcelogin bruteforcelogin failurelogin failureslow-riskmailmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious login attemptsmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-ipmalwaremalware behaviourmalware capturemalware deliverymalware distributionmalware propagation attemptmanualmispmod securitymodsecurity alertsmodsecurity attacksnetworknetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service scanningnetwork trafficnetwork traffic analysisnetwork-reconnaissancenetwork_reconnaissancenginxnorth americanoticeobserved malicious activityoceaniaos credentials dumpingosintp0fpassword attackpassword attackspassword crackingpassword sprayingpassword_attackpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible brute forcepossible malware distributionpotential botnet activitypotential compromisepotential malware uploadprocess injectionprotocol exploitationprotocol-probingpublicly accessible infrastructureransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote servicesremote_accessresearchresearchedresource hijackingscanscannerscanner ipscannersscanning activitysecure shell protocolsecurity alertsecurity operationssecurity policysensor-taggedsentrypeer botnetserver compromise attemptserver securityservice scansftp access attemptssftp attacksftp exploitation attemptssipsip scanningsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql-injectionsshssh attackssh bruteforcessh monitoringssh protocolssh scanningssh-brutessh_brute_forcestaging_serverswedensystem accesst1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1090t1105t1106t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.002t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp scanningtcp/iptelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-feedthreat-intelligencetimeouttokyotop10.txttopips.txttor nodetpotudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunited kingdomunited statesunknown threat actorunusual network activityus abuseus noneutc+1:00valid accountsvoidtrapvoidtrap-intelligencevoipvoip attackvpnvpn ipvpsvulnerability scanvulnerability-scanningvultrvultr infrastructurewebweb app attackweb application attackweb attacksweb brute forceweb exploitweb exploitationweb spamweb trafficweb-application-attackwordpress brute force

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
29
Reports
First seenSep 4, 2024
Last seenJun 8, 2026
GeolocationID
CountryIndonesia
LocationDenpasar, Bali
ASNAS139988
OrgFLYNET
Coords-8.7277, 115.1750
VPN

VirusTotal

Not checked

WHOIS

description
Banned by Fail2Ban [sshd]
raw
inetnum: 103.148.100.0 - 103.148.101.255 netname: FLYNET-ID descr: PT. GARUDA PRIMA INTERNETINDO descr: Internet Service Provider descr: Jl. Padang Mekar No, 3x descr: Padang Sambian, Denpasar descr: Bali, 80117 admin-c: WU21-AP tech-c: WU21-AP country: ID mnt-by: MNT-APJII-ID mnt-irt: IRT-FLYNET-ID mnt-routes: MAINT-ID-FLYNET status: ALLOCATED PORTABLE last-modified: 2020-02-10T08:51:54Z source: APNIC irt: IRT-FLYNET-ID address: PT. GARUDA PRIMA INTERNETINDO address: Jl. Padang Mekar No, 3x address: Padang Sambian, Denpasar address: Bali, 80117 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: WU21-AP tech-c: WU21-AP auth: # Filtered mnt-by: MAINT-ID-FLYNET last-modified: 2020-02-10T08:44:49Z source: APNIC person: Willy Unsulangi address: Jl. Padang Mekar No, 3x address: Padang Sambian, Denpasar address: Bali, 80117 country: ID phone: +62-361-6202929 e-mail: [email protected] nic-hdl: WU21-AP mnt-by: MNT-APJII-ID last-modified: 2020-02-06T08:19:15Z source: APNIC route: 103.148.100.0/24 descr: Route object of PT. GARUDA PRIMA INTERNETINDO descr: Internet Service Provider descr: Jl. Padang Mekar No, 3x descr: Padang Sambian, Denpasar descr: Bali, 80117 origin: AS139988 mnt-by: MAINT-ID-FLYNET last-modified: 2020-02-25T02:21:42Z source: APNIC inetnum: 103.148.100.0 - 103.148.101.255 netname: FLYNET-ID descr: PT. GARUDA PRIMA INTERNETINDO descr: Internet Service Provider descr: Jl. Padang Mekar No, 3x descr: Padang Sambian, Denpasar descr: Bali, 80117 admin-c: WU21-AP tech-c: WU21-AP country: ID mnt-by: MNT-APJII-ID mnt-irt: IRT-FLYNET-ID mnt-routes: MAINT-ID-FLYNET mnt-lower: MAINT-ID-FLYNET status: ALLOCATED PORTABLE last-modified: 2022-10-10T08:23:30Z source: IDNIC irt: IRT-FLYNET-ID address: PT. GARUDA PRIMA INTERNETINDO address: Jl. Padang Mekar No, 3x address: Padang Sambian, Denpasar address: Bali, 80117 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: WU21-AP tech-c: WU21-AP auth: # Filtered mnt-by: MAINT-ID-FLYNET last-modified: 2022-10-10T08:20:28Z source: IDNIC person: Willy Unsulangi address: Jl. Padang Mekar No, 3x address: Padang Sambian, Denpasar address: Bali, 80117 country: ID phone: +62-361-6202929 e-mail: [email protected] nic-hdl: WU21-AP mnt-by: MAINT-ID-FLYNET last-modified: 2022-10-10T08:20:36Z source: IDNIC
references
https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://redpiranha.net, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 19 days ago
Appeared in 29 threat reports