IOC Radar
IPMediumSignal 58/100

103.172.204.219

Location
IndonesiaIndonesia
Cicurug, West Java
ASN
AS136052
PT Cloud Hosting Indonesia
First Seen
Nov 22, 2024
Last Seen
Jun 6, 2026
Nov 22
First Seen
569d ago
Jun 6
Last Seen
8d ago
27
Reports
source reports
58%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

82 techniques

Network Information

CountryIDIndonesia
RegionCicurug, West Java
ASNAS136052
OrganizationPT Cloud Hosting Indonesia

Feed Intelligence Summary

27 reports58% confidence
27
Source reports
58%
Confidence score
Category tags
abuseaccess controlaccount accessaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanninganomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningaptasiaatif feedattackattack source ipattacker-ipaustraliaaustralia network activityauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failuresauthentication_failuresautomated attackautomated attack attemptsautomated attacksautomated attemptsautomated-attackbad reputationbad web botbanlist feedbinary defenseblock listblock.txtblocklist_allblog spambot activitybotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute force authenticationbrute-forcbrute-forcebruteforcec2c2 communicationc2 serverchinachina mobilecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud service attackcloud servicescode-injectioncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemscowrie datacowrie honeypotcredential accesscredential attackcredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-abusecredential_stuffingctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandionaea honeypotdistributed attacksemerging threatsenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostexternal remote servicesfail2ban alertfail2ban blocked ipfail2ban eventsfail2ban triggeredfailed authenticationfailed login attemptsfattfilefinlandfranceftpftp brute forceftp brute-forcegeoipgermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usididentity & access exploitationimap brute forceindiaindicatorindicators of compromiseindonesiainfoinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial access attemptinjection activityinjection attacksintrusion detectioniociot securityiot targetedip.txtipv4ipv4 port scanningipv4 scanningit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp stacklateral movementlcialinuxlinux server targetlinux systemslog analysislogin attacklogin attemptlogin brute forcelogin brute-forcelogin failurelow-riskmailmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious ip addressesmalicious ip listmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmod securitymodsecurity alertsmodsecurity attacksnetworknetwork accessnetwork attacksnetwork brute forcenetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork sniffingnetwork traffic analysisnorth americanoticeobserved malicious activityoceaniaosintp0fpassword attackpassword attackspassword crackingpassword sprayingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningpossible botnet activitypossible malware distributionpotential intrusionpotential malware uploadprocess injectionprotocol exploitationpublicly accessible infrastructureransomwarereconnaissancereconnaissance activityredpiranhareferenceremote accessremote access attemptremote access attemptsremote servicesremote_accessresearchedresource hijackingscanscannerscannersscanning activitysecurity monitoringsecurity operationssecurity policyself-signedsensor-taggedsentrypeer activitysentrypeer botnetserver securityservice scanservice scanningsftp attacksftp exploitation attemptssingaporesip brute forcesip scanningsipvicious scansmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql-injectionsshssh attackssh monitoringssh protocolssh scanningswedensystem accesst-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550.002t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpotudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunited kingdomunited statesunknown threat actorunknown threat groupus abuseus noneus source iputc+1:00valid accountsvoidtrapvoipvoip attackvpsvps securityvulnerability scanweb application attackweb application scanweb attacksweb brute forceweb exploitweb exploitationweb loginweb spamweb trafficweb-application-attackwordpress brute force

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
27
Reports
First seenNov 22, 2024
Last seenJun 6, 2026
GeolocationID
CountryIndonesia
LocationCicurug, West Java
ASNAS136052
OrgPT Cloud Hosting Indonesia
Coords-6.8421, 106.7240

VirusTotal

Not checked

WHOIS

description
Honeypot
raw
inetnum: 103.172.204.0 - 103.172.204.255 netname: IDNIC-IDCLOUDHOST-ID descr: PT Cloud Hosting Indonesia descr: Corporate / Direct Member IDNIC descr: Pinus Raya Reni Jaya AG-1 No.01 descr: Pamulang Barat, Pamulang descr: Tangerang Selatan, Banten admin-c: APS20-AP tech-c: APS20-AP country: ID mnt-by: MNT-APJII-ID mnt-irt: IRT-IDCLOUDHOST-ID mnt-routes: MAINT-ID-IDCLOUDHOST status: ASSIGNED NON-PORTABLE last-modified: 2021-09-03T09:35:47Z source: APNIC irt: IRT-IDCLOUDHOST-ID address: PT Cloud Hosting Indonesia address: Jl. Bojonggenteng No. 2 address: Sukabumi, Jawa Barat e-mail: [email protected] abuse-mailbox: [email protected] admin-c: APS20-AP tech-c: APS20-AP auth: # Filtered mnt-by: MAINT-ID-IDCLOUDHOST last-modified: 2018-05-31T22:30:59Z source: APNIC person: Alfian Pamungkas Sakawiguna address: Jl. Bojonggenteng No.2 address: Sukabumi, Jawa Barat country: ID phone: +62-266-620073 e-mail: [email protected] nic-hdl: APS20-AP mnt-by: MAINT-ID-IDCLOUDHOST last-modified: 2017-01-23T07:34:14Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://redpiranha.net, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 8 days ago
Appeared in 27 threat reports