IOC Radar
IPMediumSignal 57/100

103.226.138.52

Location
IndonesiaIndonesia
Cicurug, West Java
ASN
AS136052
PT Cloud Hosting Indonesia
First Seen
Nov 21, 2024
Last Seen
Jun 13, 2026
Nov 21
First Seen
581d ago
Jun 13
Last Seen
12d ago
28
Reports
source reports
57%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

82 techniques

Network Information

CountryIDIndonesia
RegionCicurug, West Java
ASNAS136052
OrganizationPT Cloud Hosting Indonesia

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

28 reports57% confidence
28
Source reports
57%
Confidence score
Category tags
abuseaccess attemptaccess attemptsaccess controlaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningaptasiaattackattack sourceattacker hostaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attack attemptsautomated attacksautomated threatbad reputationbad web botblacklisted ipblock listblock.txtblocked addressesblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebruteforcec2c2 communicationcanadachina mobilecisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscliftonclifton data centercloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcowrie honeypot datacredential accesscredential attackcredential attackscredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscredential_stuffingctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredatabase securityddosddos attackddos attacksdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean securitydigitalocean vpsdionaea honeypotdistributed attacksemail-bruteforceemerging threatsenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploit targetingexploitationexploitation activityexploitation attemptsexploited hostexternal scanexternal-threatfail2ban alertfail2ban detectionfail2ban mitigationfail2ban triggeredfailed loginfailed login attemptsfailed loginsfailed-authenticationfattfilefinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegb_hosted_servergermanygithubhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usididentity & access exploitationindiaindicatorindonesiainformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinjection activityinjection attacksinternet facing systemsinternet-wide scanintrusion attemptintrusion detectioniociot securityiot targetedipv4ipv4 addressesipv4 iocipv4-addressesipv4_addressit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp stacklateral movementlinux serverlinux systemslinux-serverlinux-server-attackslog analysislogin attacklogin attemptlogin attemptslogin brute-forcelogin enumerationlogin failureslogin securitylow-riskmailmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious hostmalicious ip activitymalicious ipsmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware distributionmalware-related botnet activitymanualmod securitymodsecurity alertsmodsecurity attacksmultiple failed loginsmysqlnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork sniffingnetwork trafficnetwork-reconnaissancenetwork_service_exploitationnginxnorth americanoticeobserved malicious activityoceaniaopen proxyosintp0fparispassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningpossible botnet activitypossible botnet infectionpossible malware distributionpotential compromisepotential intrusionpotential malware uploadprocess injectionprotocol exploitationprotocol-probingproxypythonransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote serviceremote servicesremote_accessresearchedresource hijackingscams & fraudscannerscannersscanning activitysecurity alertsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetserverserver exploitationserver securityserver security eventservice exploitationservice scansftpsftp attacksftp exploit attemptsip brute forcesip scanningslugsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsshssh attackssh monitoringssh protocolsurface webswedent-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1090t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1119t1133t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1550.002t1552.001t1563t1565t1566t1566.001t1566.002t1566.003t1567t1573t1573.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.002 active scanningt1595.003ta0001 initial accessta0043 reconnaissancetannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpottpotcetraffic monitoringudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunited kingdomunited statesus abuseus noneutc+1:00valid accountsvnc protocolvoipvoip attackvpnvpn ipvpsvps securityvulnerability scanvultr infrastructureweb app attackweb application attackweb applicationsweb attacksweb brute forceweb exploitationweb loginweb spamweb trafficweb-bruteforcewordpress brute force

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
28
Reports
First seenNov 21, 2024
Last seenJun 13, 2026
GeolocationID
CountryIndonesia
LocationCicurug, West Java
ASNAS136052
OrgPT Cloud Hosting Indonesia
Coords-6.8421, 106.7240
ProxyVPN

VirusTotal

Not checked

WHOIS

description
every host is banned for 3 hours and receives an abuse report from me every 96 hours if it continues

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 12 days ago
Appeared in 28 threat reports