IPMediumSignal 100/100
103.31.39.66
Location
MalaysiaCicurug, Banten
ASN
AS136052
PT Cloud Hosting Indonesia
First Seen
Jan 1, 2025
Last Seen
Jun 6, 2026
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryMalaysia
MalaysiaRegionCicurug, Banten
ASNAS136052
OrganizationPT Cloud Hosting Indonesia
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
22 reports99% confidence
22
Source reports
99%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanninganomalous network connectionsapacheapache attackerapache attacksapache vulnerability scanningapplication layer protocolasiaatif feedattackattack campaignattack origin: gbaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication_bypassauto-generated securityautomated attackautomated attacksautomated threatbad reputationbad web botbanlist feedbinary defenseblacklisted ipblock listblock.txtblocked ipblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcec2c2 communicationc2 serverchina mobilecisco devicecolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise assessmentcompromised credentialscompromised hostcompromised hostscompromised systemscowrie honeypotcowrie interactionscredential accesscredential guessingcredential harvestingcredential stuffingcredential_accesscredentialsctadaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdionaea activitydionaea honeypotdionaea interactionsdistributed attacksemerging threatsenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploit probingexploit targetingexploitationexploitation activityexploitation attemptsexploited hostfail2ban alertfail2ban blockedfail2ban blocked ipfail2ban eventfail2ban triggerfail2ban triggeredfailed loginfailed login attemptsfattfatt analysisfatt signaturesfinlandfranceftpftp attacksftp brute forceftp brute-forcegame_servergermanyhackinghk abusehandlerhoneynet connecthoneytrap activityhoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshurricane usididentity & access exploitationindiaindicatorindicators of compromiseindonesiainfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot targetedipv4ipv4_addressit infrastructurelamplamp server targetinglateral movementlinux systemslogin attacklogin attackslogin attemptlogin attemptslogin failuremailmailoney activitymailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious ip activitymalicious ip addressesmalicious loginmalicious payloadmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware distributionmanualmod securitymodsecurity alertsmodsecurity attacksnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork layer protocolnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork_service_exploitationnorth americanoticeobserved malicious activityoceaniap0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandpossible botnet activitypossible malware distributionpotential malware uploadpotential reconnaissanceprocess injectionprotocol exploitationransomwarerdp attacksreconnaissancereconnaissance activityremote accessremote service exploitationremote servicesremote_accessresearchedresource developmentresource hijackingscanscannerscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver exploitationserver securityservice scansftp access attemptsftp attacksip attackssmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsshssh attackssh attacksssh monitoringstaging_serversuricata alertst1003t1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1119t1133t1189t1190t1195t1195.002t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1583t1583.001t1587.001t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized login attemptsunited kingdomunited statesus abuseus nonevalid accountsvnc protocolvoipvoip attackvpnvpn ipvulnerabilityvulnerability scanweb application attackweb attacksweb brute forceweb exploitationweb serversweb spamweb trafficwordpress brute force
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
22
Reports
First seenJan 1, 2025
Last seenJun 6, 2026
GeolocationMY
CountryMalaysia
LocationCicurug, Banten
ASNAS136052
OrgPT Cloud Hosting Indonesia
Coords-6.8421, 106.7240
VPN
VirusTotal
Not checked
WHOIS
- description
- Honeypot
- raw
- inetnum: 103.31.38.0 - 103.31.39.255 netname: IDNIC-IDCLOUDHOST-ID descr: PT Cloud Hosting Indonesia descr: Corporate / Direct Member IDNIC descr: Pinus Raya Reni Jaya AG-1 No.01 descr: Pamulang Barat, Pamulang descr: Tangerang Selatan, Banten country: ID admin-c: APS20-AP tech-c: APS20-AP abuse-c: AI410-AP status: ASSIGNED PORTABLE mnt-by: MNT-APJII-ID mnt-irt: IRT-IDCLOUDHOST-ID last-modified: 2021-03-10T11:53:40Z source: APNIC irt: IRT-IDCLOUDHOST-ID address: PT Cloud Hosting Indonesia address: Jl. Bojonggenteng No. 2 address: Sukabumi, Jawa Barat e-mail: [email protected] abuse-mailbox: [email protected] admin-c: APS20-AP tech-c: APS20-AP auth: # Filtered mnt-by: MAINT-ID-IDCLOUDHOST last-modified: 2025-09-04T04:51:35Z source: APNIC role: ABUSE IDCLOUDHOSTID address: PT Cloud Hosting Indonesia address: Jl. Bojonggenteng No. 2 address: Sukabumi, Jawa Barat country: ZZ phone: +000000000 e-mail: [email protected] admin-c: APS20-AP tech-c: APS20-AP nic-hdl: AI410-AP remarks: Generated from irt object IRT-IDCLOUDHOST-ID abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2020-06-20T23:57:17Z source: APNIC person: Alfian Pamungkas Sakawiguna address: Jl. Bojonggenteng No.2 address: Sukabumi, Jawa Barat country: ID phone: +62-266-620073 e-mail: [email protected] nic-hdl: APS20-AP mnt-by: MAINT-ID-IDCLOUDHOST last-modified: 2017-01-23T07:34:14Z source: APNIC inetnum: 103.31.38.0 - 103.31.39.255 netname: IDNIC-IDCLOUDHOST-ID descr: PT Cloud Hosting Indonesia descr: Corporate / Direct Member IDNIC descr: Pinus Raya Reni Jaya AG-1 No.01 descr: Pamulang Barat, Pamulang descr: Tangerang Selatan, Banten country: ID admin-c: APS20-AP tech-c: APS20-AP status: ASSIGNED NON-PORTABLE mnt-by: MNT-APJII-ID mnt-irt: IRT-IDCLOUDHOST-ID last-modified: 2021-01-15T09:38:22Z source: IDNIC irt: IRT-IDCLOUDHOST-ID address: PT Cloud Hosting Indonesia address: Jl. Bojonggenteng No. 2 address: Sukabumi, Jawa Barat e-mail: [email protected] abuse-mailbox: [email protected] admin-c: APS20-AP tech-c: APS20-AP auth: # Filtered mnt-by: MAINT-ID-IDCLOUDHOST last-modified: 2017-01-23T07:33:21Z source: IDNIC person: Alfian Pamungkas Sakawiguna address: Jl. Bojonggenteng No.2 address: Sukabumi, Jawa Barat country: ID phone: +62-266-620073 e-mail: [email protected] nic-hdl: APS20-AP mnt-by: MAINT-ID-IDCLOUDHOST last-modified: 2017-01-23T07:34:14Z source: IDNIC route: 103.31.36.0/22 descr: ADS-NET-ID origin: AS38165 mnt-by: MAINT-ID-ADS last-modified: 2024-07-19T01:19:35Z source: IDNIC
- references
- https://github.com/telekom-security/tpotce, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://redpiranha.net, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 4 days ago
Appeared in 22 threat reports