IOC Radar
IPMediumSignal 33/100

124.153.21.218

Location
IndonesiaIndonesia
Jakarta, Jakarta Raya
ASN
AS9326
Centrin
First Seen
Feb 10, 2024
Last Seen
Apr 1, 2026
Feb 10
First Seen
851d ago
Apr 1
Last Seen
70d ago
11
Reports
source reports
33%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
33%
Signal Score
33 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

59 techniques

Network Information

CountryIDIndonesia
RegionJakarta, Jakarta Raya
ASNAS9326
OrganizationCentrin

Feed Intelligence Summary

11 reports33% confidence
11
Source reports
33%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotasiaattackaustraliaauthentication abuseauthentication attackauthentication brute forcebad reputationbad web botblacklisted domainblacklisted ipblacklisted urlbotnetbotnet activitybotnet c2botnet communicationbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcec2 communicationcisco devicecisco exploitationcisco exploitation attemptscisco ioscommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised system detectionconpot honeypotcowrie honeypotcredential accesscredential harvestingcredential stuffingcredential theftctacve scandata exfiltrationdata store exposuredatabase securityddosddos activityddos attackdecoy systemdevice managementdga domaindionaea honeypotdionaea malware analysisdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringenterprise networkingexploitexploit attemptsexploit kit activityexploitation activityexploitation attemptsfailed loginfattftpftp attacksftp brute forceftp_bruteforceheralding attack patternhoneytrap honeypothttp brute forcehttp communicationhttp scannerhttp_scanhttps communicationhttps_scanics securityididentity & access exploitationindicatorindicators of compromiseindonesiaindustrial control systemsinitial accessinjection activityiociot securityiot/ics attackipphoney honeypotipv4ipv4 attacksirc communicationlamplateral movementlogin attackmailoney honeypotmalicious activitymalicious domainsmalicious payload attemptmalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware distributionmobile threatnetworknetwork activitynetwork attack attemptsnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork-based attack attemptsnorth americaoceaniap0fp2p communicationpassword attackpassword attacksphishingphishing attackphishing trappossible botnet activitypossible ddos activityprocess injectionprotocol exploitationpython script activityransomwarerdp attacksreconnaissanceredis honeypotremote accessremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetserver exploitationservice scansftp attacksmtpsmtp attackssocial engineeringspamspam botsql injectionsql injection attemptssh attackssh attacksssh monitoringssh_bruteforcet-pott1005t1020t1021t1021.001t1021.002t1021.004t1029t1040t1041t1046t1055t1059t1059.003t1059.007t1071t1071.001t1071.002t1071.003t1071.004t1076t1078t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1568t1568.002t1569t1569.002t1571t1573t1573.001t1573.002t1588.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet attackstelnet threattelnet_bruteforcethreat actorthreat detectionthreat intelligencethreat intelligence feedtor nodetpottpotceunauthorized accessunauthorized access attemptunauthorized loginunited statesvnc protocolvoipvoip attackvulnerability scanweb application attackweb attackweb exploitationweb shell attemptweb traffic

Activity Timeline

1 total obs
Apr 1Apr 1

Threat Activity Heatmap

· Peak: 2026-04-01
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
33
SIGNAL
Signal Score
33%
Confidence
11
Reports
First seenFeb 10, 2024
Last seenApr 1, 2026
GeolocationID
CountryIndonesia
LocationJakarta, Jakarta Raya
ASNAS9326
OrgCentrin
Coords-6.1741, 106.8296

VirusTotal

Not checked

WHOIS

raw
inetnum: 124.153.0.0 - 124.153.63.255 netname: CENTRIN descr: PT Centrin Online Prima descr: Internet Service Provider descr: Indonesia descr: Jakarta 12950 country: ID admin-c: NC207-AP tech-c: NC207-AP status: ALLOCATED PORTABLE remarks: Send Spam & Abuse Reports to: [email protected] mnt-by: MNT-APJII-ID mnt-lower: MAINT-ID-CENTRINONLINE mnt-routes: MAINT-ID-CENTRINONLINE mnt-irt: IRT-CENTRIN last-modified: 2024-05-29T11:05:25Z source: APNIC irt: IRT-CENTRIN address: PT Centrin Online Prima address: Jl. Braga 76, Bandung address: Jawa Barat, Indonesia phone: +62 22 4220818 fax-no: +62 22 4220821 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NC207-AP tech-c: NC207-AP auth: # Filtered remarks: timezone GMT+7 irt-nfy: [email protected] mnt-by: MAINT-ID-CENTRINONLINE last-modified: 2025-09-04T04:44:06Z source: APNIC role: NOC CentrinOnline address: Gedung Menara Jamsostek, Menara Utara lt.4 address: Jl. Jend. Gatot Subroto No.38 Jakarta 12710 country: ID phone: +62 21 52961010 fax-no: +62 21 52961510 e-mail: [email protected] remarks: send spam and abuse reports to [email protected] remarks: Please include detailed information and times in UTC admin-c: SS36-AP tech-c: SS36-AP nic-hdl: NC207-AP remarks: http://www.centrin.net.id notify: [email protected] mnt-by: MAINT-ID-CENTRINONLINE last-modified: 2011-12-06T00:11:00Z source: APNIC inetnum: 124.153.0.0 - 124.153.63.255 netname: CENTRIN descr: PT Centrin Online Prima descr: Internet Service Provider descr: Indonesia descr: Jakarta 12950 country: ID admin-c: NC207-AP tech-c: NC207-AP status: ALLOCATED PORTABLE remarks: Send Spam & Abuse Reports to: [email protected] mnt-by: MNT-APJII-ID mnt-lower: MAINT-ID-CENTRINONLINE mnt-routes: MAINT-ID-CENTRINONLINE mnt-irt: IRT-CENTRIN last-modified: 2024-05-29T11:11:56Z source: IDNIC irt: IRT-CENTRIN address: PT Centrin Online Prima address: Jl. Braga 76, Bandung address: Jawa Barat, Indonesia phone: +62 22 4220818 fax-no: +62 22 4220821 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NC207-AP tech-c: NC207-AP remarks: timezone GMT+7 irt-nfy: [email protected] mnt-by: MAINT-ID-CENTRINONLINE last-modified: 2016-08-30T07:12:55Z source: IDNIC auth: # Filtered role: NOC CentrinOnline address: Gedung Menara Jamsostek, Menara Utara lt.4 address: Jl. Jend. Gatot Subroto No.38 Jakarta 12710 country: ID phone: +62 21 52961010 fax-no: +62 21 52961510 e-mail: [email protected] remarks: send spam and abuse reports to [email protected] remarks: Please include detailed information and times in UTC admin-c: SS36-AP tech-c: SS36-AP nic-hdl: NC207-AP remarks: http://www.centrin.net.id notify: [email protected] mnt-by: MAINT-ID-CENTRINONLINE last-modified: 2011-12-06T00:11:00Z source: IDNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 2 months ago
Appeared in 11 threat reports