IPMediumSignal 65/100
210.79.142.221
Location
IndonesiaKertosono, East Java
ASN
AS141607
PT Cakrawala Link Nusantara
First Seen
Mar 17, 2025
Last Seen
Jun 14, 2026
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryIndonesia
IndonesiaRegionKertosono, East Java
ASNAS141607
OrganizationPT Cakrawala Link Nusantara
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
29 reports65% confidence
29
Source reports
65%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount takeover attemptactive scanactive scanningaggressive-detectionapacheapache attackerapplication layer protocolaptasiaattackattack source identificationattack source ipattack source: gbattacker-ipattacking-ipsaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication_attackauthentication_bypassautomated attackautomated attacksautomated threatbad reputationbad web botblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcebruteforcec2 communicationc2 serverchinaciscocisco devicecisco device attackcisco exploit attemptscisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostcompromised hostsconnection-resetcowriecowrie datacowrie honeypotcowrie interactionscredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential stuffing attemptscredential_accessdata encryptiondata exfiltrationdata store exposuredata theftdatabase securityddosddos attackddos preparationddos preventiondecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdigital oceandigitalocean cliftondigitalocean vpsdionaeadionaea honeypotdionaea interactionsdistributed attacksdnsdns attackencryptionenterprise networkingenumerationeu cyber policieseuropeexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostexport-to-otxexternal attackexternal remote servicesfail2ban alertfail2ban alertsfail2ban blockedfail2ban blocked ipfail2ban blocked ipsfail2ban detectedfail2ban eventfail2ban logsfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfatt signaturesfilefinlandfirewall eventsfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegame_servergb-based trafficgb-originating trafficgb_origingermanyhackinghoneypot 24h activityhoneytrap honeypothoneytrap interactionshttp brute forcehttp enumerationhttp probinghttp scannerididentity & access exploitationimap brute forceindicatorindicators-of-compromiseindonesiainfoinformation technologyinfrastructure scanninginitial accessinjection activityinjection attacksinternet-facingintrusion attemptintrusion detectioninvalid user attemptsiociot securityiot targetedipv4ipv4 attacksipv4_addressit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp exploit attemptslamp server targetinglamp stack targetinglateral movementlcialinux server targetinglogin attacklogin attackslogin attemptlogin attempt failureslogin attemptslogin brute forcelogin brute-forcelogin failurelogin failureslow-riskmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious file transfermalicious ipsmalicious payloadmalicious sftp activitymalicious sftp loginmalicious softwaremalicious ssh activitymalicious ssh loginmalwaremalware behaviourmalware capturemalware distributionmispmultiple failed loginsnetworknetwork accessnetwork activitynetwork attacksnetwork brute forcenetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork trafficnetwork traffic analysisnetwork_service_exploitationnorth americanoticenull scanoceaniaopen proxyopencanaryopenctiopportunistic-attackosintp0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingperthphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible brute forcepotential botnetpotential malware uploadprocess injectionproject_gifted1protocol exploitationprotocol-probingproxyransomwareraspberry-pireconnaissanceredis honeypotredishoneypotregional securityremote accessremote access attemptremote access attemptsremote service exploitationremote service interactionremote servicesremote_accessresearchresearchedresource hijackingscams & fraudscanscannerscannersscanning activitysecurity eventsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver exploitationservice exploitationservice scansftpsftp attackshell command executionsingaporesipsip brute forcesip scanningsipvicious scansmtpsmtp brute forcesmtp probingsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsshssh attackssh brute-forcessh bruteforcessh monitoringssh scanningssh-brutestaging_serversuricata alertsswedensyn scansystem accesst-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1055t1059t1059.003t1059.004t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1583t1583.001t1583.006t1588t1588.002t1588.003t1588.004t1589t1589.002t1590t1591t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat-intelligencetor nodetpottpotceudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptsunauthorized shell accessunited kingdomunited statesutc+1:00valid accountsvnc protocolvoidtrapvoipvoip attackvpnvpn ipvpsvps securityvulnerability scanvulnerability-scanningvultrweb app attackweb application attackweb brute forceweb exploitationweb loginweb spamweb trafficworker_strikexmas scan
Activity Timeline
Jun 14Jun 14
Threat Activity Heatmap
· Peak: 2026-06-14LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
29
Reports
First seenMar 17, 2025
Last seenJun 14, 2026
GeolocationID
CountryIndonesia
LocationKertosono, East Java
ASNAS141607
OrgPT Cakrawala Link Nusantara
Coords0.0000, 0.0000
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- every host is banned for 3 hours and receives an abuse report from me every 96 hours if it continues
- raw
- inetnum: 210.79.142.0 - 210.79.143.255 netname: IDNIC-CLN-ID descr: PT Cakrawala Link Nusantara descr: Corporate / Direct Member IDNIC descr: Tulungagung descr: Jawa Timur admin-c: AU331-AP tech-c: AU331-AP remarks: Send Spam & Abuse Reports to: [email protected] country: ID mnt-by: MNT-APJII-ID mnt-irt: IRT-CLN-ID mnt-routes: MAINT-ID-CLN status: ASSIGNED PORTABLE last-modified: 2023-11-29T00:43:16Z source: APNIC irt: IRT-CLN-ID address: PT. CAKRAWALA LINK NUSANTARA address: Tulungagung address: Jawa Timur e-mail: [email protected] abuse-mailbox: [email protected] admin-c: AU331-AP tech-c: AU331-AP mnt-by: MAINT-ID-CLN auth: # Filtered last-modified: 2023-11-29T00:14:01Z source: APNIC person: Arif Ubaidillah address: Tulungagung address: Jawa Timur country: ID e-mail: [email protected] phone: +6285755295913 nic-hdl: AU331-AP mnt-by: MAINT-ID-CLN last-modified: 2023-11-29T00:08:13Z source: APNIC inetnum: 210.79.142.0 - 210.79.143.255 netname: IDNIC-CLN-ID descr: PT Cakrawala Link Nusantara descr: Corporate / Direct Member IDNIC descr: Tulungagung descr: Jawa Timur admin-c: AU331-AP tech-c: AU331-AP remarks: Send Spam & Abuse Reports to: [email protected] country: ID mnt-by: MNT-APJII-ID mnt-irt: IRT-CLN-ID mnt-routes: MAINT-ID-CLN status: ASSIGNED PORTABLE last-modified: 2024-03-04T04:45:19Z source: IDNIC irt: IRT-CLN-ID address: PT. CAKRAWALA LINK NUSANTARA address: Tulungagung address: Jawa Timur e-mail: [email protected] abuse-mailbox: [email protected] admin-c: AU331-AP tech-c: AU331-AP mnt-by: MAINT-ID-CLN auth: # Filtered last-modified: 2024-03-04T04:45:19Z source: IDNIC person: Arif Ubaidillah address: Tulungagung address: Jawa Timur country: ID e-mail: [email protected] phone: +6285755295913 nic-hdl: AU331-AP mnt-by: MAINT-ID-CLN last-modified: 2024-03-04T04:45:28Z source: IDNIC
- references
- https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrwarsaw-ssh-bruteforce-ip-list-2025-08-09/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2025-08-09/, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-07/, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-01/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/vultrwarsaw-ssh-bruteforce-ip-list-2025-07-26/, ip.txt, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 13 days ago
Appeared in 29 threat reports