IPMediumSignal 81/100
36.91.166.34
Location
IndonesiaBandung, BT
ASN
AS7713
Telekomunikasi Indonesia
First Seen
Jan 26, 2022
Last Seen
May 30, 2026
Found in 31 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryIndonesia
IndonesiaRegionBandung, BT
ASNAS7713
OrganizationTelekomunikasi Indonesia
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
31 reports81% confidence
31
Source reports
81%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningaggressive-detectionanomalous network connectionsapacheaptasiaattackattack source ipattack-attemptattacker-ipattempted compromiseaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauthentication failuresauthentication-attemptsautomated attackautomated attacksautomated botnet activitybad reputationbad web botblacklisted ipblock listblock.txtblocked ipblocked ip addressesblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcbrute-forcebrute-force-ftpbrute-force-sshbrute-force-webbruteforcec2c2 communicationc2 serverchinachina mobileciscocisco devicecisco device attackcisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand-injectioncommon exploit probingcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnection-resetcowriecowrie datacowrie honeypotcredential accesscredential attackcredential attackscredential harvestingcredential stuffingcredential-accesscredential-stuffingctacyber securitydaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackddos attemptdecoy systemdefensedenial of servicedenial-of-servicedenial-of-service attemptdevice managementdigital oceandionaeadionaea honeypotdirectory-bruteforcedistributed attacksdnsdns attackencryptionenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexport-to-otxexternal attackexternal_scanningfail2ban activityfail2ban alertfail2ban blockfail2ban eventfail2ban triggerfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfailed loginsfattfilefinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttp/shttpshurricane usididentity & access exploitationimapimap brute forceindiaindicatorindonesiainfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial-accessinjection activityinjection attacksinternet-facingintrusion attemptsintrusion detectioninvalid loginiociot securityiot targetedip-addressipv4ipv4 attacksit infrastructurelamplamp server targetinglateral movementlcialinux-server-attacksloginlogin attacklogin attemptlogin attemptslogin brute forcelogin failuremailmailoney honeypotmalaysiamalicious activitymalicious file transfermalicious ip activitymalicious loginmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware distributionmalware propagation attemptmanualmispmod securitymultiple failed loginsnetworknetwork activitynetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork traffic analysisnetwork_enumerationnextraynorth americanoticeoceaniaopen proxyopenctiotxp0fpassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpgp signphishingphishing attackphishing trapping of deathpolandpop3 brute forceport-scanport-scanningportscanpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationprotocol-probingproxyransomwarereconnaissancereconnaissance activityremote accessremote access attemptremote servicesresearchedresource hijackingscams & fraudscanscannerscannersscanning activityscripting attackssecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetserver compromise attemptservice scansftpsftp access attemptsftp access attemptssftp attacksftp exploitation attemptssingaporesipsip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsoftware developmentspamsql-injectionsshssh attackssh bruteforcessh monitoringssh scanningswedent-pott1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1550t1552.001t1555t1555.001t1555.002t1555.003t1555.004t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1573.002t1574t1574.001t1574.002t1574.009t1583t1583.001t1583.002t1583.003t1583.004t1583.005t1583.006t1584t1584.001t1584.002t1584.003t1584.004t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1589t1589.002t1590t1590.001t1591t1591.001t1591.002t1592t1592.001t1592.002t1592.003t1592.004t1594t1595t1595.001t1595.002t1595.003t1598t1598.001t1598.002t1598.003t1598.004t1608t1608.001t1608.002t1608.003t1608.004t1609t1613tannertargeting databasetcp protocoltcp scantelecommunicationstelnettelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventionthreat-inteltimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesus abuseus nonevalid accountsvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanvultrweb app attackweb application attackweb attackweb brute forceweb exploitationweb spamweb trafficweb-attack
Activity Timeline
May 30May 30
Threat Activity Heatmap
· Peak: 2026-05-30LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
31
Reports
First seenJan 26, 2022
Last seenMay 30, 2026
GeolocationID
CountryIndonesia
LocationBandung, BT
ASNAS7713
OrgTelekomunikasi Indonesia
Coords-6.1143, 106.1503
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- every host is banned for 3 hours and receives an abuse report from me every 96 hours if it continues
- raw
- inetnum: 36.64.0.0 - 36.95.255.255 netname: TELKOMNET descr: PT Telekomunikasi Indonesia descr: Menara Multimedia Lt. 7 descr: Jl. Kebon Sirih No. 12 descr: JAKARTA - 10340 country: ID org: ORG-TI10-AP admin-c: AZ163-AP tech-c: FS370-AP abuse-c: AI598-AP status: ALLOCATED PORTABLE remarks: For SPAM or ABUSE case, send to [email protected] remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-TELKOMNET mnt-routes: MAINT-TELKOMNET mnt-irt: IRT-IDTELKOM-ID last-modified: 2020-07-29T13:14:29Z source: APNIC irt: IRT-IDTELKOM-ID address: PT. TELKOM INDONESIA address: Indibiz Experience Center 3rd Floor address: Kebon Sirih No 36 address: Jakarta e-mail: [email protected] abuse-mailbox: [email protected] admin-c: RFR2-AP tech-c: TP630-AP auth: # Filtered remarks: [email protected] was validated on 2025-04-15 mnt-by: MAINT-TELKOMNET last-modified: 2025-04-15T06:32:42Z source: APNIC organisation: ORG-TI10-AP org-name: Telekomunikasi Indonesia (PT) org-type: LIR country: ID address: PT Telkom - Divisi Digital Connectivity Service address: Gedung Indibiz Experience Center 3rd Floor address: Sub Divisi Internet Product and Traffic Management Jalan Kebon Sirih No.36 address: Jalan Merdeka Selatan No .12 phone: +62-21-3447070 fax-no: +62-21-3861215 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2025-02-26T13:00:34Z source: APNIC role: ABUSE IDTELKOMID country: ZZ address: PT. TELKOM INDONESIA address: Indibiz Experience Center 3rd Floor address: Kebon Sirih No 36 address: Jakarta phone: +000000000 e-mail: [email protected] admin-c: RFR2-AP tech-c: TP630-AP nic-hdl: AI598-AP remarks: Generated from irt object IRT-IDTELKOM-ID remarks: [email protected] was validated on 2025-04-15 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-04-15T06:33:12Z source: APNIC person: Akhmad Zaimi address: GSD Lt.14 Jl. Kebon Sirih No.12 country: ID phone: +62-21-3860500 e-mail: [email protected] nic-hdl: AZ163-AP mnt-by: MAINT-TELKOMNET last-modified: 2010-12-20T01:33:46Z source: APNIC person: Febrian Setiadi address: GSD Lt 14 Jl. Kebon Sirih No.12 country: ID phone: +62-21-3860500 e-mail: [email protected] nic-hdl: FS370-AP mnt-by: MAINT-TELKOMNET last-modified: 2010-12-20T01:30:54Z source: APNIC route: 36.91.166.0/24 descr: PT Telekomunikasi Indonesia origin: AS7713 mnt-by: MAINT-TELKOMNET last-modified: 2018-10-01T06:34:33Z source: APNIC
- references
- https://purplesynapz.com/, https://voidvendor.com/intel, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-12/, https://redpiranha.net, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/digitaloceanlondon-ssh-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrmelbournetest-ssh-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/vultrtokyo-ssh-bruteforce-ip-list-2026-03-21/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/digitaloceansingapore-ssh-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2026-03-19/, https://jamesbrine.com.au/bruteforce-ip-list-2026-02-13/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 16 days ago
Appeared in 31 threat reports