103.159.132.70 Threat Intelligence and Host Information

Sep 23, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 103.159.132.70 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

Mitre ATT&CK IDs: T1036 - Masquerading, T1055 - Process Injection, T1059 - Command and Scripting Interpreter, T1105 - Ingress Tool Transfer, T1140 - Deobfuscate/Decode Files or Information, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing, T1574 - Hijack Execution Flow
Tags: Bronze President, Malware, Mustang Panda, Nextray, RedDelta, asia, belarus, bruteforce, cisco secure, cobalt strike, cyber security, digital ocean, february, implant, ioc, iocs hashes, june, malicious, march, meterpreter, mssql, mustang panda, myanmar, panda, phishing, plugx, plugx implant, reddelta, russia, shellcode, ukraine, umbrella, urls
View other sources: Spamhaus VirusTotal

Country: Malaysia
Network: AS55720 gigabit hosting sdn bhd
Noticed: 1 times
Protcols Attacked: mssql
Countries Attacked: Canada, China, Czechia, Denmark, Estonia, France, Germany, Hong Kong, Latvia, Lithuania, Mongolia, Myanmar, Norway, Poland, Romania, Russian Federation, Taiwan, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: getcompplan.com

Open Ports Detected

135

Map

Whois Information

inetnum: 103.159.132.0 - 103.159.133.255
netname: FBP-MY
descr: Furcop Blockchain PLT
country: MY
org: ORG-FBP1-AP
admin-c: FBPA1-AP
tech-c: FBPA1-AP
abuse-c: AF701-AP
status: ALLOCATED PORTABLE
mnt-by: APNIC-HM
mnt-lower: MAINT-FBP-MY
mnt-routes: MAINT-FBP-MY
mnt-irt: IRT-FBP-MY
last-modified: 2021-06-16T13:03:51Z
irt: IRT-FBP-MY
address: 2nd Floor Lot 10524 Jalan Tun Jugah, Kuching Sarawak 93350
e-mail: abuse@solemn.host
abuse-mailbox: abuse@solemn.host
admin-c: FBPA1-AP
tech-c: FBPA1-AP
mnt-by: MAINT-FBP-MY
last-modified: 2023-07-26T01:17:25Z
organisation: ORG-FBP1-AP
org-name: Furcop Blockchain PLT
org-type: LIR
country: MY
address: 2nd Floor Lot 10524 Jalan Tun Jugah
phone: +601131954547
fax-no: +601131954547
e-mail: admin@solemn.host
mnt-ref: APNIC-HM
mnt-by: APNIC-HM
last-modified: 2023-09-05T02:18:12Z
role: ABUSE FBPMY
address: 2nd Floor Lot 10524 Jalan Tun Jugah, Kuching Sarawak 93350
country: ZZ
phone: +000000000
e-mail: abuse@solemn.host
admin-c: FBPA1-AP
tech-c: FBPA1-AP
nic-hdl: AF701-AP
abuse-mailbox: abuse@solemn.host
mnt-by: APNIC-ABUSE
last-modified: 2023-07-26T01:17:43Z
role: Furcop Blockchain PLT administrator
address: 2nd Floor Lot 10524 Jalan Tun Jugah, Kuching Sarawak 93350
country: MY
phone: +082752749
fax-no: +082752749
e-mail: abuse@solemn.host
admin-c: FBPA1-AP
tech-c: FBPA1-AP
nic-hdl: FBPA1-AP
mnt-by: MAINT-FBP-MY
last-modified: 2020-11-30T06:30:19Z
route: 103.159.132.0/24
origin: AS55720
descr: Furcop Blockchain PLT
mnt-by: MAINT-FBP-MY
last-modified: 2021-06-11T13:12:46Z

Links to attack logs

dofrank-mssql-bruteforce-ip-list-2022-06-19

Share on: