103.179.254.71 Threat Intelligence and Host Information

Share on:
Mar 12, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, Nextray, SSH, cowrie, cyber security, ioc, malicious, phishing, ssh, tsec

  • View other sources: Spamhaus VirusTotal

  • Country:
  • Network: AS136052 pt cloud hosting indonesia
  • Noticed: 37 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: server.rekapos.com apps.systemlemon.com systemlemon.com www.systemlemon.com dafol.livasya.id apps.rekaapps.com dafol.klinikprimecenter.id api.rsudjunjungbesaoh.id www.mjbtegal.com mjbtegal.com dayapancaraya.com www.dayapancaraya.com ncmpemalang.com www.ncmpemalang.com bjppemalang.com gemilangpancarlautan15.com www.gemilangpancarlautan15.com laspemalang.com www.laspemalang.com gsacsamuderabatang.com www.gsacsamuderabatang.com app.digitalgss.com api.netraklinik3.id

Malware Detected on Host

Count: 1 e9f20216838958d4ef2b72d789f03962a8b7569ecd4924da5d6f11e3063937cd

Open Ports Detected

1080 2000 443 80 8888

CVEs Detected

CVE-2006-20001 CVE-2022-22719 CVE-2022-22720 CVE-2022-22721 CVE-2022-23943 CVE-2022-26377 CVE-2022-28330 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30556 CVE-2022-31813 CVE-2022-36760 CVE-2022-37436

Map

Whois Information

  • inetnum: 103.179.254.0 - 103.179.255.255
  • netname: IDNIC-AWANIO-ID
  • descr: PT Awan Komputasi Teknologi
  • descr: Corporate / Direct Member IDNIC
  • descr: Jl. Sabilillah No. 18 RT 001/003
  • descr: Kel. Medan Satria, Kec. Medan Satria, Kota Bekasi
  • admin-c: IS279-AP
  • tech-c: IS279-AP
  • country: ID
  • mnt-by: MNT-APJII-ID
  • mnt-lower: MAINT-ID-AWANIO
  • mnt-irt: IRT-AWANIO-ID
  • mnt-routes: MAINT-ID-AWANIO
  • status: ALLOCATED PORTABLE
  • last-modified: 2022-01-20T09:49:11Z
  • irt: IRT-AWANIO-ID
  • address: PT. Awan Komputasi Teknologi
  • address: Platform as a Service Provider
  • address: Jln. Sabilillah N0.18, RT01/RW03
  • address: Medan Satria, Kota Bekasi
  • address: Jawa Barat
  • e-mail: [email protected]
  • abuse-mailbox: [email protected]
  • admin-c: IS279-AP
  • tech-c: IS279-AP
  • mnt-by: MAINT-ID-AWANIO
  • last-modified: 2022-01-20T09:26:46Z
  • person: Iskandar Soesman
  • address: Jalan Nurul Iman 9 rt 08 rw 01 no 112 kampung dua jakasampurna
  • address: Bekasi 17145, Indonesia
  • country: ID
  • phone: +62-819-3200-6732
  • e-mail: [email protected]
  • nic-hdl: IS279-AP
  • mnt-by: MAINT-ID-AWANIO
  • last-modified: 2022-01-20T09:27:21Z

Links to attack logs

dolondon-ssh-bruteforce-ip-list-2023-01-09 dolondon-ssh-bruteforce-ip-list-2022-12-29

Links to attack logs

dolondon-ssh-bruteforce-ip-list-2023-01-09 dolondon-ssh-bruteforce-ip-list-2022-12-29