IOC Radar
IPMediumSignal 83/100

125.18.49.130

Location
IndiaIndia
Bengaluru, KA
ASN
AS9498
KPIT Cummins Infosystems Ltd
First Seen
Mar 17, 2025
Last Seen
May 27, 2026
Mar 17
First Seen
454d ago
May 27
Last Seen
18d ago
15
Reports
source reports
83%
Confidence
medium
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Network Information

CountryINIndia
RegionBengaluru, KA
ASNAS9498
OrganizationKPIT Cummins Infosystems Ltd

Feed Intelligence Summary

15 reports83% confidence
15
Source reports
83%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapplication layer protocolasiaasnattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication failurebad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute-forcbrute-forcebrute_forcec2 servercliftoncocos (keeling) islandscommand & controlcommand and controlcompromise attemptcompromised hostscowrie honeypotcredential accesscredential stuffingcredential_accessdata exfiltrationdata store exposuredata theftddosddos mitigationdecoy systemdenial of servicedigitalocean cliftondigitalocean vpsdistributed attackseuropeexecutable fileexploitationexploitation activityfail2ban blockfailed loginfailed login attemptsftpftp brute forcegame_servergeographic locationgeoiphackinghttp brute forceidentity & access exploitationinindiaindicatorinfoinformation technologyinjection activityintrusion detectioniocip.txtit infrastructurelogin attacklogin attemptlogin brute forcelogin failuremalicious activitymalicious payloadmalicious softwaremalwaremalware distributionnetworknetwork intrusionnetwork intrusion attemptnetwork intrusion detectionnetwork layer protocolnetwork scannetwork scanningnetwork service scanningnetwork traffic analysisnoticeoceaniapassword attackpassword attacksphishingprocess injectionransomwarereconnaissanceremote accessremote service exploitationremote servicesresearchedscannerscanning activitysecurity monitoringsecurity operationssecurity policyservice scansftp attacksmtp brute forcesocradar honeypotsoftware developmentspamsshssh attackssh brute-force attemptssh monitoringstaging_serverswedent1021t1021.001t1021.002t1021.003t1021.004t1021.006t1041t1046t1055t1059t1059.001t1059.004t1071t1071.001t1078t1078.001t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1573t1588t1588.002t1589t1589.002t1595t1595.001t1595.002t1595.003tcp scanthreat actorthreat intelligencethreat preventiontor nodeudp scanunauthorized accessunauthorized access attemptsunited kingdomutc+1:00valid accountsvpsvps securityvulnerability scanweb application attackweb exploitation

Activity Timeline

1 total obs
May 27May 27

Threat Activity Heatmap

· Peak: 2026-05-27
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
15
Reports
First seenMar 17, 2025
Last seenMay 27, 2026
GeolocationIN
CountryIndia
LocationBengaluru, KA
ASNAS9498
OrgKPIT Cummins Infosystems Ltd
Coords12.9634, 77.5855

VirusTotal

Not checked

WHOIS

description
Banned by Fail2Ban [sshd]
raw
inetnum: 125.16.0.0 - 125.23.255.255 netname: BHARTI-IN descr: BHARTI INFOTEL LTD. descr: ISP Division , Long Distance Group - Telesonic descr: 234 , Okhala Phase III descr: NEW DELHI descr: INDIA country: IN org: ORG-BAL1-AP admin-c: NA40-AP tech-c: NA40-AP abuse-c: AB914-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-IN-BBIL mnt-routes: MAINT-IN-BBIL mnt-irt: IRT-BHARTI-TELEMEDIA-IN last-modified: 2020-05-16T21:36:43Z source: APNIC irt: IRT-BHARTI-TELEMEDIA-IN address: Bharti Airtel Ltd. e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NS282-AP tech-c: NS282-AP auth: # Filtered remarks: [email protected] was validated on 2025-06-01 remarks: [email protected] was validated on 2025-08-03 mnt-by: MAINT-IN-TELEMEDIA last-modified: 2025-08-03T10:17:08Z source: APNIC organisation: ORG-BAL1-AP org-name: Bharti Airtel Limited org-type: LIR country: IN address: Transport Network Group address: 234, Okhla Phase III phone: +911244282398 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:45Z source: APNIC role: ABUSE BHARTITELEMEDIAIN country: ZZ address: Bharti Airtel Ltd. phone: +000000000 e-mail: [email protected] admin-c: NS282-AP tech-c: NS282-AP nic-hdl: AB914-AP remarks: Generated from irt object IRT-BHARTI-TELEMEDIA-IN remarks: [email protected] was validated on 2025-06-01 remarks: [email protected] was validated on 2025-08-03 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-08-03T10:17:17Z source: APNIC person: Network Administrator nic-hdl: NA40-AP e-mail: [email protected] address: Bharti Airtel Ltd. address: ISP Division - Transport Network Group address: Plot no.16 , Udyog Vihar , Phase -IV , Gurgaon - 122015 , Haryana , INDIA address: Phase III, New Delhi-110020, INDIA phone: +91-124-4222222 fax-no: +91-124-4244017 country: IN mnt-by: MAINT-IN-BBIL last-modified: 2018-12-18T12:52:19Z source: APNIC route: 125.18.49.0/24 descr: BHARTI-IN descr: Bharti Tele-Ventures Limited descr: Class A ISP in INDIA . descr: 234 , OKHLA PHASE III , descr: NEW DELHI descr: INDIA country: IN origin: AS9498 mnt-by: MAINT-IN-BBIL last-modified: 2008-09-04T07:54:36Z source: APNIC
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, ip.txt, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 18 days ago
Appeared in 15 threat reports