IOC Radar
IPMediumSignal 64/100

171.25.193.25

Location
NetherlandsNetherlands
Stockholm, Stockholm County
ASN
AS198093
DFRI
First Seen
Aug 26, 2020
Last Seen
Jun 5, 2026
Aug 26
First Seen
2131d ago
Jun 5
Last Seen
22d ago
48
Reports
source reports
64%
Confidence
medium
Found in 48 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
64%
Signal Score
64 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

96 techniques

Network Information

CountryNLNetherlands
RegionStockholm, Stockholm County
ASNAS198093
OrganizationDFRI

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

48 reports64% confidence
48
Source reports
64%
Confidence score
Category tags
#supportsitewebsiteabuse #rootcertificatefailure #cryptographicfabuseipdbaccess controlaccount compromiseacintactive scanactive scanningadbhoney honeypotaerospace & defenseagentalexaalexa topall searchanonymity network abuseanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyapi blogapple security bypassapplication layer protocolartemisas path poisoningasaattackattack infrastructureattack sourceattack-vector:brute-forceattack-vector:port-scanaustraliaauthentication abuseauthentication attacksauthentication attemptsauto-generated securityautoitautomated feedautomated network attacksautomated_attackautomotive manufacturingbad reputationbad web botbgpblacknet ratblockerbodybotnetbotnet activitybotnet c2botnet indicatorsbrute forcebrute force attackbrute force attacksbrute-forcebrute_forcebrute_force_attackbundledc2c2 addressesc2 communicationc2 infrastructurec2 servercertcisco devicecisco umbrellacivil servicesclassclick-based attackcloud infrastructurecloud infrastructure attackcloud servicescnwe1 ogooglecode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication technologiescompromised hostcompromised host indicatorscompromised hostscompromised infrastructure indicatorscompromised ios deviceconduitcore network compromisecowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcryptcryptocurrencycsv geoipcus subjectcymtdarkforumsdata encryptiondata exfiltrationdata interceptiondata store exposuredata theftdatabase securitydbatloaderddosddos attackddos attacksde summarydecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedetection listdevice managementdionaea honeypotdirectory traversaldistributed attacksdnsdns attackdocs pricingdownldrdownloaderdropperedge infrastructure exploitelectronics manufacturingemotetencryptionenterprise networkingenumerationenumeration activityerroret toreuropeevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexecutable fileexisting pulseexitexit nodeexploit exploitationexploitation activityexploited hostexternal threatfailed login attemptsfattfeedfeed-harvestfeodofeodo trackerfeodo-trackerfilefilerepmalwarefireholfirmware attackftpftp brute forceftp_attemptsftp_brute_forcegeckogeneratorgenericgeofencing malwareget httpsgoogle safegovernment technologyhackinghashhashes filesheurhoneytrap honeypothttp attackhttp brute forcehttp scannerhttp/shttp_httpshttpshybridi2p networkidentity & access exploitationidmsa abuseindicatorindicatorsindicators of compromiseindicators_of_compromiseindustrial automationindustrial iotindustrial productioninformation technologyinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksinput validationinter-as route manipulationinternet of thingsintrusion detectioniobitiociocsiosiot botnetiot securityiot/ics attackipv4iratait infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashingjtag exploitationkhtmlknown torlamplateral movementlateral network movementload balancerlocalloginlondonmailoney honeypotmalicious activitymalicious domainmalicious domainsmalicious filemalicious hashesmalicious ipsmalicious linksmalicious sitemalicious softwaremalicious urlsmalicious_activitymalicious_ip_activitymalwaremalware behaviourmalware capturemalware communicationmalware distributionmalware domainmalware domainsmalware downloadmalware indicatorsmalware sitemalware urlsman-in-the-middlemanufacturing technologymetadata analysismilitary operationsmillionmirai botnetmisc attackmitre attmobile carriersmobile networksmobile threatmonthlyname filename verdictnational securitynemucodnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork infrastructure attacknetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork trafficnetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenew pulsenextraynode trafficnumberoceaniaopen proxyopenphish feedopenphish iocotx octoseekp0fpassive dnspassword attackpassword attackspattern matchpdfpe resourcepegasusloaderpersistence mechanismphishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing sitephishing trapphishing urlsping of deathpmic manipulationpossible credential stuffingpotential botnet activitypredatorprocess injectionprocess manufacturingprotocol exploitationprotocol scanningprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy abuseproxy ipsproxy networkproxy serverproxy serverspublic administrationpublic infrastructurepublic policyquality controlransomransomwareratrdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityrefreshregulatory agenciesrelated nidsremote accessremote servicesresearchedresource hijackingrmsrostpayrouting protocolsafe sitesamplesscan endpointsscannerscannersscanning activityscriptsesearch engine overlaysearch livesecurity operationssecurity policysecurity_eventsensor-taggedsentrypeer botnetserversservice discoveryservice enumerationservice scanservice scanningsftp attacksitesmtpsocial engineeringsocial media securitysocks5software developmentsoftware exploitationsophisticated firmware persistencesorry index networkspamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropspansql injectionsshssh attackssh monitoringssh_attemptsssh_brute_forcesshvpnssl blacklistssl certificatessl certificatessslblsslblackliststealerstixstix feedstringssummarysupply chain attacksupply chain compromisesupply chain managementsuspected malicious activitysuspicious-udpswedensyn scant-pott1005t1016t1018t1021t1021.001t1021.002t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1059t1059.003t1059.004t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1083t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1098.004t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1113t1133t1140t1189t1190t1192t1195t1195.001t1195.002t1199t1203t1204t1204.001t1204.002t1210t1480t1486t1496t1499.001t1499.002t1499.003t1542.001t1542.005t1550t1555t1563t1564.001t1564.003t1565t1566t1566.001t1566.002t1566.003t1571t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.005t1592t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003t1608tannertargeting databasetcp protocoltcp scanningtelecom servicestelecommunicationstelnet threattelnet_attemptstexttext geoip6text statethreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat reportthreat-actor:unattributedthreat-intelthreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtier-1 network vulnerabilitytls fingerprinttoolstortor activitytor exit nodetor exit nodestor networktor network activitytor nodetor-exit-nodestor-guard-nodestor_exit_nodetorexittorexitnodestpottrojan malwaretrojanspytrojanxtrustturkeyunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunited kingdomunited statesunknown threat actorunsafeurlhaususer executionutorrentvoipvoip attackvpnvpn ipvpn networkvpn servicevpn trafficvulnerability scanwacatacwafweb app attackweb application attackweb exploitationweb hostingweb scannerweb securityweb spamweb trafficwhois recordwhois whoiswi-fi password theftwin32 exewindows ntxratxssyakes

Activity Timeline

1 total obs
Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
64
SIGNAL
Signal Score
64%
Confidence
48
Reports
First seenAug 26, 2020
Last seenJun 5, 2026
GeolocationNL
CountryNetherlands
LocationStockholm, Stockholm County
ASNAS198093
OrgDFRI
Coords59.3247, 18.0560
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
raw
inetnum: 171.25.193.0 - 171.25.193.255 netname: SE-TORNET country: SE org: ORG-DFRI1-RIPE admin-c: ER6905-RIPE admin-c: EJ1830-RIPE admin-c: JN9999 tech-c: JN9999 tech-c: ER6905-RIPE tech-c: EJ1830-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-END-MNT mnt-by: DFRI-MNT mnt-routes: DFRI-MNT mnt-domains: DFRI-MNT created: 2012-01-13T14:21:25Z last-modified: 2023-02-26T08:58:54Z source: RIPE # Filtered sponsoring-org: ORG-KA113-RIPE organisation: ORG-DFRI1-RIPE org-name: Foreningen for digitala fri- och rattigheter country: SE descr: DFRI remarks: https://dfri.se/ org-type: OTHER address: Box 3644 address: SE-103 59 STOCKHOLM phone: +460700178928 abuse-c: DA4271-RIPE mnt-ref: DFRI-MNT mnt-by: DFRI-MNT created: 2011-09-23T08:15:50Z last-modified: 2022-12-01T16:22:10Z source: RIPE # Filtered person: Erik Jaderberg address: Box 3644 address: SE-103 59 STOCKHOLM phone: +46767874761 mnt-by: DFRI-MNT created: 2023-02-26T08:29:33Z last-modified: 2023-02-26T08:29:33Z source: RIPE # Filtered nic-hdl: EJ1830-RIPE person: Elias Rudberg address: Box 3644 address: SE-103 59 STOCKHOLM phone: +46704990412 created: 2023-02-26T08:26:53Z last-modified: 2023-02-26T08:26:53Z source: RIPE # Filtered nic-hdl: ER6905-RIPE mnt-by: DFRI-MNT person: Johan Nilsson address: Box 3644 address: SE-103 59 STOCKHOLM phone: +46700178928 nic-hdl: JN9999 mnt-by: DFRI-MNT created: 2012-06-09T13:39:59Z last-modified: 2014-03-31T16:23:52Z source: RIPE # Filtered route: 171.25.193.0/24 descr: DFRI origin: AS198093 org: ORG-DFRI1-RIPE mnt-by: DFRI-MNT created: 2012-01-20T13:28:05Z last-modified: 2012-01-20T13:28:05Z source: RIPE organisation: ORG-DFRI1-RIPE org-name: Foreningen for digitala fri- och rattigheter country: SE descr: DFRI remarks: https://dfri.se/ org-type: OTHER address: Box 3644 address: SE-103 59 STOCKHOLM phone: +460700178928 abuse-c: DA4271-RIPE mnt-ref: DFRI-MNT mnt-by: DFRI-MNT created: 2011-09-23T08:15:50Z last-modified: 2022-12-01T16:22:10Z source: RIPE # Filtered
references
https://ltna.com.au/cyber

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 22 days ago
Appeared in 48 threat reports