IOC Radar
IPMediumSignal 54/100

204.76.203.125

Location
Saint Kitts and NevisSaint Kitts and Nevis
Eygelshoven, Limburg
ASN
AS51396
Intelligence Hosting LLC
First Seen
Jan 29, 2025
Last Seen
Jun 17, 2026
Jan 29
First Seen
510d ago
Jun 17
Last Seen
5d ago
21
Reports
source reports
54%
Confidence
medium
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

61 techniques

Network Information

CountryKNSaint Kitts and Nevis
RegionEygelshoven, Limburg
ASNAS51396
OrganizationIntelligence Hosting LLC

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

21 reports54% confidence
21
Source reports
54%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbadb exploitadbhoney activityadbhoney honeypotafricaai applicationsai infrastructureai researchai solutionsapacheapache attackeraptartificial intelligenceasiaattackattack campaignattacker-ipaustraliabad reputationbad web botbazaarbazaar llmbazaar primarybizarre bazaarblacklist hitblacklist ipblacklist ip activityblacklisted ipblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute-force attackcertchinacisco activitycisco devicecisco device attackcisco device targetingcisco exploitcisco exploit attemptscisco exploitation attemptcisco exploitation attemptscommand and controlcommand executioncommand injectioncommercial marketplacecommunication protocolcommunity slackcompromised credentialscompromised host detectioncompromised system detectioncomputer visionconnected devicesconpot activityconpot honeypotcowrie activitycowrie honeypotcowrie interactionscowrie logscowrie ssh activitycowrie ssh attackscredential accesscredential brute forcingcredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase probingdatabase securityddosddos attackddos attack indicatorsddos attacksddos attemptsdecoy systemdeep learningdefense evasiondenial of servicedevice managementdhcpdhcp probingdhcp spoofing attemptdionaea activitydionaea honeypotdionaea malware collectiondistributed attacksdnsdns attackdropperelasticpot activityelasticpot honeypotelasticsearchelasticsearch exploitation attemptelasticsearch monitoringelasticsearch probingencryptionenterprise networkingeuropeeurope/asiaexploitexploit kit activityexploitationexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostexploitsfattfilefranceftpftp attacksftp brute forceftp brute-forcegermanygrokhackingheckerheralding activityhoneymytehoneypot datahoneytrap activityhoneytrap honeypothong konghttp brute forcehttp scannerhttp scanningics securityidentity & access exploitationimapimap brute forceimap probingindicatorindustrial control systemsindustrial iotinformation gatheringinitial accessinjection activityinjection attacksinternet of thingsintrusion detectioniot analyticsiot applicationsiot botnetiot platformsiot securityiot targetediot/ics attackipphoney activityipphoney honeypotipv4japanknown malicious ipkongkong api gatewaylagoslamplamp activitylamp exploit attemptslamp exploitation attemptlamp exploitation attemptslamp server targetinglamp stack attacklamp stack targetinglamp vulnerability scanlamp vulnerability scanninglarge language modellateral movementlateral movement attemptlcialdapldap exploitation attemptldap probingllmmachine learningmailoney activitymailoney honeypotmalicious activitymalicious adb activitymalicious file uploadsmalicious login attemptsmalicious scanmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware detectionmalware probingmalware propagationmemcached exploitation attemptmemcached probingmetadata analysismirai botnetmobilemobile securitymssqlmssql brute forcemssql probingmultiple apt actorsmysql brute forcenatural language processingnetherlandsnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnigerianlnorth americantpntp amplification attemptntp probingoceaniaollama honeypotopen proxyoracleoracle databaseoracle exploitation attemptoracle probingp0fpassword attackpassword attackspassword sprayingphishingphishing attackphishing trappossible exploit attemptpossible malware distributionpossible malware dropperpossible malware infectionpossible mirai variantpostgresql exploitation attemptpostgresql probingpotential data exfiltrationpotential intrusionpotential malicious activityprimary domainprocess injectionprotocol exploitationproxyproxy protocolpureratqhoneypot detectionransomwareransomware activityreconnaissancereconnaissance activityredis exploitation attemptredis honeypotredis probingredishoneypot activityremote accessremote access attemptsremote servicesreportresearchedresource hijackingsaint kitts and nevissakuyasandwormscanscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer sip attacksserver exploitationservice scansftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp probingshodanshodan scanningsip activitysip attackssip brute forcesip scansip scanningsip vulnerability scansitrepsmart devicessmb exploitation attemptsmb scanningsmtpsmtp brute forcesmtp probingsnmp exploitation attemptsocial engineeringsocial media securitysocks5socks5 proxysocks5 proxy abusesocks5 scanningsocradar honeypotspamsql injectionsql injection attemptsssh activityssh attackssh monitoringssrf campaignt-pott1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1053.005t1055t1059t1059.003t1059.004t1059.005t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1140t1190t1202t1203t1204t1204.002t1486t1496t1497t1497.001t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1583t1588t1589t1592t1595t1595.001t1595.002t1595.003taipeitaiwantannertanner activitytargeting databasetcp protocoltelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontokyotor nodetpotturkeyudp port scanunauthorized accessunauthorized loginunauthorized login attemptsunited kingdomunited statesvnc protocolvnc scanningvoipvoip attackvpnvpn ipvulnerability scanweb app attackweb application attackweb application attacksweb application scanweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
21
Reports
First seenJan 29, 2025
Last seenJun 17, 2026
GeolocationKN
CountrySaint Kitts and Nevis
LocationEygelshoven, Limburg
ASNAS51396
OrgIntelligence Hosting LLC
Coords50.8897, 6.0563
ProxyVPN

VirusTotal

Not checked

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 5 days ago
Appeared in 21 threat reports