Critical Threat
IP 202.43.122.249 is a high-risk address originating from RailTel Corporation of India Ltd (AS24186) that has generated 889 reports from automated honeypot sensors between November 2025 and March 2026, with the dominant threat profile centering on hacking activity and brute-force authentication attacks.
The abuse reports tied to this Indian IP demonstrate persistent targeted activity despite an overall activity frequency rating of 0/10. Of the 889 total reports, 20 specific threat categorizations were recorded, with hacking attempts accounting for the vast majority and brute-force incidents comprising the remainder. All report sources are attributed to automated honeypot sensors, indicating this traffic was generated by systematic scanning or exploitation attempts rather than isolated manual probes. The detection window spans approximately five months, suggesting continued interest in vulnerable services reachable from this address. The network operator, RailTel Corporation of India Ltd, operates a major telecommunications infrastructure provider, and while the IP may be assigned to a business customer rather than the corporation itself, the source infrastructure carries notable risk given the sustained abuse volume.
The primary attack pattern involves brute-force authentication attempts against remote access services, specifically targeting VNC (Virtual Network Computing) interfaces. This technique systematically cycles through credential combinations to gain unauthorized remote desktop access. Complementary detection signatures flagged abnormal TCP stream behavior consistent with reconnaissance or connection manipulation attempts. For organizations running exposed VNC services or similar remote access solutions, successful brute-force compromise grants attackers direct graphical control over systems, enabling data theft, lateral movement, cryptocurrency malware deployment, or integration into botnets. The systematic nature of these attempts indicates automated tooling rather than opportunistic probing.
Site operators should immediately block 202.43.122.249 at the network perimeter firewall or via intrusion prevention systems. Implementing fail2ban or equivalent log-based blocking tools provides automated response to repeated authentication failures. Enforcing multi-factor authentication on all remote access services eliminates the effectiveness of credential-based attacks even when credentials are compromised. Rate-limiting authentication endpoints and applying account lockout policies after repeated failures significantly raises the cost of brute-force campaigns. Continuous monitoring of authentication logs for the patterns associated with this address ensures early detection of evasion attempts or similar activity from adjacent IP ranges.
RO 
PH 
UA 
VN