IOC Radar
IPMediumSignal 67/100

137.27.32.70

Location
United StatesUnited States
McKenzie, Georgia
ASN
AS20115
Spectrum
First Seen
Mar 13, 2021
Last Seen
Jun 13, 2026
Mar 13
First Seen
1929d ago
Jun 13
Last Seen
10d ago
30
Reports
source reports
67%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryUSUnited States
RegionMcKenzie, Georgia
ASNAS20115
OrganizationSpectrum

Feed Intelligence Summary

30 reports67% confidence
30
Source reports
67%
Confidence score
Category tags
abuseabuseipdbaccess controlaccount compromiseaccount enumerationaccount lockoutactive scanactive scanningadresse ipaptasiaatif feedattackattack_vector:brute_forceauthenticationauthentication abuseauthentication attackauthentication-failureauthentication_protocolauto-generated securityazure adazure securitybad reputationbad web botbankingbanlist feedbelgiumbelgium ip addressesbinary defenseblocked sign-inblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcebruteforcec2 communicationc2 servercloud account securitycloud environmentcloud infrastructurecloud infrastructure attackcloud securitycloud servicescommand & controlcommand and controlcommunication protocolcommunication technologiescompromised credentialscompromised hostcompromised hostscowriecowrie honeypotcredential accesscredential brute forcingcredential compromisecredential harvestingcredential stuffingcredential-dumpingcredential-harvestingcredential_accesscredit card servicesctadata exfiltrationdata store exposuredata theftddosddos attackdecoy systemdenial of servicedigital oceandistributed attacksentra idenv-huntingeuropeexploitation activityexploited hostfinancefinancial servicesfinancial technologyfinlandfnt-secure-sentinelfnt-sentinelfrancefraud ordersftp brute forceftp brute-forcegermanyhackinghoneynet connecthttp brute forceidentity & access exploitationidentity managementimapimap attackimap brute forceindicatorinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityintrusion detectioniocipv4 scanningit infrastructurekill-chain exploitationkill-chain reconnaissancelateral movementlogin attacklogin attemptlogin brute forcemalaysiamalicious activitymalicious ip addressesmalicious softwaremalicious-ipmalwaremalware distributionmanualmedium-riskmicrosoft azuremicrosoft entramicrosoft entra idmobile carriersmobile networksmultiple accountsmultiple accounts targetedmultiple usersmultiple users affectednetworknetwork attacksnetwork enumerationnetwork intrusionnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork:tcpnginxnorth americaopenctipassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackpolandpop3 brute forceprivateprocess injectionprotocol exploitationprotocol:imapprotocol:pop3protocol:saslprotocol:smtpransomwarereconnaissanceremote accessremote servicesremote_accessresearchedresource hijackingrtbhsaslsasl brute forcescams & fraudscannerscannersscanning activitysecurity operationssecurity policyself-signedsign-in logs analysissmb brute forcesmtpsmtp attackersmtp brute forcesmtp-attacksocial engineeringsoftware developmentspamsshssh attackssh monitoringssh-bruteswedent1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1076t1078t1078.002t1078.004t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1587.001t1588t1588.004t1589t1589.002t1590t1590.001t1592t1595t1595.001t1595.002t1595.003tcp brute forcetcp protocoltcp scantelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencethreat preventiontor nodeturkeyudp scanunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunited statesunited states of americausvalid accountsvulnerability scanwazuhwealth managementweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
30
Reports
First seenMar 13, 2021
Last seenJun 13, 2026
GeolocationUS
CountryUnited States
LocationMcKenzie, Georgia
ASNAS20115
OrgSpectrum
Coords36.1326, -88.5187

VirusTotal

Not checked

WHOIS

description
--source
references
https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, https://github.com/telekom-security/tpotce, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 10 days ago
Appeared in 30 threat reports