IOC Radar
IPMediumSignal 63/100

172.245.156.116

Location
United StatesUnited States
Buffalo, New York
ASN
AS36352
RackNerd LLC
First Seen
Apr 13, 2026
Last Seen
May 26, 2026
Apr 13
First Seen
70d ago
May 26
Last Seen
28d ago
6
Reports
source reports
63%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

4 techniques

Network Information

CountryUSUnited States
RegionBuffalo, New York
ASNAS36352
OrganizationRackNerd LLC

Feed Intelligence Summary

6 reports63% confidence
6
Source reports
63%
Confidence score
Category tags
active scanattackbotnetbotnet activitybrute forcebrute-forcecowrie honeypotdecoy systemdionaea honeypotexploitation activityfatthoneytrap honeypotindicatorkill-chain exploitationkill-chain reconnaissancelow-riskmailoney honeypotmalicious activitymalwaremalware behaviourmalware capturenetworknorth americaosintp0fphishingphishing attackphishing trapresearchedresource hijackingscannersensor-taggedsentrypeer botnetsshssh attackssh monitoringt1110.001t1496t1499.001t1595.001tannerthreat actorthreat detectionthreat intelligencetor nodetpotunited statesusvncvoip attackweb app attack

Activity Timeline

1 total obs
May 26May 26

Threat Activity Heatmap

· Peak: 2026-05-26
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
6
Reports
First seenApr 13, 2026
Last seenMay 26, 2026
GeolocationUS
CountryUnited States
LocationBuffalo, New York
ASNAS36352
OrgRackNerd LLC
Coords42.8864, -78.8784

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f; threshold?1; private IPs excluded. geo=US; ports=5900 Location=Sydney, Australia.
raw
HostPapa CC-14 (NET-172-245-0-0-1) 172.245.0.0 - 172.245.255.255 RackNerd LLC CC-172-245-156-0-24 (NET-172-245-156-0-1) 172.245.156.0 - 172.245.156.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 28 days ago
Appeared in 6 threat reports