IOC Radar
IPMediumSignal 0/100

18.97.5.72

Location
United StatesUnited States
Ashburn, Virginia
ASN
AS14618
AWS EC2 (us-east-1)
First Seen
Apr 24, 2025
Last Seen
Jun 10, 2026
Apr 24
First Seen
412d ago
Jun 10
Last Seen
today
8
Reports
source reports
0%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionAshburn, Virginia
ASNAS14618
OrganizationAWS EC2 (us-east-1)

Feed Intelligence Summary

8 reports0% confidence
8
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated

This indicator of compromise (IOC), an IPv4 address, has been explicitly whitelisted across multiple reputable threat intelligence feeds, including AbuseIPDB, AlienVault OTX, and Cyber Cure. With a threat score of 0.0, this IOC is assessed as benign and poses no immediate threat to organizational security. Its inclusion in various intelligence feeds primarily reflects historical data or previous analysis that has since been superseded by its confirmed whitelist status. Therefore, while it appear…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
8
Reports
First seenApr 24, 2025
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationAshburn, Virginia
ASNAS14618
OrgAWS EC2 (us-east-1)
Coords39.0438, -77.4874

VirusTotal

Not checked

WHOIS

description
Score: 86/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:moderate, abuseipdb:port-scan, abuseipdb:reported. 18.97.5.72 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, hacking, moderate).

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen today
Appeared in 8 threat reports