IPMediumSignal 72/100

`45.61.187.220`

Location

United States

Miami, Florida

ASN

AS53667

FranTech Solutions

First Seen

Aug 2, 2024

Last Seen

Jun 4, 2026

Aug 2

First Seen

677d ago

Jun 4

Last Seen

7d ago

Reports

source reports

72%

Confidence

medium

Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

72%

Signal Score

72 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

77 techniques

Network Information

Country

United States

RegionMiami, Florida

ASNAS53667

OrganizationFranTech Solutions

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

27 reports72% confidence

Source reports

72%

Confidence score

Category tags

abuseaccess controlaccess managementaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningaggressive-detectionanomalous network connectionsapacheapache attackerapplication layer protocolaptasiaatif feedattackattack sourceattack source identificationattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication_attackauthentication_bypassauthentication_failuresauto-generated securityautomated attackautomated attack attemptsautomated attacksautomated threatautomated threat responseautomated_attackbad reputationbad web botbanlist feedbinary defenseblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcbrute-forcebrute_forcebrute_force_attackbruteforcec2c2 communicationc2 servercanadachina mobileciscocisco devicecisco exploitation attemptcisco exploitation attemptscliftoncloud infrastructurecloud infrastructure attackcloud providercloud servicescode-injectioncolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostsconnection-resetcowriecowrie datacowrie honeypotcredential accesscredential access attemptcredential compromisecredential guessingcredential harvestingcredential stuffingcredential stuffing attemptscredential-attackcredential_accesscredential_bruteforcecredential_stuffingctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean cliftondigitalocean environmentdigitalocean vpsdionaeadionaea honeypotdionaea payloadsdistributed attacksencryptionenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitationexploitation activityexploitation attemptsexploited hostexport-to-otxfail2ban alertfail2ban alertsfail2ban logsfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfatt detectionsfinlandfirewall logsfrancefraud ordersfraud voipftpftp brute forceftp brute-forceftp bruteforcegame_servergb-originating attackgb-originating trafficgeoipgermanyhackinghk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap eventshoneytrap honeypothong konghttp brute forcehttp bruteforcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationindiainfoinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access vectorinitial_access_attemptinjection activityinjection attacksintrusion detectioniociot securityiot targetedipv4ipv4 threatipv4_addressipv4_indicatorsit infrastructurekill-chain exploitationkill-chain reconnaissancelamplamp exploitation attemptlamp server targetinglamp stacklateral movementlinux systemslogin attacklogin attemptlogin attemptslogin brute forcelogin brute-forcelogin failurelow-riskmailmailoney eventsmailoney honeypotmalaysiamalicious activitymalicious payloadmalicious payload attemptmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-ipmalwaremalware behaviourmalware capturemalware distributionmanualmispmod securitymultiple failed loginsnetworknetwork accessnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork layer protocolnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnetwork-reconnaissancenetwork_reconnaissancenetwork_scanningnetwork_service_exploitationnorth americanoticeoceaniaopen proxyopencanaryopenctiopportunistic attackerosintp0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword_guessingpgp signphishingphishing attackphishing trapping of deathpolandportscanpossible bot activitypossible botnet activitypossible ddos reconnaissancepossible malware distributionpotential ddos activitypotential malware uploadprocess injectionproject_gifted1protocol exploitationprotocol-probingproxypublicly accessible infrastructureransomwareraspberry-pireconnaissancereconnaissance activityremote accessremote access attacksremote access attemptremote access protocolremote login attacksremote service interactionremote servicesremote_accessresearchresearchedresource hijackingrtbhscams & fraudscanscannerscanner ipsscannersscanning activitysecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventsservice scansftpsftp attacksftp exploitation attemptsshellsipsip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql-injectionsshssh attackssh bruteforcessh monitoringssh-brutestaging_serversuricata alertsswedent-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1550.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1567t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.003t1590.006t1592t1595t1595.001t1595.002t1595.003tannertanner eventstargeting databasetcp protocoltcp scantcp/iptelecommunicationstelnettelnet threatthreat activitythreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-feedtimeouttop10.txttopips.txttor nodetorontotpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptsunited kingdomunited statesunknown threat actorusus abuseus noneutc+1:00valid accountsvoidtrapvoidtrap-intelligencevoipvoip attackvpnvpn ipvpsvps securityvulnerability scanvultrweb app attackweb application attackweb brute forceweb exploitationweb loginweb service attacksweb spamweb trafficweb-application-attackworker_strike

Activity Timeline

1 total obs

Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

72%

Confidence

Reports

First seenAug 2, 2024

Last seenJun 4, 2026

GeolocationUS

CountryUnited States

LocationMiami, Florida

ASNAS53667

OrgFranTech Solutions

Coords37.7510, -97.8220

ProxyVPN

VirusTotal

Not checked

WHOIS

description: BruteForce_Attack
raw: NetRange: 45.61.128.0 - 45.61.191.255 CIDR: 45.61.128.0/18 NetName: PONYNET-15 NetHandle: NET-45-61-128-0-1 Parent: NET45 (NET-45-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: FranTech Solutions (SYNDI-5) RegDate: 2015-01-02 Updated: 2015-01-02 Ref: https://rdap.arin.net/registry/ip/45.61.128.0 OrgName: FranTech Solutions OrgId: SYNDI-5 Address: 1621 Central Ave City: Cheyenne StateProv: WY PostalCode: 82001 Country: US RegDate: 2010-07-21 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/SYNDI-5 OrgTechHandle: FDI19-ARIN OrgTechName: Dias, Francisco OrgTechPhone: +1-778-977-8246 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN OrgAbuseHandle: FDI19-ARIN OrgAbuseName: Dias, Francisco OrgAbusePhone: +1-778-977-8246 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
references: https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://jamesbrine.com.au/vultrparis-ssh-bruteforce-ip-list-2025-08-27/, https://jamesbrine.com.au, https://jamesbrine.com.au/bruteforce-ip-list-2025-07-22/, ip.txt, https://redpiranha.net, https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

`45.61.187.220`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy