IOC Radar
IPMediumSignal 49/100

45.76.60.168

Location
United StatesUnited States
Atlanta, Georgia
ASN
AS20473
Vultr Holdings, LLC
First Seen
Jun 29, 2025
Last Seen
Jun 8, 2026
Jun 29
First Seen
351d ago
Jun 8
Last Seen
7d ago
15
Reports
source reports
49%
Confidence
medium
1/91
VirusTotal
detections
Found in 15 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
49%
Signal Score
49 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

53 techniques

Network Information

CountryUSUnited States
RegionAtlanta, Georgia
ASNAS20473
OrganizationVultr Holdings, LLC

Feed Intelligence Summary

15 reports49% confidence
15
Source reports
49%
Confidence score
Category tags
abuseaccess controlactive scanactive scanninganomalous network connectionsasiaattackaustraliabad reputationblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcec2china mobilecisco devicecisco exploitation attemptscolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromised devicecompromised hostcompromised systemcowrie activitycowrie honeypotcredential accesscredential harvestingcredential stuffingdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredatabase brute forceddosdecoy systemdenial of servicedenial-of-service attemptdevice managementdionaea activitydionaea honeypotdistributed attacksenterprise networkingexecutable fileexfiltrationexploit attemptexploitation activityexploitation attemptsftpftp brute forcehackinghk abusehandlerhoneytrap honeypothong konghttp brute forcehttp probinghttp request anomalieshttp scannerhurricane usidentity & access exploitationindicatorinitial accessinjection activityiocipv4lamplamp exploitationlateral movementmailoney activitymailoney honeypotmalicious activitymalicious payload attemptsmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware download attemptsnetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnorth americaoceaniapassword attackspgp signphishingphishing attackphishing trappossible botnet activitypossible malware distributionprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessresearchedscanscannerscanner activityscanning activitysecurity operationssecurity policyservice scansftp attacksftp attemptssip brute forcesip probingsip scanningsmtp brute forcesmtp probingsocial engineeringsql injection attemptsql injection attemptsssh attackssh monitoringssh scanningsshdt1003t1016t1018t1021t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.004t1065t1068t1071t1071.001t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1199t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1589t1590t1592t1595t1595.001t1595.002t1595.003targeting databasetelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodeunited statesusus nonevoipvulnerability scanweb app attackweb application attackweb exploit attemptweb exploitationweb traffic

Activity Timeline

1 total obs
Jun 8Jun 8

Threat Activity Heatmap

· Peak: 2026-06-08
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
49
SIGNAL
Signal Score
49%
Confidence
15
Reports
First seenJun 29, 2025
Last seenJun 8, 2026
GeolocationUS
CountryUnited States
LocationAtlanta, Georgia
ASNAS20473
OrgVultr Holdings, LLC
Coords33.7838, -84.4455

VirusTotal

1/ 91vendors flagged
1% detection rateJun 9, 2026

WHOIS

description
The following is the full text of the DShield.org block list, compiled by the organisation's own staff and copyrighted by its own developers, subject to copyright and other conditions, and is copyrighted. Data Sources: https://feeds.dshield.org/feeds/topips.txt https://feeds.dshield.org/feeds/top10.txt https://feeds.dshield.org/feeds/block.txt https://feeds.dshield.org/feeds/daily_sources THIS IS NOT A BLOCKLIST! DATA IS UNFILTERED AND CONTAINS FALSE POSITIVES.
raw
The Constant Company, LLC CONSTANT (NET-45-76-0-0-1) 45.76.0.0 - 45.77.255.255 Vultr Holdings, LLC NET-45-76-60-0-23 (NET-45-76-60-0-1) 45.76.60.0 - 45.76.61.255
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 11 months ago · Last seen 7 days ago
Appeared in 15 threat reports