IOC Radar
IPMediumSignal 87/100

72.49.246.191

Location
United StatesUnited States
Edgewood, OH
ASN
AS6181
FUSE ADSL Ports - EVESR1
First Seen
Apr 6, 2026
Last Seen
Apr 24, 2026
Apr 6
First Seen
75d ago
Apr 24
Last Seen
58d ago
10
Reports
source reports
87%
Confidence
medium
9/91
VirusTotal
detections
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
87%
Signal Score
87 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

9 techniques

Network Information

CountryUSUnited States
RegionEdgewood, OH
ASNAS6181
OrganizationFUSE ADSL Ports - EVESR1

Feed Intelligence Summary

10 reports87% confidence
10
Source reports
87%
Confidence score
Category tags
abuseactive scanactive scanningaptbad reputationbad web botbotnet activitybrute forcebrute force attackerbrute-forcecowriedata exfiltrationdata store exposuredatabase securityddosdenial of servicedionaeaexploitation activityexploited hostfatthackingidsindicatorinjection activityinjection attacksiot securityiot targetedmalwarenetworknorth americap0fportscanreconnaissanceresearchedscannerscannerssensor-taggedservice scant1059.003t1190t1203t1486t1499.001t1499.002t1595.001t1595.002t1595.003tannerthreat actortor nodetpotunited statesvultrweb app attackweb application attackweb exploitation

Activity Timeline

1 total obs
Apr 24Apr 24

Threat Activity Heatmap

· Peak: 2026-04-24
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

The IPv4 address 72.49.246.191 has been identified as a high-severity Indicator of Compromise (IOC) with a score of 87.14 and is not whitelisted. This IOC is directly associated with aggressive reconnaissance and exploitation attempts, indicating a significant and immediate threat to organizational assets. Its presence signifies potential hostile intent, including vulnerability scanning, attempts at exploiting public-facing applications through techniques like SQL injection and path traversal, a…

Threat ScoreHigh Risk
87
SIGNAL
Signal Score
87%
Confidence
10
Reports
First seenApr 6, 2026
Last seenApr 24, 2026
GeolocationUS
CountryUnited States
LocationEdgewood, OH
ASNAS6181
OrgFUSE ADSL Ports - EVESR1
Coords39.4025, -84.5220

VirusTotal

9/ 91vendors flagged
10% detection rateJun 6, 2026

WHOIS

description
seen in Suricata IDS alerts; events=1; categories=Attempted Administrator Privilege Gain; sigs(top)=ET EXPLOIT Possible Authenticated Command Injection Inbound - Comtrend VR-3033 (CVE-2020-10173); ports=80; cc=US; asn=6181; asn_org=Cincinnati Bell Telephone Company LLC
raw
NetRange: 72.49.0.0 - 72.49.255.255 CIDR: 72.49.0.0/16 NetName: FUSE-NET-BLK-7 NetHandle: NET-72-49-0-0-1 Parent: NET72 (NET-72-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Altafiber (FIAI) RegDate: 2005-06-06 Updated: 2012-03-02 Comment: For Abuse Issues Call 513.565.9707 or Email [email protected] Comment: Please see rwhois.fuse.net: 4321 for IP assignments. Ref: https://rdap.arin.net/registry/ip/72.49.0.0 OrgName: Altafiber OrgId: FIAI Address: 209 W. Seventh St. City: Cincinnati StateProv: OH PostalCode: 45202 Country: US RegDate: 1998-09-11 Updated: 2025-07-09 Comment: *** For Abuse Issues Call 513.565.9707 or Email Comment: [email protected] **** Ref: https://rdap.arin.net/registry/entity/FIAI ReferralServer: rwhois://rwhois.fuse.net:4321 OrgTechHandle: DPM35-ARIN OrgTechName: Murray, Daniel Patrick OrgTechPhone: +1-513-608-7126 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/DPM35-ARIN OrgTechHandle: FIA-ORG-ARIN OrgTechName: Fuse Internet Access Operations Center OrgTechPhone: +1-800-387-3638 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/FIA-ORG-ARIN OrgTechHandle: MONAG27-ARIN OrgTechName: Monaghan, Robert OrgTechPhone: +1-513-238-4723 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/MONAG27-ARIN OrgNOCHandle: FIA-ORG-ARIN OrgNOCName: Fuse Internet Access Operations Center OrgNOCPhone: +1-800-387-3638 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/FIA-ORG-ARIN OrgTechHandle: MORRI1305-ARIN OrgTechName: Morris, William OrgTechPhone: +1-513-835-0412 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/MORRI1305-ARIN OrgTechHandle: RONAN14-ARIN OrgTechName: Ronan, Eric OrgTechPhone: +1-513-509-2517 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RONAN14-ARIN OrgTechHandle: GOODW273-ARIN OrgTechName: Goodwin, Eric OrgTechPhone: +1-513-265-2769 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GOODW273-ARIN OrgTechHandle: GSP36-ARIN OrgTechName: Pennington, Gregory Scott OrgTechPhone: +1-513-608-7516 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GSP36-ARIN OrgAbuseHandle: FAT-ARIN OrgAbuseName: Fuse Internet Access Abuse Team OrgAbusePhone: +1-513-397-6598 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/FAT-ARIN RTechHandle: RW855-ARIN RTechName: Wagner, Rick RTechPhone: +1-513-397-9796 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/RW855-ARIN
references
https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-17/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 1 month ago
Appeared in 10 threat reports