IOC Radar
IPMediumSignal 62/100

87.121.84.60

Location
NetherlandsNetherlands
Los Angeles, 02
ASN
AS215925
VPSVAULT.HOST LTD
First Seen
Mar 11, 2025
Last Seen
May 19, 2026
Mar 11
First Seen
460d ago
May 19
Last Seen
26d ago
14
Reports
source reports
62%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Network Information

CountryNLNetherlands
RegionLos Angeles, 02
ASNAS215925
OrganizationVPSVAULT.HOST LTD

Feed Intelligence Summary

14 reports62% confidence
14
Source reports
62%
Confidence score
Category tags
abuseabusech-threatfox-c2caccess controlactive scanactive scanningattackaustraliaautomated analysisbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbulgariac2c2 frameworkcobalt strikecobalt-strikecobaltstrikecommand & controlcommand and controlcommand-and-controlcommunication protocolconnected devicescowrie activitycowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposureddosddos attacksdecoy systemdeimosc2denial of servicedetailsdevice managementdionaea activitydionaea honeypotdistributed attacksdomainseuropeexploit attemptexploit probingexploitation activityexploitation of privilegefattfatt analysisfraud voipftpftp attacksftp brute forcegeospatial datahackinghoneytrap activityhoneytrap honeypothttp scanneridentity & access exploitationindicatorindustrial iotinfostealerinfrastructure acquisitionreconnaissanceingress tool transferinjection activityinternet of thingsiocs sha256iot analyticsiot applicationsiot botnetiot platformsiot securityiot/ics attackmailoney activitymailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware campaign activitymalware campaign detectionmalware capturemalware deliverymalware distributionmalware distribution campaignmiraimirai botnetmirai internetnetherlandsnetworknetwork intrusionnetwork intrusion attemptsnetwork scanningnetwork securitynlnorth americaoceaniaopenctiosintosint-volleyp0fp0f signaturespassword attackspayloadphishingphishing attackphishing trapprocess injectionprotocol exploitationquasar ratquasarratransomwareratrcereconnaissanceremote accessremote servicesresearchedresource hijackingscams & fraudscannersecurity policysensor-taggedsentrypeer activitysentrypeer botnetsftp attacksip attackssip brute forcesmart devicessmtpsmtp attacksssh attackssh attacksssh monitoringsuricata alertst1003t1005t1021t1021.001t1021.004t1027t1040t1041t1046t1055t1059t1059.001t1059.004t1068t1071t1071.001t1076t1078t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505t1547t1563t1565t1566t1569.002t1587.001t1590.001t1595t1595.001t1595.002t1595.003tannertanner activitytelecommunicationstelnet threattest botnetthingsthreat actorthreat detectionthreat intelligencethreat preventionthreatfox apitor nodetpottrojan malwareunauthenticated accessunauthorized access attemptunited statesunknown malwareunknown-malwareusvoipvoip attackvtubersvtubers botnetweb application attackweb exploitationweb trafficxpath injection

Activity Timeline

1 total obs
May 19May 19

Threat Activity Heatmap

· Peak: 2026-05-19
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
14
Reports
First seenMar 11, 2025
Last seenMay 19, 2026
GeolocationNL
CountryNetherlands
LocationLos Angeles, 02
ASNAS215925
OrgVPSVAULT.HOST LTD
Coords42.4963, 27.4646

VirusTotal

Not checked

WHOIS

description
ip:port combination that is used for botnet Command&control (C&C)
raw
NetRange: 87.0.0.0 - 87.255.255.255 CIDR: 87.0.0.0/8 NetName: 87-RIPE NetHandle: NET-87-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2004-04-01 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/87.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references
https://1275.ru/ioc/indikatory-komprometatsii-botneta-mirai-obnovlenie-za-18-07-2025_13226

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 26 days ago
Appeared in 14 threat reports