# THREAT INTELLIGENCE BRIEFING
IP Address: 45.76.59.175/32
Classification: Cloud Infrastructure (Vultr Holdings, LLC)
Risk Assessment: Low Risk (Score: 25/100)
Date: Current Intelligence Cycle
---
## EXECUTIVE SUMMARY
IP 45.76.59.175 is a cloud-hosted server (Vultr) operating as a web service with standard web infrastructure (HTTP/HTTPS, SSH). The IP demonstrates low overall risk but exhibits elevated operator-level signals and has been observed on eight DNS blacklist feeds, including one high-severity listing. No active threat campaigns or known attacker associations detected.
---
## OWNERSHIP & INFRASTRUCTURE
| Attribute | Value |
|---|---|
| **Provider** | Vultr Holdings, LLC (ASN 20473) |
| **Infrastructure Type** | Cloud Compute |
| **Location** | Dallas, TX, US (ARIN) |
| **BGP Prefix** | 45.76.56.0/22 |
| **Route Stability** | Stable (no changes in 30 days) |
| **DNSSEC** | Valid |
---
## NETWORK SERVICES & CONFIGURATION
Open Ports:
- Port 80/TCP: HTTP
- Port 443/TCP: HTTPS
- Port 22/TCP: SSH (OpenSSH_7.4)
Web Server Details:
- Apache/2.4.6 (CentOS)
- OpenSSL/1.0.2k-fips
- PHP/7.0.31
TLS Certificate:
- Subject: CN=*.sabrosanousa.com
- Issuer: Sectigo Public Server Authentication CA DV R36
- Validity: Active certificate
DNS Configuration:
- PTR: 45.76.59.175.vultrusercontent.com
- SPF: Configured with multiple IP inclusions
- DMARC: p=quarantine with rua/ruf reporting
---
## THREAT OBSERVATION HISTORY
Total Observations: 24
Recent Activity: 2026-06-20
Key Observations:
- Listed on 8 DNS blacklist feeds (1 high-severity listing detected)
- Operator Score: 0.3478 (Basic classification)
- Threat Persistence: No persistent malicious activity detected
- Campaign Correlation: No known campaign matches
Temporal Analysis:
- Ownership changes: None recorded
- Threat observation count: 1
- Classification: Not persistently malicious
---
## NETWORK RELATIONSHIPS
Connected Entities: 36 relationships identified
- Primary relationship type: Same network (NET-45-76-58-0-23)
- No certificate-based associations detected
- No hostname-level relationships beyond standard provider domains
---
## SUBNET ANALYSIS
Subnet: 45.76.59.175/24
Abuse Density: 0 (mostly clean)
Threat Siblings: 1
Active Siblings: 0
The /24 subnet shows minimal abuse activity, with this IP representing a single threat sibling.
---
## GEOLOCATION VALIDATION
Flagged Issues:
- Geographic validation flagged as implausible
- Distance discrepancy: 7,996.6 km from probe origin
- Minimum possible RTT: 60ms vs. theoretical minimum 159.9ms
- Probe count: 5 (confidence: 0.85)
---
## SECURITY ACTIONS & RECOMMENDATIONS
Current Risk Posture:
- Low overall risk but elevated operator-level signals
- Cloud hosting environment (Vultr)
- Standard web service configuration
Recommended Actions:
1. Monitor TLS certificate validity and expiration
2. Review DNS blacklist listings for source identification
3. Verify geolocation accuracy for traffic analysis
4. Standard firewall rules apply (allow 80/443, restrict 22)
No immediate blocking action recommended based on current risk profile.
---
## INTELLIGENCE CONCLUSION
IP 45.76.59.175 represents legitimate cloud infrastructure hosting services for sabrosanousa.com. While the risk score remains low (25/100), the presence on multiple DNS blacklists warrants continued monitoring. The IP's configuration aligns with standard web hosting practices, and no active malicious behavior or threat campaign associations have been identified.
Classification: LOW RISK - MONITOR
Confidence Level: HIGH (24 observations, 36 relationships)
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Vultr Holdings, LLC |
| ASN | AS20473 |
| Network Name | β |
| CIDR Block | 45.76.56.0/22 |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 45.76.59.175.vultrusercontent.com |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | 45.76.59.175.vultrusercontent.com |
π DNS Hygiene
| Hygiene Score | 60% (Good) |
| SPF | Present |
| DMARC | Present |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.0.31 |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.4 |
π TLS Certificate
| SANs | *.sabrosanousa.comsabrosanousa.com |
| Valid From | 2025-08-29T00:00:00+00:00 |
| Valid Until | 2026-09-29T23:59:59+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 396 days |
| Serial Number | 252CD8478ED7CC0497876A786BC404AC |
| Thumbprint | AC01D529A5B225EDFA682C5351704625E3ED3551 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 24% | 2 | 3 |
| services | 28% | 2 | 3 |
| ownership | 27% | 3 | 4 |
| reputation | 30% | 1 | 3 |
| geolocation | 31% | 2 | 3 |
| Overall | 29% | 12 | 20 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-18 15:26:59 UTC |
| Last Seen | 2026-06-28 07:39:26 UTC |
| Profile Built | 2026-06-29 07:47:25 UTC |
| Data Freshness | Live |
| Signal Types | 27 |
| Total Observations | 31 |
Full dossier details are available via our API.