IOC Radar
IPMediumSignal 45/100

15.204.37.20

Location
United StatesUnited States
Hillsboro, Oregon
ASN
AS16276
Sales, Engineering
First Seen
Sep 27, 2024
Last Seen
Apr 8, 2026
Sep 27
First Seen
621d ago
Apr 8
Last Seen
64d ago
19
Reports
source reports
45%
Confidence
medium
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
45%
Signal Score
45 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

45 techniques

Network Information

CountryUSUnited States
RegionHillsboro, Oregon
ASNAS16276
OrganizationSales, Engineering

Feed Intelligence Summary

19 reports45% confidence
19
Source reports
45%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningadbhoney honeypotadbhoney related activityatif feedattackauthentication failureauto-generated securitybad reputationbanlist feedbinary defensebotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsc2cisco devicecitrix exploitation attemptcitrix securityclosecommand & controlcommand and controlcommunication protocolconpot honeypotconpot ics attackscowriecowrie honeypotcowrie ssh interactioncowrie ssh logscredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredatabase securityddosdecoy systemdenial of servicedevice managementdionaea honeypotdionaea malware collectiondistributed attacksemailenterprise networkingenterprise securityexploit attemptexploitation activityexploitation of vulnerabilityexploited hostftp brute forceftp brute-forcegeckogithubgroupshackinghelloheralding scan activityhoneytrap honeypotics attackics securityidentity & access exploitationindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinjection activityintel macintrusion detectioniot securityiot/ics attackipphoney honeypotkhtmllamplamp attacklateral movementlinux x8664mailoney honeypotmalicious activitymalicious payloadmalicious softwaremalwaremalware behaviourmalware capturemanualmobilemobile securitynetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork reconnaissancenetwork scanningnetwork securitynorth americaos xpassword attacksphishingphishing attackphishing trappossible exploit probingpossible malware hostingpotential malicious activityprocess injectionpythonransomwarereconnaissanceredis exploit attemptredis honeypotremote accessremote servicesresearchedresource hijackingscannerscriptsecurity operationssecurity policysentrypeer botnetsentrypeer exploitserver exploitationservice enumerationsftpsftp attacksftp attackssftp protocol abusesip brute forcesip scanningslugsmtp brute forcesocial engineeringsql injectionsshssh attackssh monitoringsurface webt-pott1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1064t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1498t1499.001t1499.002t1499.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1569t1587.001t1588t1589t1590.001t1595t1595.001t1595.002t1595.003tannertanner exploit detectiontargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpot cettpsubuntuunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified attackerunited statesunited states of americausus ip addressvoipvoip attackvulnerability scanweb application attackweb exploitationwindows nt

Activity Timeline

1 total obs
Apr 8Apr 8

Threat Activity Heatmap

· Peak: 2026-04-08
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
45
SIGNAL
Signal Score
45%
Confidence
19
Reports
First seenSep 27, 2024
Last seenApr 8, 2026
GeolocationUS
CountryUnited States
LocationHillsboro, Oregon
ASNAS16276
OrgSales, Engineering
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
Unknown source type: h0neytr4p
raw
Socket not responding: timed out
references
https://github.com/telekom-security/tpotce, https://chiraba.com:8443/hourly, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 19 threat reports