IPMediumSignal 46/100

`216.150.1.1`

Location

United States

Walnut, California

ASN

AS16509

Vercel, Inc

First Seen

Jun 11, 2025

Last Seen

Jun 2, 2026

Jun 11

First Seen

378d ago

Jun 2

Last Seen

22d ago

Reports

source reports

46%

Confidence

medium

Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

46%

Signal Score

46 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

45 techniques

Network Information

Country

United States

RegionWalnut, California

ASNAS16509

OrganizationVercel, Inc

Feed Intelligence Summary

14 reports46% confidence

Source reports

46%

Confidence score

Category tags

abuseacademic institutionsacceptactive scanactive scanningalienvault_ransomwareanalyzeand notansiapi keyaptaustraliabad reputationbad web botbadgerblog docsbotnetbotnet activitybrand-hyperliquidbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcecanadaccc httpscivil servicesclickclosecommand and controlcommunication protocolcommunication technologiescomspeccontactcookiecowrie honeypotcredential accesscredential harvestingcredential stuffingcredential-theftcredential_accesscrypto-scamcryptocurrencydata exfiltrationdata store exposuredatabase attackddosdecoy systemdefense evasiondelete lockdenial of servicedionaea activitydionaea honeypotdionaea payloadsdistributed attacksdnsdns attackdomaindomains managedownloadbubbleeducationeducational resourceseducational serviceseducational technologyelectronic health recordsencryptencryptionentityeuaaaaagaceuropeexploitexploit probingexploitation activityexploited hostfattfatt analysisfatt detectionsfencedframesfledgeftpftp attacksgaz1geoipgoogle llcgovernment technologyhackinghealth care and social assistancehealth information technologyhealthcare information systemshidehigher educationhome searchhoneytrap activityhoneytrap eventshoneytrap honeypothospital managementhostshttp scannerhybridhybrid analysisidentity & access exploitationindicatorinformation technologyinjection activityiocit infrastructurek-12 educationlevellive apilocalemailoney activitymailoney eventsmailoney honeypotmake suremalicious activitymalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymastodon-benignmedical servicesmobile carriersmobile networksmodelmozillanetworknetwork intrusion attemptsnetwork scanningnetwork securitynetwork_reconnaissancenorth americaoceaniaonlineoverp0fp0f signaturespagepasskeyauthpassword attackspatchpathpatient carepcappcap processingphishingphishing attackphishing trappleaseplease notepolandpricing loginprivacy badgerprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregistry lockregulatory agenciesremote accessremote servicesresearchedresource hijackingsandboxscamscams & fraudscannersearchsearch apisecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssettings widgetsip attackssites generalsmtpsmtp attackssocial engineeringsoftware developmentspamssh attackssh attacksssh monitoringssl certificatestaticstringssubmitsuricata alertssystem accesst1021t1021.001t1040t1041t1048t1055t1057t1059t1071t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1132t1133t1140t1189t1190t1199t1203t1486t1496t1499.001t1499.002t1499.003t1553t1562t1563t1565t1566.001t1566.002t1566.003t1568t1583t1584t1586t1590t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstargeting databasetelecom servicestelecommunicationstelnet threattempthreat actorthreat detectionthreat intelligencetor nodetpottransfer locktrojantucaunited statesupdate lockurlusvercel geoipverified-benignvetting processvirusvoipvoip attackwebweb app attackweb application attackweb exploitweb exploitationweb spamweb trafficwebbluetoothwebsitewindwindow

Activity Timeline

1 total obs

Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

46%

Confidence

Reports

First seenJun 11, 2025

Last seenJun 2, 2026

GeolocationUS

CountryUnited States

LocationWalnut, California

ASNAS16509

OrgVercel, Inc

Coords34.0154, -117.8582

VirusTotal

Not checked

WHOIS

description: Hosting IP for phishing site app-hyperliquid.app
raw: NetRange: 216.150.1.0 - 216.150.1.255 CIDR: 216.150.1.0/24 NetName: VERCEL-09 NetHandle: NET-216-150-1-0-1 Parent: NET216 (NET-216-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Vercel, Inc (ZEITI) RegDate: 2024-07-24 Updated: 2024-09-06 Comment: -----BEGIN CERTIFICATE-----MIIDcDCCAligAwIBAgITU5Mr26OlWzWv+4tJ1ccMwyycEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExDzANBgNVBAoMBlZlcmNlbDEbMBkGCSqGSIb3DQEJARYMbUB2ZXJjZWwuY29tMB4XDTI0MDkwNjIwMzgwMloXDTI1MDkwNjIwMzgwMlowSDELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkNBMQ8wDQYDVQQKDAZWZXJjZWwxGzAZBgkqhkiG9w0BCQEWDG1AdmVyY2VsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANIcKcluRwrqsy/4dPnVFEUVfNUquQcnmReP+gMwj/9Fc9/rN0hhs/b8cwqsbJSnEEdThf5WFtvpWmqLlUPx9bchvQOEgZCpu4FTBrmhDe86D2P7sT8P15jgv3U9nBr3vrCf64e3cx2eoXhu2AjObBocsyiXNW5rY9JigAAXdlVoylr3UbL3IwwzL4tqiTtYfxw4JRtf7+i8r/mVGI3nPNUsgk7bX1UtDiwKwSwuLrwSUDOO0VjwEaKfHKrxyFfgLrbiOB55H0jWmFks6ujQrSsknsJxHlMU6zLFs427SPiXvPMipJWo3cq09JdkeLsvk5S0xbAWllly58ovntyOZC0CAwEAAaNTMFEwHQYDVR0OBBYEFLcf9Lpume0rmHtRY26YpbtFhvGdMB8GA1UdIwQYMBaAFLcf9Lpume0rmHtRY26YpbtFhvGdMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAMLfnXVDVmk/0V8fAdwMpxQ7pJwln5WYgzBqmkpfnfTTM+vpMaA/pGS1SCGRF6WO4dNbvm2me5EVUwidVGI0NwDQnrlre+x8k2XsvC4uEbMfbYS6RUZzcsWDMSihLX+CNEs57IDMRyDzX/fNvhpNq244HVQyUwiJy9HAdHl3DoAzo5d82LwF2jbk8fpvAdFPhr3EedIgJta4I0LApqIKy9hmyoOHeZYo6qPhNlF4zcQqGo86d9QOM7PVr2QUSljIObr6J7xVv7f8/r/R/rfNJpGBLwYvL02BjozvXBtj2FaRoL8GQdwPn3Gctd+IN8YY/ijuwQQCxrd0fiS/bbIlNAU=-----END CERTIFICATE----- Ref: https://rdap.arin.net/registry/ip/216.150.1.0 OrgName: Vercel, Inc OrgId: ZEITI Address: 340 S LEMON AVE #4133 City: Walnut StateProv: CA PostalCode: 91789 Country: US RegDate: 2020-03-26 Updated: 2024-11-25 Comment: https://vercel.com Ref: https://rdap.arin.net/registry/entity/ZEITI OrgAbuseHandle: ABUSE7926-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-415-980-8007 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE7926-ARIN OrgTechHandle: MFV2-ARIN OrgTechName: Vieira, Matheus Fernandez OrgTechPhone: +1-415-980-8007 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/MFV2-ARIN OrgTechHandle: HADDA65-ARIN OrgTechName: Haddad, Joe OrgTechPhone: +1-415-398-5463 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/HADDA65-ARIN

`216.150.1.1`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey