IPMediumSignal 33/100
62.60.130.228
Location
United KingdomTehran, CA
ASN
AS215930
UAB Host Baltic
First Seen
Sep 30, 2025
Last Seen
Jun 4, 2026
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
33%
Signal Score
33 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited Kingdom
United KingdomRegionTehran, CA
ASNAS215930
OrganizationUAB Host Baltic
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
17 reports33% confidence
17
Source reports
33%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningactive-attackactive-threatadbadb attacksadb protocoladbhoney exploitsadbhoney honeypotand exploitation attemptsandroid device attacksapacheapache attackeraptasiaattackattack source ipattacker-ipautomated attackautomated-attackbad reputationbad web botblocklist_allblog spambothammerbotnetbotnet activitybotnet_infectionbrute forcebrute force attackbrute force attacksbrute-forcebrute-force-attackbrute_forcebruteforcec2_communicationchinaciscocisco devicecisco device attackscisco exploitation attemptcisco exploitation attemptscommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialsconnected devicesconpotconpot honeypotcowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscyberattackdaily-feeddaily-threat-feeddata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase securityddosddos attackdecoy systemdenial of servicedenial-of-servicedevice managementdionaeadionaea activitydionaea attacksdionaea honeypotdionaea malware collectiondirectory traversaldistributed attackselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeexploit attemptexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostfranceftpftp attacksftp brute forceftp brute-forceftp_brute_forcegeneric exploithackinghoneytrap honeypothttp scannerhttp scanninghttp_brute_forceicsics attacksics securityics/scada attacksics/scada systemsidentity & access exploitationindustrial control systemsindustrial iotinitial access attemptinitial_accessinjection activityinjection attacksinternet of thingsiot analyticsiot applicationsiot attacksiot platformsiot securityiot systemsiot targetediot/ics attackip-addressipphoney honeypotiriranlamplamp exploitation attemptslamp server targetinglamp stack targetinglateral movementlateral movement attemptlcialithuanialtmailoney honeypotmalicious activitymalicious ip activitymalicious network activitymalicious trafficmalicious-activitymalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware download attemptsmalware_distributionmobile threatmodbusmodbus attacksmodbus protocolmulti-protocol network scanningnetworknetwork device attacksnetwork device probingnetwork devicesnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork-devicesnetwork_devicenetwork_reconnaissancenorth americaopen proxyopenctiopportunistic attackot attackspassword attackspassword-guessingphishingphishing attackphishing trapping of deathport-scanningpossible credential reusepossible malware infectionpotential malicious activityprotocol exploitationproxyrealtime-wafreconnaissanceredis honeypotredishoneypotredishoneypot activityremote accessremote servicesresearchedresource hijackings7comms7comm attackss7comm protocolscannerscanning activityscripting attackssecurity operationssecurity policysentrypeer botnetsentrypeer sip attacksservice scansftpsftp access attemptssftp attacksftp attackssftp attemptsftp protocolsiemsingaporesipsip attackssip brute forcesip protocolsip scansip scanningsip vulnerability scansmart devicessmb attackssmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringspamsql injectionsshssh attackssh monitoringssh protocolssh_brute_forcet-pott1021t1021.001t1021.002t1040t1041t1046t1059t1059.003t1059.004t1059.007t1068t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1566t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetelecommunicationstelnet threattelnet_brute_forcethreat actorthreat detectionthreat intelligencethreat preventiontor nodeunattributed threat actorunauthorized accessunited kingdomunited statesunknown threat actorvoipvoip attackvoip attacksvpnvpn ipvulnerability scanvulnerability-scanningweb app attackweb application attackweb application scanweb attackweb attacksweb exploitationweb server attacksweb serversweb service scanningweb spamweb trafficweb-attackweb-serversweb_application
Activity Timeline
Jun 4Jun 4
Threat Activity Heatmap
· Peak: 2026-06-04LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
33
SIGNAL
Signal Score
33%
Confidence
17
Reports
First seenSep 30, 2025
Last seenJun 4, 2026
GeolocationGB
CountryUnited Kingdom
LocationTehran, CA
ASNAS215930
OrgUAB Host Baltic
Coords34.0544, -118.2440
ProxyVPN
VirusTotal
Not checked
WHOIS
- raw
- NetRange: 62.0.0.0 - 62.255.255.255 CIDR: 62.0.0.0/8 NetName: RIPE-C3 NetHandle: NET-62-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 1997-04-24 Updated: 2009-03-25 Comment: These addresses have been further assigned to users in Comment: the RIPE NCC region. Contact information can be found in Comment: the RIPE database at http://www.ripe.net/whois Ref: https://rdap.arin.net/registry/ip/62.0.0.0 ResourceLink: https://apps.db.ripe.net/search/query.html ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois://whois.ripe.net ResourceLink: https://apps.db.ripe.net/search/query.html OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN inetnum: 62.60.128.0 - 62.60.135.255 netname: ABCDE-NET org: ORG-IROf1-RIPE country: HK descr: WUXI Tianting Network Technology Co Ltd admin-c: ISAT6-RIPE tech-c: ISAT6-RIPE abuse-c: ISAT6-RIPE status: SUB-ALLOCATED PA mnt-by: mnt-us-sammu-1 mnt-domains: mnt-us-sammu-1 mnt-routes: mnt-us-sammu-1 created: 2020-03-30T11:48:06Z last-modified: 2020-04-07T10:47:02Z source: RIPE organisation: ORG-IROf1-RIPE org-name: Iranian Research Organization for Science & Technology org-type: LIR address: ahmadabad mostofi Ehsani rad st. address: 3353136846 address: Tehran address: IRAN, ISLAMIC REPUBLIC OF phone: +982188838341 fax-no: +982188838341 admin-c: ZC202-RIPE abuse-c: GRM19-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-ref: IROST-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: IROST-MNT created: 2004-04-17T11:28:16Z last-modified: 2019-12-17T11:08:50Z source: RIPE # Filtered role: IPv4 Address Abuse Team address: Hong Kong abuse-mailbox: [email protected] nic-hdl: ISAT6-RIPE mnt-by: mnt-us-sammu-1 mnt-by: PawelD-MNT created: 2020-04-06T12:59:36Z last-modified: 2020-04-11T10:52:53Z source: RIPE # Filtered route: 62.60.128.0/21 origin: AS133201 mnt-by: mnt-cn-allcloud-1 created: 2019-04-30T10:19:34Z last-modified: 2019-04-30T10:19:34Z source: RIPE
- references
- https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 8 months ago · Last seen 6 days ago
Appeared in 17 threat reports