IOC Radar
IPMediumSignal 83/100

62.60.130.237

Location
United KingdomUnited Kingdom
Tehran, England
ASN
AS215930
UAB Host Baltic
First Seen
Sep 21, 2020
Last Seen
Jun 4, 2026
Sep 21
First Seen
2090d ago
Jun 4
Last Seen
8d ago
18
Reports
source reports
83%
Confidence
medium
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

25 techniques

Network Information

CountryGBUnited Kingdom
RegionTehran, England
ASNAS215930
OrganizationUAB Host Baltic

Feed Intelligence Summary

18 reports83% confidence
18
Source reports
83%
Confidence score
Category tags
abusech-urlhaus-c2cactive scanactive scanningadbhoney honeypotapkaptarmasiaattackbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforcec2cisco devicecommand & controlcommunication protocolcowriecowrie honeypotcredential accesscredential harvestingcredential stuffingcryptocurrencycryptojackerdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdevice managementdigital oceandionaeadionaea honeypotdropped-by-amadeyelasticpot honeypotelasticsearch monitoringelfenterprise networkingeuropeexecutable fileexploitexploitation activityexploited hostfattftpftp brute forcegafgytgbhackinghoneytrap honeypotidentity & access exploitationimapimap attackindicatoriot securityiot targetedipphoney honeypotiriranlamplithuanialtm68kmacsyncmailoney honeypotmalicious activitymalicious email detectionmalwaremalware behaviourmalware capturemamontmipsmiraimobile threatmozinetworknetwork infrastructurenetwork scanningnetwork securitynorth americap0fpassword attacksphishingphishing attackphishing trapportscanpowerpcreconnaissanceredis honeypotresearchedresource hijackingscams & fraudscannerscannersscriptscripting attackssensor-taggedsentrypeer botnetservice scansftp activitysftp attackshsmtpsmtp attackersmtp traffic analysissocial engineeringspamsshssh attackssh monitoringsuperht1021t1040t1041t1059t1059.007t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1496t1499.001t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationsthreat actorthreat detectionthreat intelligencetor nodetpotua-wgetunited kingdomunited statesvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb attackweb exploitationweb spamx86

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
18
Reports
First seenSep 21, 2020
Last seenJun 4, 2026
GeolocationGB
CountryUnited Kingdom
LocationTehran, England
ASNAS215930
OrgUAB Host Baltic
Coords51.5072, -0.1276

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=honeytrap, p0f; threshold?1; private IPs excluded. geo=IR; ports=6080 Location=Sydney, Australia.
raw
inetnum: 62.60.130.0 - 62.60.130.255 org: ORG-COD1-RIPE netname: spaceshipnetworks country: GB admin-c: ACRO58704-RIPE tech-c: ACRO58704-RIPE abuse-c: ACRO58704-RIPE status: ASSIGNED PA mnt-by: mm500-mnt created: 2025-07-12T09:39:11Z last-modified: 2025-08-13T07:41:27Z source: RIPE organisation: ORG-COD1-RIPE org-name: CIPHER OPERATIONS DOO BEOGRAD - NOVI BEOGRAD country: RS org-type: OTHER address: BELGRADE (NOVI BELGRADE) , Jurija Gagarina 231 , local 329 , BELGRADE (NOVI BELGRADE), NEW BELGRADE, Serbia phone: +381656166978 reg-nr: 21864242 admin-c: ACRO58704-RIPE tech-c: ACRO58704-RIPE abuse-c: ACRO58704-RIPE mnt-ref: wcd mnt-ref: mm500-mnt mnt-by: wcd mnt-by: mm500-mnt created: 2023-11-04T08:13:28Z last-modified: 2026-04-29T07:11:45Z source: RIPE # Filtered role: Abuse contact role object abuse-mailbox: [email protected] address: Khreshhatik St., 14D, Kyiv, UA nic-hdl: ACRO58704-RIPE mnt-by: researchnoc-mnt created: 2024-12-21T13:09:32Z last-modified: 2026-01-20T19:34:50Z source: RIPE # Filtered route: 62.60.130.0/24 org: ORG-COD1-RIPE origin: AS215930 mnt-by: mm500-mnt created: 2025-08-13T07:42:50Z last-modified: 2025-08-13T07:42:50Z source: RIPE organisation: ORG-COD1-RIPE org-name: CIPHER OPERATIONS DOO BEOGRAD - NOVI BEOGRAD country: RS org-type: OTHER address: BELGRADE (NOVI BELGRADE) , Jurija Gagarina 231 , local 329 , BELGRADE (NOVI BELGRADE), NEW BELGRADE, Serbia phone: +381656166978 reg-nr: 21864242 admin-c: ACRO58704-RIPE tech-c: ACRO58704-RIPE abuse-c: ACRO58704-RIPE mnt-ref: wcd mnt-ref: mm500-mnt mnt-by: wcd mnt-by: mm500-mnt created: 2023-11-04T08:13:28Z last-modified: 2026-04-29T07:11:45Z source: RIPE # Filtered

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 8 days ago
Appeared in 18 threat reports