IPMediumSignal 79/100

`64.62.156.108`

Location

United States

Minneapolis, California

ASN

AS6939

The Shadow Server Foundation

First Seen

Apr 6, 2024

Last Seen

Jun 8, 2026

Apr 6

First Seen

796d ago

Jun 8

Last Seen

4d ago

Reports

source reports

79%

Confidence

medium

9/91

VirusTotal

detections

Found in 40 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

79%

Signal Score

79 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

119 techniques

Network Information

Country

United States

RegionMinneapolis, California

ASNAS6939

OrganizationThe Shadow Server Foundation

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

40 reports79% confidence

Source reports

79%

Confidence score

Category tags

abuseaccessaccess attemptaccess attemptsaccess controlaccount compromiseaccount discoveryaccount profilingaccount takeoverackack scanactive reconnaissanceactive scanactive scanningadbadb attacksadb brute forceadb exploit attemptsadb exploitationadb honeypot activityadb protocoladbhoney activityadbhoney attackadbhoney attacksadbhoney honeypotadbhoney interactionsadvertising campaignadvertising spamandroid debug bridgeandroid device attacksandroid devicesandroid_attackanomalous network connectionsapacheapache attackerapi servicesapkapplication layer protocolaptasiaatif feedattackattack origin: malaysiaattack sourceattack vectorsattacker ipattacker ipsattacker-ipattempted initial accessaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication-attemptsauthentication_bypassauthentication_failuresauto-generated securityautomated attackautomated attack activityautomated attack attemptsautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated threatsautomated-attackbackdoor installationbad ip'sbad reputationbad web botbankingbanlist feedbeningbening scannerbinary defenseblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnet-activitybotnet_activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute force ftpbrute force ipsbrute force sshbrute-forcebrute-force attackbrute_forcebruteforcebulk messagingc2c2 communicationc2 servercanadacertchina mobilecisco asa targetedcisco attackcisco attackscisco brute forcecisco devicecisco device attackcisco device attackscisco device scanningcisco device targetedcisco device targetingcisco exploitcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco ios attackscisco network devicescisco targetedcisco targetingcisco vulnerability exploitationcisco-device-targetingcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securityclosecloud computingcloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud migrationcloud securitycloud servicescloud storagecloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommand_and_controlcommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromise attemptscompromised credentialscompromised credentials attemptcompromised hostcompromised host detectioncompromised host indicatorscompromised host targetingcompromised hostscompromised systemcompromised systemsconfiguration manipulationconfiguration modificationconnectconnect scanconnected devicesconpotconpot activityconpot attackconpot attacksconpot exploitationconpot exploitation attemptsconpot honeypotconpot interactioncontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectioncowrie emulationcowrie honeypotcowrie honeypot datacowrie interactioncowrie interactionscowrie loginscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh interactioncredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential theftcredential-accesscredential-bruteforcingcredential-harvestingcredential-stuffingcredential_accesscredential_stuffingcredit card servicescron injectioncurlcvecve exploitationdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvesting attemptsdata scrapingdata store exposuredata theftdata/local/tmpdatabase access attemptdatabase attackdatabase attacksdatabase brute forcedatabase exploit attemptsdatabase exploitation attemptsdatabase intrusion attemptdatabase login attemptdatabase probedatabase probingdatabase scandatabase scanningdatabase securitydatabase serversdatabase-serverdatabase_attackdcerpcddosddos attackddos attack indicatorsddos attemptddos preparationddos probeddos probingddos reflectionddospotdecoy systemdefense evasiondelhidenial of servicedenial-of-servicedenial-of-service attemptdevice managementdevice takeoverdhcpdictionary attackdigital oceandigitalocean infrastructuredigitalocean ipdigitalocean platformdionaeadionaea activitydionaea attackdionaea attack signaturesdionaea attacksdionaea capturedionaea detectiondionaea exploit attemptsdionaea exploitsdionaea honeypotdionaea interactiondionaea interactionsdionaea logsdionaea malwaredionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversaldirectory traversal attemptdiscovery phasedistributed attacksdnp3dnsdns attackdockerdropperdropper activityelasticpot activityelasticpot dataelasticpot exploitationelasticpot honeypotelasticsearchelasticsearch monitoringemailemail-protocolsencryptionenterprise networkingenterprise securityenumerationenv-huntingethernet/ipeu cyber policieseuropeexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kitexploit kit activityexploit probingexploit public-facing applicationexploit scanexploit targetingexploit-attemptexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilitiesexploitation of vulnerabilityexploitation_attemptexploited hostexport-to-otxexposed servicesexternal access attemptsexternal remote servicesexternal threatexternal-scanningexternal_threatextortionfail2ban alertfail2ban alertsfailed authenticationfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfirewall detectionfrancefraudfraud voipftpftp attackftp attacksftp attemptftp brute forceftp brute-forceftp scanftp scanningftp_attackgalahgeckogermanygithubgluttongopotgroupshackinghellohellpotheralding activityheralding attackheralding behaviorheralding probingheralding protocol abusehigh-riskhk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap attackhoneytrap attackshoneytrap datahoneytrap detectionhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttpshttps scanninghurricane ushydraicmpicsics attacksics securityics/scadaics/scada attackics/scada attacksics/scada protocolsics/scada systemsidentity & access exploitationillegal service advertisingimapimap attackinbound scanindiaindia phone numbersindia spamindicatorindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptsinitial access preparationinitial_accessinjection activityinjection attacksintel macinternet background noiseinternet facinginternet facing assetinternet facing assetsinternet facing systemsinternet of thingsinternet scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-wide monitoringinternet-wide scaninternet_scannersintrusion detectioniociocsiot analyticsiot applicationsiot attacksiot device attacksiot device targetingiot exploitationiot exploitation attemptsiot platformsiot securityiot targetediot/ics attackiot_attackip-address-iocip-addressesipp honeyipphoney activityipphoney dataipphoney honeypotipv4ipv4 addressipv4 addressesipv4 indicatoripv4 port scanningipv4 scanningipv4 threatsipv4 trafficipv4_activityipv4_addressjapankfsensor honeypotkhtmlkibanakill-chain exploitationkill-chain reconnaissanceknown malicious iplajpat nagarlamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server attackslamp server targetedlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp vulnerability scanninglateral movementlateral movement attemptlateral movement techniqueslcialdaplinuxlinux malware probelinux serverslinux system attackslinux system exploitationlinux system targetinglinux systemslinux x8664linux-server-attacklinux-server-attackslinux-server-targetinglinux-systemlinux_server_attackslog4potloginlogin attacklogin attemptlogin attemptslogin brute forcelondonlow-riskmail protocol abusemailoney activitymailoney attackmailoney capturemailoney detectionmailoney eventsmailoney honeypotmailoney indicatorsmailoney interactionsmailoney relatedmalaysiamalicious activitymalicious activity detectedmalicious campaignmalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious emailsmalicious file transfermalicious file uploadsmalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptsmalicious payload deliverymalicious payload detectionmalicious payload distributionmalicious script executionmalicious sftp activitymalicious softwaremalicious software detectionmalicious sshmalicious ssh activitymalicious ssh loginmalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalicious_trafficmalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmalware deploymentmalware deployment attemptsmalware detectionmalware distributionmalware downloadmalware download attemptmalware download attemptsmalware droppermalware hostingmalware installationmalware propagationmalware propagation attemptsmalware scanningmalware_activitymanualmass scanningmasscanmedpotminermispmobilemobile securitymobile threatmodbusmodbus attacksmodule loadingmonthlymssqlmssql brute forcemulti-cloud managementmultiple port scanmysql brute forcenetworknetwork activitynetwork attacksnetwork device attacksnetwork device compromisenetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-reconnaissancenetwork-servicenetwork-service-attacknetwork_devicenetwork_device_attacknetwork_discoverynetwork_enumerationnetwork_scannetwork_service_exploitationnginxnmapnorth americantpnull scanoceaniaopenctiopportunistic attackopportunistic-attackoracleos command injectionos fingerprintingos xosintp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_guessingpayment processingperimeter securitypgp signphishingphishing attackphishing trapphone number spamphone spamphp exploitphp exploitation attemptsping of deathpolandpop3 attackport-scanningportscanpossible botnet activitypossible botnet communicationpossible credential stuffingpossible exploit attemptpossible exploit attemptspossible exploit probingpossible malware activitypossible malware distributionpossible malware dropperpossible malware hostingpossible malware infectionpossible malware propagationpossible mirai variantpotential botnetpotential botnet activitypotential compromisepotential credential theftpotential data exfiltrationpotential exploit activitypotential exploit attemptspotential intrusionpotential lateral movementpotential malicious activitypotential malware deliverypotential malware distributionpotential malware downloadpotential malware hostingpotential malware infectionpotential malware uploadpotential reconnaissancepotential vulnerability probingprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accesspublicly accessible infrastructurepublicly accessible servicespythonransomwareransomware activityrcerdp attacksrdp scanningrdp_attackreconnaissancereconnaissance activityreconnaissance-activitiesreconnaissance_activityredisredis attacksredis brute forceredis exploitationredis exploitation attemptredis honeypotredis honeypot attackredishoneypot activityregional securityremote accessremote access attackremote access attemptremote access attemptsremote access serviceremote access toolsremote loginremote serviceremote service exploitationremote servicesremote services exploitationremote-access-serviceremote_accessremote_servicereplication attackresearchresearchedresource developmentresource hijackings7comm attackssansscada exploitation attemptsscada/ics attacksscamscams & fraudscanscannerscanner activityscanner detectionscanner ipscannersscanning activityscanning ipsscriptscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer botnetsentrypeer connectionssentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer intrusion attemptssentrypeer sip attacksserver exploitationserver securityservice enumerationservice exploitationservice scanservice scanningservice version detectionsex services advertisementsex worksftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp credential attacksftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptssftp probingsftp protocolsftp scanningsftp-attacksftp-brute-forceshadowsever_org-benignshellshell accessshell access attemptshell access attemptssingaporesipsip attackssip brute forcesip probingsip protocolsip scansip scanningsip vulnerability scansip-scanningsippslaveofslugsmart devicessmb attackssmb brute forcesmb_attacksmssms spamsms spam campaignsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsocks5socradarsocradar honeypotsoftware exploitationspamspam advertisementspam campaignsql injectionsql injection attemptsql injection attemptssql_attacksshssh attackssh attacksssh brute-forcessh bruteforcessh key injectionssh monitoringssh protocolssh scanssh scanningssh-brutessh-brute-forcessh_attackstealth scansurface websuricata alertsuricata alertssweep scansynsyn scansystem disruptionsystem reconnaissancet-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1199t1202t1203t1204t1204.002t1210t1486t1490t1496t1497t1497.001t1499.001t1499.002t1499.003t1505t1505.002t1505.003t1505.004t1550t1550.002t1550.003t1552.001t1555t1555.003t1556t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1567.001t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.004t1590.005t1590.006t1591t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1598t1598.003ta0043 - reconnaissancetannertanner activitytanner attacktanner attack patternstanner attackstanner eventstanner exploit detectiontanner http honeypottanner interactionstargeting databasetcptcp port scanningtcp protocoltcp scantcp scanningtcp-scanningtcp/5555tcp/iptelecommunicationstelephone harassmenttelnettelnet attackstelnet attemptstelnet scanningtelnet threattelnet-brute-forcetelnet_attackthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetimeouttop10.txttopips.txttor nodetpottpotcetrinityttpsubuntuudp port scanudp port scanningudp scanudp-scanningunattributed activityunattributed threat actorunauthenticated access attemptsunauthorised access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesunited states of americaunknown threat actorunsolicited communicationunsolicited contactunusual network trafficusus abuseus nonevalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvoip systemsvoip_attackvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructurevultr_platform_activitywazuhweak credentialswealth managementweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb crawling detectionweb developmentweb exploit attemptweb exploit attemptsweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb serverweb server attacksweb server probingweb serversweb service scanningweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-application-attacksweb-serverweb_applicationweb_application_attackweb_attackwgetwindows ntwindows system targetingwordpotxmasxmas scan

Activity Timeline

1 total obs

Jun 8Jun 8

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

79%

Confidence

Reports

First seenApr 6, 2024

Last seenJun 8, 2026

GeolocationUS

CountryUnited States

LocationMinneapolis, California

ASNAS6939

OrgThe Shadow Server Foundation

Coords37.6951, -121.9000

ProxyVPN

VirusTotal

9/ 91vendors flagged

10% detection rateJun 8, 2026

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4295868A (NET-64-62-156-0-1) 64.62.156.0 - 64.62.156.255
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`64.62.156.108`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy