IPMediumSignal 56/100

`64.62.156.202`

Location

United States

Minneapolis, California

ASN

AS6939

The Shadow Server Foundation

First Seen

Apr 24, 2024

Last Seen

Jun 11, 2026

Apr 24

First Seen

777d ago

Jun 11

Last Seen

today

Reports

source reports

56%

Confidence

medium

Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

56%

Signal Score

56 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

111 techniques

Network Information

Country

United States

RegionMinneapolis, California

ASNAS6939

OrganizationThe Shadow Server Foundation

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

30 reports56% confidence

Source reports

56%

Confidence score

Category tags

a5 httpsa6 httpsabuseaccess attemptaccess controlaccount compromiseaccount securityactive reconnaissanceactive scanactive scanningadbadb exploitadb exploit attemptsadb exploitationadb-attacksadbhoney activityadbhoney attacksadbhoney honeypotadbhoney interactionsadministrative accessagentalertandroid device attacksandroid devicesapi servicesapplication layer protocolasaasiaattackattack preparatoryattack sourceattack surface discoveryattack vectorsattacker ipattacker ip addressesattacker-ipattempted initial accessaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication_bypassautomated attackautomated attack activityautomated attacksautomated threatautomated threatsautomated-attackautomated_attackbad ip'sbad reputationbad web botbankingblacklist candidateblacklist ipblock listblocklist_allblog spambotnetbotnet activitybotnet-activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 communicationc2 servercanadachina mobilecins activecisco asacisco attackcisco attackscisco brute forcecisco devicecisco device attackcisco device attackscisco device targetedcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescisco protocol attackscisco targetingcisco-device-targetingcloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecloud_infrastructurecode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon vulnerabilitiescommunication protocolcommunication securitycompany limitedcompromise attemptcompromise attemptscompromised credential attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host detectioncompromised hostscompromised system attemptcompromised system detectioncompromised systemsconnect scanconnected devicesconpot activityconpot attackconpot attacksconpot honeypotconpot ics attackconpot interactionscontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectioncowrie emulationcowrie honeypotcowrie honeypot datacowrie honeypot detectioncowrie interactioncowrie interactionscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-accesscredential-harvestingcredential-stuffingcredential_attackcredit card servicescurlcvecve exploitationdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase access attemptdatabase attackdatabase attack attemptsdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitation attemptsdatabase intrusion attemptdatabase intrusion attemptsdatabase login attemptdatabase probingdatabase scandatabase securitydatabase serversdatabase-serverdcerpcddosddos attackddos attack indicatorsddos attacksddos attemptddos preparationddos probeddospotdecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaeadionaea activitydionaea alertdionaea attackdionaea attacksdionaea capturedionaea detectiondionaea eventsdionaea exploitsdionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnp3dnsdns attackdockerdropperdropper activitydshield blockelasticpot activityelasticpot exploitationelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenumerationenv-huntinget dropethernet/ipeu cyber policieseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploit-attemptexploit-attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilitiesexploitation of vulnerabilityexploited hostexport-to-otxexternal access attemptsexternal attackexternal reconnaissanceexternal threatexternal-scanningexternal-threatexternal_threatextortionfail2ban triggeredfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfranceftpftp attackftp attacksftp brute forceftp brute-forceftp scanftp_scangalahgermanygluttongopothackinghellpotheralding activityheralding probingherolding attackshk abusehandlerhoneynet connecthoneypot 24h activityhoneypot datahoneytrap activityhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probehttp probinghttp scannerhttp scanninghttp/shttp_scanhttpshttps scanningicmpics securityics-scada-attacksics/scadaics/scada attackics/scada systemsidentity & access exploitationimapimap attackinbound scanindicatorindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access attemptsinitial access vectorinitial-accessinitial-access-attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksinternet background noiseinternet facinginternet facing assetinternet of thingsinternet wide scaninternet-facinginternet-facing serviceinternet-facing systemsinternet-wide scaninternet_scaninternet_wide_scanintrusion detectioniocioc.ipiocsiot analyticsiot applicationsiot botnetiot device attacksiot device targetingiot exploit attemptsiot exploitationiot platformsiot securityiot targetediot/ics attackip-addressip-address-iocip-addressesippipphoney activityipphoney honeypotipv4ipv4 addressipv4 addressesipv4 attacksipv4 indicatoripv4 indicatorsipv4 iocipv4 scanningipv4-addressesipv4-iocipv4_activityipv4_addressipv4_indicatorsipv4_scanningjapankibanakill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp attacklamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetedlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp vulnerability scanninglateral movementlateral movement attemptlateral movement techniqueslcialinuxlinux malwarelinux malware probelinux serverslinux system targetinglinux systemslinux-server-attacklinux-server-targetinglinux-systemlinux_server_attackslisted sourcelog analysislog4potloginlogin attacklogin attemptlogin attemptslogin failurelondonlow-riskmail protocol abusemail service attackmailoney activitymailoney attackmailoney detectionmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious adb activitymalicious code detectionmalicious email activitymalicious email detectionmalicious file transfermalicious file uploadsmalicious ip activitymalicious ip addressesmalicious ipsmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptsmalicious payload detectionmalicious scanmalicious script executionmalicious sftp activitymalicious softwaremalicious software detectionmalicious ssh activitymalicious trafficmalicious-login-attemptsmalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptsmalware infectionmalware propagationmalware scanningmalware_activitymedpotmirai botnetmispmobilemobile securitymobile threatmodbusmonthlymssqlmssql brute forcemssql scanningmysql brute forcenetworknetwork activitynetwork attacksnetwork device attacknetwork discoverynetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-discoverynetwork-reconnaissancenetwork_discoverynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetwork_service_exploitationnetworkscanningnginxnorth americanull scanoceaniaopen port detectionopen proxyopen_port_discoveryopencanaryoperating systemoperating system securityos command injectionosintosint enrichmentp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword_attackpayment processingperimeter securitypgp signphishingphishing attackphishing trapphp exploitphp injection attemptspingping of deathpolandpoor reputationportport-scanport-scanningportscanpossible botnet activitypossible exploit attemptpossible malware activitypossible malware deploymentpossible malware distributionpossible malware dropperpossible malware heraldingpossible malware infectionpossible malware probingpossible malware propagationpossible mirai variantpotential botnetpotential botnet activitypotential compromisepotential credential stuffingpotential credential theftpotential data exfiltrationpotential exploitpotential exploit activitypotential exploit attemptspotential intrusionpotential malicious activitypotential malware activitypotential malware deliverypotential malware hostingpotential malware infectionpotential malware uploadpotential reconnaissancepotential vulnerability exploitationpotential vulnerability scanprivilege escalationprocess injectionprotoprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpublic cloudpublicly accessible infrastructureransomwareransomware activityraspberry-pirdp attacksrdp scanningrdp_scanreconnaissancereconnaissance activityreconnaissance-activitiesredisredis brute forceredis exploitationredis exploitation attemptredis honeypotredis honeypot attacksredishoneypot activityregional securityremote accessremote access abuseremote access attackremote access attemptremote access attemptsremote access serviceremote loginremote serviceremote service exploitationremote service interactionremote servicesremote_accessresearchresearchedresource developmentresource hijackingscada/ics attacksscanscannerscanner activityscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer intrusion attemptssentrypeer p2p attacksentrypeer sip attacksserver exploitationserver securityservice discoveryservice enumerationservice scanservice scanningservice_enumerationsftp abusesftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptssftp probingsftp scanningsftp-attacksftp-attackssftp-brute-forceshadowsever_org-benignshellshell accessshell access attemptshell access attemptssip attackssip brute forcesip probingsip scansip scanningsip vulnerability scansip-attackssip-scanningsippsmart devicessmb attackssmb brute forcesmb scanningsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsmtp traffic analysissnaresocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh-attacksssh-brutessh-brute-forcessh_scansuricata alertsuricata alertssynsyn scansystem disruptiont-pott-pot frameworkt1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1053.005t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1202t1203t1204.002t1210t1213t1486t1490t1496t1497t1497.001t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1547t1550t1550.002t1550.003t1555t1555.003t1559t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.004t1590.006t1592t1592.002t1593t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner attackstanner eventstanner interactionstanner web attacktargeting databasetcp protocoltcp scantcp scanningtcp-scanningtcp_scantelecommunicationstelnettelnet attackstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor: unknownthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_actor_unknownthreat_intelligencetimeouttor nodetpottpotcettpsudp port scanudp scanudp-scanningudp_scanunattributed threat actorunauthorised access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesunknown threat actorunsolicited emailusus abuseus ip addressus noneus source ipverified-benignvnc protocolvoidtrapvoipvoip attackvoip attacksvoip systemsvulnerability scanvulnerability-scanvultrvultr cloud infrastructurevultr infrastructurevultr ip addressvultr tokyovultr-platformvultr_platform_activityweak credentialswealth managementweb apisweb app attackweb applicationweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb serverweb server attackweb server attacksweb serversweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-application-attacksweb-attackweb-serverweb_attackwgetwindows malwarewindows system targetingwordpotxmas scan

Activity Timeline

1 total obs

Jun 11Jun 11

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

56%

Confidence

Reports

First seenApr 24, 2024

Last seenJun 11, 2026

GeolocationUS

CountryUnited States

LocationMinneapolis, California

ASNAS6939

OrgThe Shadow Server Foundation

Coords37.6951, -121.9000

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4295868A (NET-64-62-156-0-1) 64.62.156.0 - 64.62.156.255
references: https://github.com/telekom-security/tpotce

`64.62.156.202`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy