IOC Radar
IPMediumSignal 60/100

64.62.156.30

Location
United StatesUnited States
Minneapolis, California
ASN
AS6939
The Shadow Server Foundation
First Seen
Apr 5, 2024
Last Seen
Jun 6, 2026
Apr 5
First Seen
809d ago
Jun 6
Last Seen
18d ago
33
Reports
source reports
60%
Confidence
medium
Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

110 techniques

Network Information

CountryUSUnited States
RegionMinneapolis, California
ASNAS6939
OrganizationThe Shadow Server Foundation

IP Category

Proxy
Proxy server

Feed Intelligence Summary

33 reports60% confidence
33
Source reports
60%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount securityackactive scanactive scanningactor listadb honeypot interactionadbhoney activityadbhoney honeypotadministrative accessapacheapache attackerapplication layer protocolapplication reconnaissanceasiaasset discoveryatif feedattackattack attemptattack source ipattack surface discoveryattacker ipattacker-ipattacker_ipaustraliaauthentication attemptsauthentication failureauthentication failuresauto-generated securityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbankingbanlist feedbeningbening scannerbinary defenseblacklist ipblog spambotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec2c2 communicationcanadacertchinaciscocisco asacisco attackcisco devicecisco device targetingcisco exploit attemptscisco exploitation attemptcisco exploitation attemptscisco ios attackscitrix attack attemptcitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescms detectioncode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostcompromised hostsconnectconpotconpot activityconpot attackconpot attacksconpot honeypotconpot ics attackcontainer securitycowriecowrie activitycowrie attackcowrie attackscowrie honeypotcowrie interactionscowrie login attemptscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcrawlercredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute forcingcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_attackcredit card servicesctacurlcvedata encryptiondata exfiltrationdata store exposuredatabase activitydatabase attackdatabase attacksdatabase exploitationdatabase login attemptdatabase probingdatabase securitydcerpcdcom exploitationddosddos attackddos attacksddos preparationddospotdecoy systemdenial of servicedevice managementdictionary_attackdigital oceandigitalocean ipsdionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory bruteforcingdirectory traversaldistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit kitsexploit probingexploit targetingexploit: web applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal ipexternal scanningexternal threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp activityftp attacksftp attemptftp brute forcegalahgermanygithubgluttongopotgroupshackinghellpotheralding activityheralding attackhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttphttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttpshttps scanningics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinfrastructure acquisitionreconnaissanceinfrastructure targetinginitial accessinitial_access_attemptinjection activityinjection attacksinternet exposedinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-wide scanintrusion detectioniociot botnetiot securityiot targetediot/ics attackipp honeyipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressesipv4 scanningjapankibanalamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploitation attemptslamp server attacklamp stack attacklamp stack exploitationlamp stack targetinglamp vulnerability scanlateral movementlcialfilinux serverslinux systemslinux-server-attacklog4potlogin attacklogin attemptlogin attemptslogin_attemptmail service probingmailoney activitymailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious file transfermalicious network activitymalicious payloadmalicious payload attemptmalicious scanmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware activitymalware attemptmalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware downloadmalware download attemptmalware landingmalware propagationmalware scanningmanualmedpotmelbourne regionmicrosoft technologiesmirai botnetmisp threatmobile threatmonthlymssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork_activitynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scanningnorth americanull scanoceaniaopen proxyopen threatopenctioperating systemoperating system securityopportunistic attackopportunistic attackerotx pulsenametiowaspp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword_attackpayment processingperimeter securityphishingphishing attackphishing trapping of deathpinyinpla unitpolandport-scanningportscanpossible lateral movementpossible malware distributionpossible mirai variantpotential credential compromisepotential credential stuffingpotential malicious activitypotential malware activitypotential malware distributionpotential malware infectionpotential threat activitypotential vulnerability probingpotential vulnerability scanpotential_compromiseprivilege escalationprobingprocess injectionprotocol exploitationprotocol-abuseproxyproxy accessproxy activityproxy protocolpythonransomwareransomware activityreconnaissancereconnaissance activityredis exploitationredis exploitation attemptsredis honeypotredishoneypot activityremote accessremote access attemptsremote servicesresearchedresource hijackingrfirpcsansscams & fraudscanscannerscanner activityscanner ipscannersscanningscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attacksentrypeer targetingserver exploitationserver securityservice discoveryservice enumerationservice scanservice scanningservice_enumerationsftpsftp access attemptsftp activitysftp attacksftp attackssftp attemptsftp scanningsftp-attackshadowsever_org-benignshell accessshell access attemptsingaporesipsip attackssip brute forcesip scansip scanningsippslugsmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsocradar honeypotsoftware exploitationspamspam campaignssql injectionsshssh attackssh attacksssh monitoringssh-brute-forcessrfsurface websuricata alertsuricata alertssynsyn scansystem accesssystem disruptiont-pott1003t1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1043t1046t1047t1053t1053.005t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1090t1090.001t1090.002t1090.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1199t1202t1203t1204.002t1210t1486t1490t1495.001t1496t1497t1499.001t1499.002t1499.003t1505.002t1547t1550t1550.002t1550.003t1552t1555t1556t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1590t1590.001t1590.003t1590.006t1591t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1598tannertanner activitytanner attacktanner eventstanner exploitationtanner http honeypottanner interactionstanner web attacktargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventionti advisorytokyotor nodetpottpotcetsocudp port scanudp scanunattributed activityunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized-access-attemptunit coverunited kingdomunited statesunited states of americaunknown threat actorusverified-benignvnc protocolvoipvoip attackvulnerability scanvultrvultr infrastructure targetedwealth managementweb app attackweb application attackweb application attacksweb application fingerprintingweb application scanweb application scanningweb attackweb attacksweb crawlerweb exploitweb exploitationweb login attemptweb scannerweb service probingweb shellweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackwebscanwebscannerwgetwordpotxmas scanxss

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
33
Reports
First seenApr 5, 2024
Last seenJun 6, 2026
GeolocationUS
CountryUnited States
LocationMinneapolis, California
ASNAS6939
OrgThe Shadow Server Foundation
Coords37.6625, -121.8749
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
raw
Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4295868A (NET-64-62-156-0-1) 64.62.156.0 - 64.62.156.255
references
https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 18 days ago
Appeared in 33 threat reports