IOC Radar
IPMediumSignal 53/100

65.49.1.234

Location
United StatesUnited States
Pleasanton, California
ASN
AS6939
The Shadow Server Foundation
First Seen
Sep 20, 2023
Last Seen
Jun 18, 2026
Sep 20
First Seen
1008d ago
Jun 18
Last Seen
7d ago
24
Reports
source reports
53%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

75 techniques

Network Information

CountryUSUnited States
RegionPleasanton, California
ASNAS6939
OrganizationThe Shadow Server Foundation

IP Category

Proxy
Proxy server

Feed Intelligence Summary

24 reports53% confidence
24
Source reports
53%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadb brute forceadbhoney activityadbhoney honeypotadministrative accessaptasiaattackattack activityattack attemptattack origin: malaysiaattack source ipattack surface discoveryattacker ipattacker-ipaustraliaauthentication abuseauthentication attemptsautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated-attackautomated_attackbad reputationbad web botblacklist ipblacklisted ip addressblock listblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcecanadachinachina mobilecisco asacisco attackcisco brute forcecisco devicecisco device scanningcisco device targetingcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicesclosecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode executioncode injectioncolumnscommand and controlcommand executioncommand injectioncommand injection attemptcommon vulnerabilitiescommunication protocolcompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnect scanconpot activityconpot honeypotconpot ics attackscowriecowrie activitycowrie detectioncowrie honeypotcowrie honeypot detectioncowrie interactionscowrie logscowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential access attemptcredential attackcredential attackscredential brute forcecredential brute-forcingcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscredential_attackcredentialaccessdata encryptiondata exfiltrationdata harvesting attemptsdata store exposuredatabase attackdatabase attack attemptdatabase attacksdatabase exploitation attemptsdatabase probingdatabase securitydatabase-serverddosddos attackddos attacksddos reflectiondecoy systemdenial of servicedevice managementdictionary attackdictionary_attackdigital oceandigitalocean infrastructuredigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdiscovery phasedistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit probingexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexposed servicesexternal access attemptsexternal threatexternal_threatfailed login attemptsfattfatt detectionsfatt signaturesfilefin scanfinlandfranceftpftp brute forceftp brute-forceftp scanningftp_brute_forcegeckogermanyhackinghelloheralding activityheralding behaviorhk abusehandlerhoneynet connecthoneypot datahoneytrap activityhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsicmpics securityidentity & access exploitationinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksintel macinternet of thingsinternet scaninternet-facinginternet-facing serviceinternet-wide observationinternet-wide scaninternet_wide_scanintrusion attemptintrusion detectioniociocsiot attackiot botnetiot device targetingiot securityiot targetediot/ics attackip-address-iocipphoney honeypotipv4ipv4 addressipv4 addressesipv4 port scanningipv4 threatsipv4_activityipv4_addressipv4_indicatorsjapankhtmllamplamp attacklamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack targetedlamp stack targetinglamp vulnerability scanlateral movementlateral movement techniqueslcialinux serverslinux systemslinux x8664linux-server-attacklinux-systemlinux_server_attackslogin attacklogin attemptlogin attemptsloginattacklondonmailoney detectionmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious file transfermalicious infrastructuremalicious ip activitymalicious ip addressesmalicious ip detectedmalicious ip listmalicious ipsmalicious network activitymalicious scanmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmalware scanningmalware_activitymass scanningmirai botnetmobilemobile securitymonthlynetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-devicenetwork_discoverynetwork_intrusionnetwork_probingnetwork_reconnaissancenetwork_scanningnorth americanull scanoceaniaopen proxyopencanaryoperating systemoperating system securityos command injectionos fingerprintingos xp0fp0f network fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword_attackpgp signphishingphishing attackphishing trapphp exploitation attemptspolandport-scanningportscanpossible botnet activitypossible exploit attemptspossible malicious activitypossible malware activitypossible mirai variantpotential exploitpotential exploit attemptspotential intrusionpotential malicious activitypotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationprotocol-abuseprotocol_enumerationproxyproxy protocolpublic cloud targetingransomwareraspberry-pirdp scanningreconnaissancereconnaissance activityredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityremote accessremote servicesremote_accessresearchedresource hijackingsansscanscannerscanner activityscanner detectionscanner ipscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice scanservice scanningservice_enumerationsftp access attemptsftp activitysftp attacksftp attackssftp attemptsftp exploitation attemptssftp intrusion attemptsftp scanningsftp-attackshadowsever_org-benignsingaporesip attackssip brute forcesip scanningsip_attacksmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh monitoringssh scanningssh-brute-forcessh_brute_forcesuricata alertssyn scansystem accesst-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1047t1053t1055t1059t1059.003t1059.004t1059.007t1064t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1087t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505t1505.002t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1583t1588t1589t1590t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcp port scanningtcp protocoltcp scantcp scanningtelecommunicationstelnettelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat_discoverythreat_intelligencetimeouttokyotor nodetorontotpottpotceubuntuudp port scanudp port scanningudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized-access-attemptunited kingdomunited statesunknown threat actorunusual network trafficusus noneverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanvultrvultr parisweak credentialsweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb crawling detectionweb exploitweb exploit attemptweb exploitationweb service scanningweb shell attemptweb shell detectionweb spamweb trafficweb-application-attackweb-serverweb_attackwindows ntxmas scan

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
24
Reports
First seenSep 20, 2023
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationPleasanton, California
ASNAS6939
OrgThe Shadow Server Foundation
Coords37.6951, -121.9000
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
Hurricane Electric LLC HURRICANE-9 (NET-65-49-0-0-1) 65.49.0.0 - 65.49.127.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-409C062A (NET-65-49-1-0-1) 65.49.1.0 - 65.49.1.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 7 days ago
Appeared in 24 threat reports