IOC Radar
IPMediumSignal 66/100

74.82.47.19

Location
United StatesUnited States
Gunnison, Utah
ASN
AS6939
The Shadow Server Foundation
First Seen
Aug 26, 2020
Last Seen
Jun 4, 2026
Aug 26
First Seen
2117d ago
Jun 4
Last Seen
9d ago
32
Reports
source reports
66%
Confidence
medium
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

82 techniques

Network Information

CountryUSUnited States
RegionGunnison, Utah
ASNAS6939
OrganizationThe Shadow Server Foundation

IP Category

Proxy
Proxy server

Feed Intelligence Summary

32 reports66% confidence
32
Source reports
66%
Confidence score
Category tags
abuseaccessaccess attemptsaccess controlaccount compromiseackactive scanactive scanningadbhoney honeypotapplication layer protocolaptasiaattackattack vectorsattacker-ipaustraliaauthentication failureauto-generated securityautomated attackautomated attacksautomated-attackautomated_attackbad reputationbad web botbeningbening scannerblacklist candidateblacklisted ipblock listbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec2c2 communicationc2 servercanadacertchina mobileciscocisco devicecisco exploitation attemptcisco exploitation attemptsclosecloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnectconpotconpot activityconpot honeypotconpot ics exploitationconpot ics/scada honeypotconpot interactioncontainer securitycowriecowrie attackscowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential_attackctacurlcyber securitycyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase exploitation attemptsdatabase login attemptdatabase probingdatabase securitydcerpcdcom exploitationddosddos attackddos attacksddos probeddospotdecoy systemdefensedenial of servicedevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaeadionaea activitydionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondistributed attacksdnsdns attackdockerelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeexfiltrationexploitexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostexposed servicesexternal scanningexternal-scanningexternal_threatextortionfailed loginfattfatt analysisfatt signaturesfin scanfinlandfranceftpftp attackftp attacksftp brute forceftp brute-forcegalahgeckogermanygithubgluttongopotgroupshackinghellohellpotheralding probeshk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttpshydraics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinfrastructure acquisitionreconnaissanceinfrastructure targetinginitial accessinitial access vectorinitial-accessinitial_accessinjection activityinjection attacksintel macinternet of thingsinternet-facinginternet-wide scaninternet_wide_scanintrusion attemptintrusion detectioniociot attackiot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 activityipv4 addressipv4 threatsipv4_activityipv4_indicatorsjapankfsensor honeypotkhtmlkibanalamplamp attacklamp exploitation attemptlamp exploitation attemptslamp server attacklamp stack targetinglamp vulnerability exploitationlateral movementlinux x8664log4potlogin attacklogin attemptlondonmailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious ip activitymalicious ip addressesmalicious ipsmalicious ipv4malicious login attemptsmalicious network activitymalicious scanmalicious softwaremalicious trafficmalicious-ipmalwaremalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware downloadmanualmasscanmedpotmicrosoft technologiesmirai botnetmobilemobile securitymssqlnetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-reconnaissancenetwork-servicenetwork_discoverynetwork_probingnetwork_reconnaissancenetwork_scannextraynmapnorth americanull scanoceaniaopenctios xp0fp0f os fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword_attackpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible malware distributionpotential credential stuffingpotential malware deliverypotential malware distributionpotential threat actorpotential vulnerability assessmentpotential vulnerability probingprocess injectionprotocol exploitationproxyproxy accesspythonransomwarerdp scanningreconnaissancereconnaissance activityredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotremote accessremote servicesresearchedresource hijackingrpcrtbhsansscanscannerscanner ipsscannersscanning activityscriptscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice_enumerationsftpsftp access attemptsftp attacksftp attemptshadowsever_org-benignshell accessshell access attemptshell access attemptssingaporesipsip attackssip brute forcesip scanningsippslugsmb scanningsmtpsmtp attackssmtp brute forcesmtp probingsnaresocial engineeringsocradarsoftware exploitationsourcespamsql injectionsql injection attemptsql-injectionsshssh attackssh attacksssh monitoringsurface websuricata alertsuricata alertssynsyn scansystem accesssystem disruptiont1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1055t1056t1059t1059.003t1059.004t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1590t1590.001t1590.002t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploit kittanner honeypot activitytanner interactionstargeting databasetcptcp protocoltcp scantcp scanningtcp-scanningtelecommunicationstelnet threatthreat actorthreat actor: unknownthreat detectionthreat intelligencethreat preventionthreat-intel-feedthreat-intelligencetimeouttokyotor nodetorontotpottsecubuntuudp port scanudp scanudp-scanningunattributed activityunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunauthorized login attemptsunited statesunited states of americausus noneverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-exploitationvultrvultr infrastructurevultr parisweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitweb exploitationweb login attemptweb shellweb shell uploadweb spamweb trafficweb-attackwgetwindows ntwordpotxmas scan

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
32
Reports
First seenAug 26, 2020
Last seenJun 4, 2026
GeolocationUS
CountryUnited States
LocationGunnison, Utah
ASNAS6939
OrgThe Shadow Server Foundation
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
Hurricane Electric LLC HURRICANE-10 (NET-74-82-0-0-1) 74.82.0.0 - 74.82.63.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-FBF64106 (NET-74-82-47-0-1) 74.82.47.0 - 74.82.47.63
references
https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-16/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-15/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-10/, https://voidvendor.com/intel, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-03/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-01/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 9 days ago
Appeared in 32 threat reports