IPMediumSignal 73/100

`74.82.47.2`

Location

United States

Gunnison, Utah

ASN

AS6939

The Shadow Server Foundation

First Seen

Aug 26, 2020

Last Seen

Jun 17, 2026

Aug 26

First Seen

2129d ago

Jun 17

Last Seen

8d ago

Reports

source reports

73%

Confidence

medium

Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

73%

Signal Score

73 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

170 techniques

Network Information

Country

United States

RegionGunnison, Utah

ASNAS6939

OrganizationThe Shadow Server Foundation

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

34 reports73% confidence

Source reports

73%

Confidence score

Category tags

abuseaccessaccess attemptsaccess controlaccount compromiseactionactive scanactive scanningadbadb attacksadb brute forceadb exploit attemptsadb protocoladb scanningadbhoney activityadbhoney alertsadbhoney attacksadbhoney honeypotadbhoney interactionsagentalertandroidandroid debug bridgeandroid device attacksanomalous network connectionsapi servicesapplication layer protocolapplication reconnaissanceaptasaasiaattackattack destination ipattack origin: malaysiaattack sourceattack source ipattack-vector:bruteforceattacker ipattacker ipsattacker-ipattempted compromiseattempted-intrusionaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attack activityautomated attacksautomated scanningautomated threatautomated threat activityautomated-attackbackdoor installationbad reputationbad web botbankingbeningbening scannerblock listblock.txtblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute-force attackbrute_forcebruteforcec2c2 communicationc2 servercertchina mobilecins activecisco asacisco attackcisco attackscisco devicecisco device attackcisco device targetedcisco device targetingcisco exploitcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco ios probingcisco network devicescisco protocol attackscisco targetedcisco vulnerability exploitationcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecms detectioncms probingcode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommercial sexcommercial spamcommon exploit probingcommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromise attemptscompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised system detectioncompromised systemsconfigconfiguration modificationconnectconnected devicesconpot activityconpot attackconpot attacksconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactionscontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectioncowrie emulationcowrie honeypotcowrie honeypot datacowrie interactionscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-harvestingcredential-stuffingcredential_attackcredential_stuffingcredentialaccesscredit card servicescron injectioncross-site scriptingcross-site scripting probecsscurlcve exploitationcve exploitation attemptdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration probedata harvestingdata store exposuredata theftdatabase access attemptdatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploit attemptsdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptdatabase login attemptdatabase probingdatabase scanningdatabase securitydatabase-serverdcerpcddosddos attackddos attack indicatorsddos attemptddos preparationddos probeddos probingddospotdecoy systemdelhidenial of servicedenial-of-servicedenial-of-service attemptdevice managementdevice takeoverdhcpdictionary attackdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea exploit attemptsdionaea honeypotdionaea interactionsdionaea malwaredionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory bruteforcingdirectory enumerationdirectory traversaldirectory traversal attemptdistributed attacksdnsdns attackdockerdropperdropper activitydshield blockelasticpot activityelasticpot attackselasticpot dataelasticpot exploitationelasticpot honeypotelasticsearchelasticsearch monitoringemailemail-serversemailattackencryptionenterprise networkingenterprise securityenumerationenv-huntinget dropeu cyber policieseuropeexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kitexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit targetingexploit vulnerabilityexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilitiesexploitation of vulnerabilityexploited hostexternal access attemptsexternal threatexternal-threatexternal_threatextortionfail2ban blockfail2ban triggeredfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinancefinancial servicesfinancial technologyfingerprintingfinlandfranceftpftp attackftp attacksftp brute forceftp brute-forceftp scangalahgeckogermanygithubgluttongopotgroupsgurgaonhackinghellpotheralding activityheralding attacksheralding behaviorheralding probesheralding probingheralding protocol abusehk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttpshttps scanninghurricane ushydraicmpics securityics/scada attacksidentity & access exploitationillegal servicesimapimap attackimap attacksimplant checkindiaindicatorindicators of compromiseindustrial control systemsindustrial iotinfoinformation disclosureinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure targetinginitial accessinitial access attemptsinjection activityinjection attacksinput validationinput validation bypassintel macinternet background noiseinternet facinginternet facing systemsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-wide scanintrusion attemptintrusion detectioniocioc-type:ipv4iocsiot analyticsiot applicationsiot attackiot attacksiot device attackiot device targetingiot devicesiot exploit attemptsiot platformsiot securityiot targetediot/ics attackip-address-iocip-addressesipmi scanningipp honeyipphoney activityipphoney dataipphoney honeypotipv4ipv4 addressipv4 addressesipv4 attacksipv4 scanningipv4 trafficipv4-addressesipv4-iocipv4_addressit infrastructurejapankfsensor honeypotkhtmlkibanaknown malicious iplamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetedlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp vulnerability scanninglateral movementlateral movement attemptlateral movement techniqueslcialdaplfilinuxlinux exploitation attemptslinux malwarelinux malware probelinux serverslinux systemlinux systemslinux x8664linux-server-attacklinux-server-attackslinux-systemlinux_server_attackslisted sourceload balancerlog4potloginlogin attacklogin attemptlogin attemptslogin failurelogin_attemptmailoney activitymailoney attackmailoney attacksmailoney capturemailoney detectionmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious adb activitymalicious code detectionmalicious code injectionmalicious emailmalicious email activitymalicious email detectionmalicious emailsmalicious file transfermalicious file uploadsmalicious ip activitymalicious ip detectedmalicious ipsmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious payload attemptsmalicious payload detectionmalicious payload distributionmalicious scanmalicious script executionmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalicious_trafficmalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmalware deploymentmalware deployment attemptsmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptmalware download attemptsmalware droppermalware hostingmalware infectionmalware landingmalware propagationmalware propagation attemptmalware related activitymalware-delivery-attemptmalware_activitymanualmasscanmdatp commandmedpotmedusamelbourne regionmobilemobile securitymobile threatmodbusmodule loadingmonthlymssqlmssql brute forcemssql scanningmysql brute forcenetworknetwork activitynetwork attacksnetwork devicenetwork devicesnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork servicenetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-devicesnetwork-discoverynetwork-reconnaissancenetwork-scanningnetwork_activitynetwork_attacknetwork_intrusionnetwork_scannetwork_scanningnetwork_service_exploitationnginxnmapnoidanorth americantpnull scanoceaniaopen proxyopenctiopportunistic attackoracleos credential dumpingos xowaspp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesp2ppassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_guessingpath traversalpayment processingperimeter securitypgp signphishingphishing attackphishing trapphp exploitation attemptsphp injection attemptspingpolandpoor reputationpop3 attackpop3 attacksportport-scanningportscanpossible botnet activitypossible credential stuffingpossible exfiltrationpossible exploit attemptpossible malware activitypossible malware deliverypossible malware distributionpossible malware dropperpossible malware infectionpossible malware propagationpossible mirai variantpossible reconnaissancepostgrespotential botnetpotential botnet activitypotential compromisepotential exploit activitypotential exploit attemptspotential intrusionpotential malicious activitypotential malware deliverypotential malware deploymentpotential malware distributionpotential malware downloadpotential malware hostingpotential malware infectionpotential reconnaissancepotential vulnerability exploitationpotential vulnerability probingpotentially malicious activityprivilege escalationprocess injectionprotoprotocol abuseprotocol exploitationprotocol-abuseprotocol:telnetproxyproxy accesspublicly accessible infrastructurepythonransomwareransomware activityrcerdp attacksrdp scanningreconnaissancereconnaissance activityredisredis brute forceredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredis honeypot attacksredishoneypotredishoneypot activityregional securityremote accessremote access abuseremote access attackremote access attacksremote access attemptremote access attemptsremote file inclusionremote loginremote serviceremote service exploitationremote service interactionremote servicesremote services exploitationremote_accessreplication attackresearchedresource developmentresource enumerationresource hijackingrfisansscada exploitation attemptsscanscannerscanner activityscannersscanning activityscriptscripting attackssecurity eventsecurity operationssensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer connectionssentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer intrusion attemptssentrypeer p2p attacksentrypeer sip attacksserverserver exploitationserver securityservice discoveryservice enumerationservice probingservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp brute-forcesftp exploit attemptsftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptsftp intrusion attemptssftp probingsftp scanningsftp traffic analysissftp-attackshadowsever_org-benignshell accessshell access attemptshell access attemptssipsip activitysip attackssip brute forcesip brute-forcesip enumerationsip probingsip scansip scanningsip vulnerability scansip vulnerability scanningsippslugsmart devicessmbsmb attackssmb brute forcesmb exploitationsmb probingsmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsmtp traffic analysissnaresnmpsocial engineeringsocks5software developmentsoftware exploitationspainspamspam advertisementspam advertisement campaignsql injectionsql injection attemptsql injection attemptssql injection probesshssh activityssh attackssh attacksssh brute-forcessh key injectionssh monitoringssh scanssh scanningssh-brute-forcesslssl vpnssrfsurface websuricata alertsuricata alertssynsyn scansystem discoverysystem disruptionsystem reconnaissancet-pott1003t1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1021.008t1027t1040t1041t1046t1047t1048t1048.003t1053t1053.005t1055t1056t1056.001t1056.004t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1071.002t1071.003t1071.004t1071.005t1076t1077t1078t1078.001t1078.001: default accountst1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1095t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1110: brute forcet1132t1133t1187t1189t1190t1195t1199t1202t1203t1204t1204.001t1204.002t1210t1213t1486t1490t1495.001t1496t1497t1497.001t1499.001t1499.002t1499.003t1505t1505.002t1505.003t1505.004t1539t1550t1550.002t1550.003t1552.001t1555t1555.001t1555.002t1555.003t1555.004t1559t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1573.001t1573.002t1574t1574.001t1574.002t1574.009t1583t1583.001t1583.002t1583.003t1583.004t1583.005t1583.006t1584t1584.001t1584.002t1584.003t1584.004t1587.001t1588t1588.001t1588.002t1588.003t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.004t1590.005t1590.006t1591t1591.001t1591.002t1592t1592.001t1592.002t1592.003t1592.004t1593t1594t1595t1595.001t1595.002t1595.003t1595: active scanningt1598t1598.001t1598.002t1598.003t1598.004t1608t1608.001t1608.002t1608.003t1608.004t1609t1613tannertanner activitytanner attacktanner attackstanner eventstanner exploit kittanner honeypot activitytanner http honeypottanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp scanningtelecommunicationstelnettelnet attackstelnet attemptstelnet threattelnet-brute-forcetftpthreat actorthreat actor activitythreat detectionthreat feedthreat intelthreat intelligencethreat intelligence feedthreat_discoverytimeouttoolshelltop10.txttopips.txttor nodetpottpotcetsecttpsturkeyudp port scanudp scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized-access-attemptunidentified attackerunidentified threat actorunited kingdomunited statesunited states of americaunknown threat actorunsolicited communicationunsolicited contactunsolicited contentunsolicited emailusus abuseus noneuser enumerationvalid accountsverified-benignvncvnc protocolvoipvoip attackvoip attacksvoip systemvoip systemsvpnvulnerability scanvulnerability-scanningvultrvultr infrastructure targetedvultr-platformwafwaf bypass attemptsweak credentialswealth managementweb apisweb app attackweb applicationweb application attackweb application attacksweb application exploitationweb application fingerprintingweb application scanningweb applicationsweb attackweb attacksweb crawlerweb developmentweb enumerationweb exploit attemptweb exploit attemptsweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb serverweb server attacksweb serversweb serviceweb service scanningweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-application-attacksweb-serverweb-serversweb_attackwgetwindows malwarewindows ntwindows systemwordpotxmas scanxss

Activity Timeline

1 total obs

Jun 17Jun 17

Threat Activity Heatmap

· Peak: 2026-06-17

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

73%

Confidence

Reports

First seenAug 26, 2020

Last seenJun 17, 2026

GeolocationUS

CountryUnited States

LocationGunnison, Utah

ASNAS6939

OrgThe Shadow Server Foundation

Coords37.7510, -97.8220

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw: Hurricane Electric LLC HURRICANE-10 (NET-74-82-0-0-1) 74.82.0.0 - 74.82.63.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-FBF64106 (NET-74-82-47-0-1) 74.82.47.0 - 74.82.47.63
references: https://github.com/telekom-security/tpotce

`74.82.47.2`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey