IPMediumSignal 65/100

`74.82.47.4`

Location

United States

Gunnison, Utah

ASN

AS6939

The Shadow Server Foundation

First Seen

Aug 26, 2020

Last Seen

Jun 11, 2026

Aug 26

First Seen

2125d ago

Jun 11

Last Seen

10d ago

Reports

source reports

65%

Confidence

medium

Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

65%

Signal Score

65 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

134 techniques

Network Information

Country

United States

RegionGunnison, Utah

ASNAS6939

OrganizationThe Shadow Server Foundation

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

30 reports65% confidence

Source reports

65%

Confidence score

Category tags

abuseabused-exe-patternaccessaccess attemptaccess attemptsaccount compromiseactionactive reconnaissanceactive scanactive scanningadbadb brute forceadb exploit attemptsadb honeypot activityadb-attacksadb_attackadbhoney activityadbhoney honeypotadbhoney interactionsadbhoney related activityadvertising campaignadvertising spamandroid devicesapi servicesapplication layer protocolapplication reconnaissanceaptasiaattackattack origin: malaysiaattack patternattack source identificationattacker ipattacker ip addressesattacker ipsattacker-ipattempted initial accessaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypass attemptauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attack activityautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated threat detectionautomated threatsautomated-attackautomated_threatbad reputationbad web botbankingbeningbening scannerblock listblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute force ftpbrute force sshbrute-forcebrute_forcebrute_force_attackbruteforcebulk messagingc2 communicationc2 servercanadachecks-user-inputchina mobilecisco asacisco attackcisco attackscisco devicecisco device attackcisco device scanningcisco device targetingcisco devices targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco ios attackscisco network devicescitrix attackcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecms detectioncode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommercial sexcommercial spamcommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host activitycompromised host indicatorscompromised hostscompromised system attemptcompromised system detectioncompromised systemsconfigconfig manipulationconfiguration manipulationconfiguration modificationconnectconnect scanconnected devicesconpot activityconpot attackconpot attacksconpot emulationconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot interactionscontainer securitycontent deliverycorruptcowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectedcowrie detectioncowrie emulationcowrie honeypotcowrie honeypot datacowrie interactioncowrie interactionscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscowrie ssh logscredential accesscredential access attemptcredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential theftcredential-harvestingcredential-stuffingcredential_accesscredential_guessingcredential_stuffingcredentialaccesscredit card servicescron injectioncsscurlcvedatadata encryptiondata exfiltrationdata exfiltration attemptdata harvestingdata harvesting attemptsdata scrapingdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptdatabase login attemptdatabase probingdatabase scanningdatabase securitydatabase serversdatabase-serverdcerpcddosddos attackddos attack indicatorsddos attemptddos preparationddos probeddos probingddospotdecoy systemdefense evasiondelhidenial of servicedenial-of-servicedetect-debug-environmentdevice managementdictionary attackdigital oceandigitalocean environmentdionaeadionaea activitydionaea alertdionaea attackdionaea attack signaturesdionaea attacksdionaea capturedionaea detecteddionaea detectiondionaea emulationdionaea exploit attemptsdionaea exploitsdionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea malware trapdionaea payloadsdirect-cpu-clock-accessdirectory bruteforcingdirectory traversaldirectory traversal attemptdistributed attackdistributed attacksdnp3dnsdns attackdockerdropperelasticpot activityelasticpot dataelasticpot detectedelasticpot exploitationelasticpot honeypotelasticsearchelasticsearch monitoringemailemailattackencryptionenterprise networkingenterprise securityenumerationenv-huntingethernet/ipeu cyber policieseuropeexecutable fileexfiltrationexim exploit attemptexotic portsexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit scanexploit targetingexploit-attemptsexploit: web applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexport-to-otxexposed servicesexposed services exploitationexternal access attemptsexternal attackersexternal reconnaissanceexternal threatexternal-scanningexternal_threatextortionfail2ban triggeredfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfirewall eventfrancefraudftpftp attackftp attacksftp brute forceftp brute-forceftp scangalahgeckogermanygithubgluttongopotgroupsgurgaonhackinghellohellpotheralding activityheralding behaviorheralding probingheralding scan activityhiding-windowhigh-entropyhk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap attackhoneytrap datahoneytrap detectionhoneytrap emulationhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp enumerationhttp exploitationhttp probinghttp request anomalieshttp request anomalyhttp scannerhttp scanninghttp/shttpshttps scanningicmpics attackics securityics-scada-attacksics/scadaics/scada attackics/scada systemsidentity & access exploitationillegal service advertisingillegal servicesimapimap brute forceindiaindia phone numbersindia spamindicatorindicators of compromiseindustrial control systemsindustrial iotinfoinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial access vectorinitial-accessinitial-access-attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksinput validationintel macinternet background noiseinternet facinginternet facing assetinternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceintrusion detectioniociocsiot analyticsiot applicationsiot attackiot device attacksiot device targetingiot devicesiot exploit attemptsiot platformsiot securityiot targetediot/ics attackip-addressip-address-iocippipphoney activityipphoney dataipphoney honeypotipv4ipv4 activityipv4 addressipv4 attacksipv4 indicatoripv4 iocipv4 scanningipv4_activityipv4_addressit infrastructurejapankhtmlkibanaknown malicious ipknown malicious ipslajpat nagarlamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server probelamp server targetedlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability scanlarge-filelateral movementlateral movement techniqueslcialcia honeynetlfilinuxlinux malwarelinux malware probelinux server targetinglinux serverslinux systemlinux systemslinux systems targetedlinux x8664linux-server-attacklinux-server-attackslinux-systemlinux_server_attackslnkload balancerlog analysislog4potloginlogin attacklogin attemptlogin attemptslogin brute forcelondonmail protocol attacksmail service attackmailoney activitymailoney attackmailoney capturemailoney detectionmailoney email attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney indicatorsmailoney interactionsmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious campaignmalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious file transfermalicious ip activitymalicious ip detectedmalicious ipsmalicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious payload attemptsmalicious payload detectionmalicious payload distributionmalicious python scriptsmalicious script executionmalicious sftp activitymalicious sip activitymalicious softwaremalicious software detectionmalicious software targetingmalicious sshmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalicious_trafficmalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware deployment attemptsmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptmalware download attemptsmalware hostingmalware infectionmalware installationmalware landingmalware propagationmalware propagation attemptsmalware related activitymalware scanningmalware_activitymanualmdatp commandmedpotmispmobilemobile securitymobile threatmodbusmodule loadingmonthlymssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork devicenetwork device attacknetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service enumerationnetwork service exploitationnetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-reconnaissancenetwork_discoverynetwork_intrusionnetwork_reconnaissancenetwork_scannetwork_scanningnetwork_service_exploitationnetworkscanningnginxnoidanorth americanull scanoceaniaopen proxyopencanaryopenctios fingerprintingos xoverlayowaspp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_guessingpayment processingpeexepgp signphishingphishing attackphishing trapphone number spamphone spamphp exploitphp injection attemptspingping of deathpolandport-scanport-scanningportscanpossible botnet activitypossible botnet communicationpossible credential reusepossible credential stuffingpossible exfiltrationpossible exploit attemptpossible malicious activitypossible malware activitypossible malware deliverypossible malware distributionpossible malware dropperpossible malware probingpossible malware propagationpossible reconnaissancepotential botnetpotential botnet activitypotential compromisepotential credential compromisepotential credential theftpotential exploitpotential exploit activitypotential exploit attemptspotential intrusionpotential malicious activitypotential malware deliverypotential malware deploymentpotential malware distributionpotential malware hostingpotential malware infectionpotential malware uploadpotential reconnaissancepotential threat actorpotential vulnerability exploitationpotentially malicious activityprivilege escalationprivilege escalation attemptprocess injectionprotocol abuseprotocol exploitationprotocol scanprotocol-abuseproxyproxy accesspublic ip addresspublicly accessible infrastructurepythonransomwareransomware activityrarraspberry-pircerdp attacksrdp scanningreconnaissancereconnaissance activityredisredis brute forceredis exploit attemptredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredis honeypot attacksredishoneypotregional securityremote accessremote access abuseremote access attackremote access attacksremote access attemptremote access attemptsremote access serviceremote loginremote service exploitationremote service interactionremote servicesremote services exploitationremote_accessremote_servicereplication attackresearchresearchedresource developmentresource hijackingrfirolesansscada exploitation attemptsscada/ics attacksscamscams & fraudscannerscanner activityscanner detectionscanner ipsscannersscanning activityscriptscripting attackssecurity monitoringsecurity operationssensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer connectionssentrypeer detectionsentrypeer eventssentrypeer exploitsentrypeer interactionssentrypeer p2p attacksentrypeer targetedsentrypeer targetingserverserver exploitationservice enumerationservice scanservice scanningsex services advertisementsex worksftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptsftp intrusion attemptssftp probingsftp protocol abusesftp scanningsftp traffic analysissftp-attacksftp-attackssftp_attackshadowsever_org-benignshellshell accessshell access attemptshell access attemptsshell command executionshellshock attemptsingaporesipsip attackssip brute forcesip enumerationsip scansip scanningsip vulnerability exploitationsip vulnerability probingsip vulnerability scansip vulnerability scanningsip-attackssippslaveofslugsmart devicessmb attackssmb brute forcesmb exploitationsmssms spamsms spam campaignsmtpsmtp attacksmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsmtp traffic analysissnaresocial engineeringsoftware developmentsoftware exploitationspainspamspam advertisementspam advertisement campaignspam campaignsql injectionsql injection attemptsql injection attemptssql-injectionsshssh attackssh attacksssh brute-forcessh bruteforcessh key injectionssh monitoringssh scanssh-attacksssh-brutessh-brute-forcessh_attacksslssl vpnssrfsurface websuricata alertsuricata alertssynsyn scansystem discoverysystem disruptiont-pott1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1033t1040t1041t1046t1047t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1064t1068t1070.004t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1087.001t1087.002t1095t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136.001t1187t1189t1190t1192t1195t1195.002t1199t1202t1203t1204t1204.002t1210t1486t1490t1495.001t1496t1497t1497.001t1498t1499.001t1499.002t1499.003t1505t1505.002t1505.003t1505.004t1547t1550t1550.002t1550.003t1552.001t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1569t1571t1572t1573t1573.001t1574.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.004t1590.005t1590.006t1591t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1598t1598.003t1608tannertanner activitytanner attacktanner attack patternstanner detectedtanner eventstanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp scanningtcp-scanningtelecommunicationstelephone harassmenttelnettelnet attackstelnet attemptstelnet scanningtelnet threattelnet-brute-forcetextthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat_intelligencetimeouttor nodetorontotpottpotcetraffic analysistsecttpsubuntuudp port scanudp scanudp-scanningunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized-access-attemptunidentified threat actorunited kingdomunited statesunited states of americaunknown threat actorunsolicited communicationunsolicited contactunsolicited contentunusual network trafficupxurl-patternusus abuseus noneuser enumerationvalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvoip attacksvoip systemvoip systemsvpnvpn ipvulnerabilityvulnerability scanvulnerability-scanvultrvultr cloud infrastructurevultr_platform_activitywafweak credentialswealth managementweb apisweb app attackweb application attackweb application attacksweb application fingerprintingweb application probingweb application scanningweb applicationsweb attackweb attacksweb crawlerweb crawling detectionweb developmentweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb serverweb server attackweb server attacksweb server exploitationweb serversweb serviceweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-attackweb-serverweb_attackwgetwindowswindows malwarewindows ntwindows systemwordpotxmas scanxss

Activity Timeline

1 total obs

Jun 11Jun 11

Threat Activity Heatmap

· Peak: 2026-06-11

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

65%

Confidence

Reports

First seenAug 26, 2020

Last seenJun 11, 2026

GeolocationUS

CountryUnited States

LocationGunnison, Utah

ASNAS6939

OrgThe Shadow Server Foundation

Coords37.7510, -97.8220

ProxyVPN

VirusTotal

Not checked

WHOIS

description: List of SSH attacking IPs detected by the Rimba Siber honeypot.
raw: Hurricane Electric LLC HURRICANE-10 (NET-74-82-0-0-1) 74.82.0.0 - 74.82.63.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-FBF64106 (NET-74-82-47-0-1) 74.82.47.0 - 74.82.47.63
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt

`74.82.47.4`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey