IPMediumSignal 84/100

`74.82.47.5`

Location

United States

Gunnison, Utah

ASN

AS6939

The Shadow Server Foundation

First Seen

Aug 26, 2020

Last Seen

Jun 13, 2026

Aug 26

First Seen

2126d ago

Jun 13

Last Seen

9d ago

Reports

source reports

84%

Confidence

medium

Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

84%

Signal Score

84 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

131 techniques

Network Information

Country

United States

RegionGunnison, Utah

ASNAS6939

OrganizationThe Shadow Server Foundation

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

32 reports84% confidence

Source reports

84%

Confidence score

Category tags

a5 httpsa6 httpsabuseaccess attemptaccess controlaccount compromiseactive scanactive scanningadbadb attacksadb brute forceadb exploit attemptsadb exploitationadb_attackadbhoney activityadbhoney alertsadbhoney attacksadbhoney exploitsadbhoney honeypotadbhoney interactionsadbhoney related activityandroidandroid devicesandroid_attackandroid_debug_bridgeapi servicesapplication exploitationapplication layer protocolapplication reconnaissanceasiaattackattack sourceattack vectorsattacker ipattacker ipsattacker-ipattempted attackattempted-intrusionaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication-attemptsauthentication_bypassauthentication_failuresauto-generated securityautomated attackautomated attack attemptsautomated attack campaignsautomated attacksautomated scanningautomated threatautomated threat activityautomated threatsautomated-attackautomated_attackautomated_threatbackdoorbad reputationbad web botbankingbeningbening scannerblacklist ipblacklisted ipblock listblog spambotnetbotnet activitybotnet-activitybotnet_activitybrazilbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 communicationc2 servercertchina mobileciscocisco activitycisco asacisco asa targetedcisco asa targetscisco attackcisco attackscisco brute forcecisco devicecisco device attackcisco device attackscisco device targetingcisco exploitcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescisco systemscisco targetingcisco-device-targetingcisco_device_attackcisco_exploitcitrix attackcitrix attack attemptcitrix brute forcecitrix enumerationcitrix exploitation attemptcitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecloud_infrastructurecms detectioncms probingcode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host activitycompromised host detectioncompromised host indicatorscompromised hostscompromised system attemptcompromised systemscompromised websiteconfiguration modificationconnected devicesconpotconpot activityconpot attackconpot attacksconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactionconpot interactionscontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectioncowrie emulationcowrie honeypotcowrie honeypot datacowrie honeypot detectioncowrie interactioncowrie interactionscowrie login attemptscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh interactioncowrie ssh loginscowrie ssh logscowrie_attackcrawlercredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential guessingcredential harvestingcredential stuffingcredential stuffing attemptscredential theftcredential-harvestingcredential-stuffingcredential_accesscredential_guessingcredential_stuffingcredentialaccesscredit card servicescron injectioncross-site scriptingcross-site scripting probectacurlcvecve exploitation attemptcyber securitycyber_threat_intelligencedata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration probedata harvestingdata store exposuredata theftdatabase access attemptdatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptdatabase login attemptdatabase probingdatabase scanningdatabase securitydatabase serverdatabase serversdatabase-serverdatabase_attackdatabase_serverdcerpcddosddos attackddos attack indicatorsddos attemptddos preparationddos probeddos probingddos reflectionddospotdecoy systemdefensedefense evasiondenial of servicedenial-of-servicedevice compromise attemptsdevice managementdhcpdhcp enumerationdictionary attackdictionary_attackdigital oceandigitalocean ipdionaeadionaea activitydionaea alertdionaea attackdionaea attack signaturesdionaea attacksdionaea capturedionaea detectiondionaea eventsdionaea exploit attemptsdionaea exploitsdionaea honeypotdionaea interactionsdionaea logsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdionaea signaturesdirectory bruteforcingdirectory enumerationdirectory traversaldirectory traversal attemptdistributed attackdistributed attacksdnp3dnsdns attackdockerdropperelasticpot activityelasticpot attackselasticpot exploitationelasticpot honeypotelasticsearchelasticsearch monitoringelasticsearch scanningemailemail-protocolsemail-serversemailattackencryptionenterprise networkingenterprise securityenumerationenv-huntingethernet/ipeu cyber policieseuropeexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit deliveryexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit scanexploit targetingexploit-attemptexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilitiesexploitation of vulnerabilityexploitation_attemptexploited hostexposed servicesexternal access attemptsexternal remote servicesexternal threatexternal-scanningexternal-threatexternal_threatextortionfail2ban triggeredfailed authenticationfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinancefinance and insurancefinancial servicesfinancial technologyfingerprintingfinlandfirewall blockingfranceftpftp attackftp attacksftp attemptftp brute forceftp brute-forceftp protocolftp scanftp scanninggalahgermanygluttongopothackinghellpotheralding activityheralding attackheralding attacksheralding behaviorheralding probesheralding probingheralding scan activityherolding attackshigh-riskhk abusehandlerhoneynet connecthoneypot datahoneytrap activityhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttphttp attackhttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttp/httpshttp/shttpshttps brute forcehttps scanningicmpics attackics attacksics securityics/scadaics/scada attackics/scada attacksics/scada systemsidentity & access exploitationimapimap scanningindicatorindicators of compromiseindustrial control systemsindustrial iotinformation disclosureinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure attackingress tool transferinitial accessinitial-accessinitial_accessinjection activityinjection attacksinput validationinput validation bypassinternet facinginternet facing systemsinternet of thingsinternet scaninternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-scanninginternet-wide observationinternet-wide scaninternet_wide_scanintrusion detectioniociocsiot analyticsiot applicationsiot attackiot attacksiot device attacksiot device targetingiot devicesiot exploit attemptsiot exploitationiot platformsiot securityiot targetediot/ics attackiot_attackip-addressip-address-iocippipphoney activityipphoney dataipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 attacksipv4 trafficipv4-addressesipv4-scanningipv4_activityipv4_addressipv4_indicatorsit infrastructurejapankfsensor honeypotkibanakill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp activitylamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server attackslamp server targetedlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp_exploitlamp_stack_attacklateral movementlateral movement techniqueslcialdapldap enumerationlfilinuxlinux malware probelinux serverlinux server targetinglinux serverslinux systemlinux system attackslinux system exploitationlinux systemslinux-server-attacklinux-server-attackslinux-server-targetinglinux-systemlinux_server_attacksload balancerlog4potloginlogin attacklogin attemptlogin attemptsmail protocol abusemail service probingmailoney activitymailoney attacksmailoney detectionmailoney email spoofingmailoney eventsmailoney honeypotmailoney indicatorsmailoney interactionsmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious filemalicious file transfermalicious infrastructuremalicious ip activitymalicious ipsmalicious linksmalicious loginmalicious login attemptsmalicious network activitymalicious object detectionmalicious payloadmalicious payload attemptmalicious payload attemptsmalicious payload detectionmalicious script executionmalicious sftp activitymalicious softwaremalicious software detectionmalicious sshmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmalware deployment attemptsmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptmalware download attemptsmalware droppermalware hostingmalware installationmalware landingmalware probesmalware probingmalware propagationmalware propagation attemptsmalware related activitymalware scanningmalware_activitymalware_delivery_attemptmanualmass scanningmass-scanningmdatp commandmedpotmemcache scanningmobile threatmodbusmonthlymssqlmssql brute forcemssql scanningmysql brute forcenetworknetwork activitynetwork attacksnetwork device attacksnetwork device compromisenetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork layer protocolnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-devicesnetwork-reconnaissancenetwork-scanningnetwork-servicenetwork_device_attacknetwork_discoverynetwork_reconnaissancenetwork_scanningnetwork_service_exploitationnextraynginxnorth americantpntp scanningnull scanoceaniaopen proxyopencanaryopenctiopenvpn exploitationoracleoracle scanningos command injectionos credential dumpingowaspp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_guessingpath traversalpayment processingperimeter securitypgp signphishingphishing attackphishing campaignphishing trapphishing urlphp exploitping of deathpolandport-scanport-scanningportscanpossible botnet activitypossible credential stuffingpossible exfiltrationpossible exploit attemptpossible exploit probingpossible malicious activitypossible malware activitypossible malware deliverypossible malware distributionpossible malware dropperpossible malware hostingpossible malware propagationpossible mirai variantpostgrespostgres scanningpotential botnetpotential botnet activitypotential compromisepotential credential compromisepotential credential theftpotential exploitpotential exploit activitypotential exploit attemptspotential intrusionpotential lateral movementpotential malicious activitypotential malware deliverypotential malware distributionpotential malware infectionpotential malware uploadpotential reconnaissancepre-attackprivilege escalationprobingprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accesspublic cloud targetingqhoneypot activityradminransomwareransomware activityransomware payloadraspberry-pircerdp attacksrdp scanreconnaissancereconnaissance activityreconnaissance-activitiesredisredis attacksredis brute forceredis exploit attemptredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot attacksredis scanningredishoneypot activityregional securityremote accessremote access attackremote access attemptremote access attemptsremote access serviceremote file inclusionremote loginremote serviceremote service exploitationremote service interactionremote servicesremote services exploitationremote_accessremote_access_serviceresearchedresource developmentresource enumerationresource hijackingrfisansscada/ics attacksscada_icsscanscannerscanner activityscanner ipscannersscanningscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer connectionssentrypeer detectionsentrypeer eventssentrypeer exploitsentrypeer interactionssentrypeer p2p attackserver exploitationserver securityservice enumerationservice exploitation attemptsservice probingservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp brute-forcesftp exploitationsftp exploitation attemptsftp intrusion attemptssftp probingsftp protocolsftp protocol abusesftp scanningsftp traffic analysissftp-attacksftp-brute-forcesftp_attackshadowsever_org-benignshellshell accessshell access attemptshell access attemptsshell command executionsipsip activitysip attackssip brute forcesip brute-forcesip heraldingsip probingsip scansip scanningsip vulnerability exploitationsip vulnerability scansip-scanningsip_attacksippslaveofsmart devicessmbsmb attackssmb brute forcesmb probingsmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsmtp traffic analysissnaresnmpsnmp enumerationsocial engineeringsocks5socks5 scanningsocradarsoftware developmentsoftware exploitationspainspamspam campaignssql injectionsql injection attemptsql injection attemptssql injection probesql-injectionsshssh activityssh attackssh attacksssh brute-forcessh key injectionssh monitoringssh protocolssh scanssh-brute-forcessh_attackssh_bruteforcesslssl vpnssl vulnerability exploitationssrfsuricata alertsuricata alertssyn scansystem administrationsystem discoverysystem disruptiont-pott-pot frameworkt1003t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1033t1040t1041t1046t1047t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1070.004t1071t1071.001t1071.002t1071.003t1071.004t1071.005t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1090t1095t1102t1105t1110t1110.001t1110.002t1110.003t1110.004t1110: brute forcet1132t1133t1187t1189t1190t1192t1195t1199t1202t1203t1204t1204.001t1204.002t1210t1213t1213.002t1486t1490t1495.001t1496t1497t1498t1499.001t1499.002t1499.003t1505t1505.002t1505.003t1505.004t1547t1547.001t1550t1550.002t1550.003t1552.001t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1569t1572t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.004t1590.005t1590.006t1592t1592.002t1592.004t1593t1595t1595.001t1595.002t1595.003t1595: active scanningt1598t1608tannertanner activitytanner attacktanner attack patternstanner attackstanner eventstanner exploit detectiontanner exploit kittanner exploitationtanner honeypot activitytanner http honeypottanner interactionstanner web attacktargeting databasetcp protocoltcp scantcp scanningtcp-scanningtelecommunicationstelnettelnet attackstelnet attemptstelnet brute-forcetelnet scantelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttor nodetpottpotcetrojan malwarettpsudp port scanudp scanudp-scanningunattributed threat activityunauthenticated accessunauthorised access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized-access-attemptunidentified attackerunidentified threat actorunited kingdomunited statesunited states of americaunknown actorunknown threat actorusus abuseus noneuser enumerationvalid accountsverified-benignvncvnc protocolvnc scanningvoidtrapvoipvoip attackvoip attacksvoip systemsvoip_attackvpnvpn ipvulnerability scanvulnerability-scanvulnerability-scanningvultrwafwaf bypass attemptswazuhweak credentialswealth managementweb apisweb app attackweb applicationweb application attackweb application attacksweb application exploitationweb application fingerprintingweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb crawlerweb developmentweb enumerationweb exploitweb exploit attemptweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb securityweb serverweb server attackweb server attacksweb server exploitationweb serversweb serviceweb service attackweb service probingweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-application-attacksweb-attackweb-serverweb-serversweb_attackweb_serverwebscanwebscannerwebshell activitywgetwordpotxmas scanxss

Activity Timeline

1 total obs

Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

84%

Confidence

Reports

First seenAug 26, 2020

Last seenJun 13, 2026

GeolocationUS

CountryUnited States

LocationGunnison, Utah

ASNAS6939

OrgThe Shadow Server Foundation

Coords37.7510, -97.8220

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw: Hurricane Electric LLC HURRICANE-10 (NET-74-82-0-0-1) 74.82.0.0 - 74.82.63.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-FBF64106 (NET-74-82-47-0-1) 74.82.47.0 - 74.82.47.63
references: https://github.com/telekom-security/tpotce

`74.82.47.5`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey