IPMediumSignal 66/100
74.82.47.7
Location
United StatesGunnison, Utah
ASN
AS6939
The Shadow Server Foundation
First Seen
Aug 26, 2020
Last Seen
Jun 6, 2026
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionGunnison, Utah
ASNAS6939
OrganizationThe Shadow Server Foundation
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
32 reports66% confidence
32
Source reports
66%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackactive scanactive scanningadbhoney honeypotadministrative accessaptasiaattackattack preparatoryattack source ipattacker ipattacker-ipaustraliaauthentication attemptsauthentication failureauto-generated securityautomated attackautomated attacksautomated threatautomated-attackautomated_attackbad reputationbad web botbeningbening scannerblacklist candidateblacklist ipblacklisted ip addressbotnetbotnet activitybotnet detectionbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbrute_force_attemptbruteforcec2c2 communicationc2 detectioncanadacertchinaciscocisco devicecisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompromised hostcompromised hostsconpot activityconpot honeypotcowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingcyber securitydata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase exploitation attemptsdatabase securityddosddos attackddos attacksddos attemptdecoy systemdefensedefense evasiondenial of servicedevice managementdictionary attackdigital oceandionaeadionaea capturedionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackemailencryptionenterprise networkingenumerationeuropeexploitexploit attemptexploit attemptsexploit public-facing applicationexploit scanexploitationexploitation activityexploitation attemptexploited hostexternal access attemptsexternal-scanningexternal_threatfailed loginfailed login attemptsfattfatt detectionsfatt signaturesfilefin scanfinlandfirewall detectionfranceftpftp brute forceftp brute-forceftp scangermanyhackinghoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanningicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinjection activityinjection attacksinternet facing systemsinternet of thingsinternet-facinginternet-facing serviceinternet-facing systemsinternet-scanninginternet-wide scanintrusion detectioniociocsiot attackiot botnetiot securityiot targetediot/ics attackipv4ipv4 activityipv4 addressesipv4 scanningipv4-scanningipv4_addressjapankfsensor honeypotlamplamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlcialinux serverslinux systemslinux-server-attacklinux_server_attackslogin attemptlogin_attemptmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious code detectionmalicious file transfermalicious login attemptsmalicious scanmalicious softwaremalicious trafficmalicious-login-attemptsmalicious_trafficmalwaremalware analysismalware behaviourmalware capturemalware delivery attemptmalware detectionmalware distributionmalware filtermalware hostingmalware propagationmalware_activitymanualmass-scanningmelbourne regionmirai botnetmysql brute forcenetworknetwork anomaliesnetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork servicesnetwork traffic analysisnetwork-reconnaissancenetwork_activitynetwork_discoverynetwork_enumerationnetwork_intrusionnetwork_reconnaissancenetwork_scanningnextraynorth americanull scanoceaniaopen proxyopenctioperating systemoperating system securityos fingerprintingp0fp0f network fingerprintingp0f os fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible exploit attemptspossible mirai variantpotential threat activitypotential threat actorpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpre-attackprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolransomwarereconnaissancereconnaissance activityredis exploitationredis honeypotremote accessremote servicesresearchedresource hijackingrtbhsansscanscannerscannersscanning activityscanning_activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionsftpsftp activitysftp attacksftp attemptsftp-attackshadowsever_org-benignsingaporesipsip brute forcesip scansip scanningsmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsoftware exploitationsourcespamsql injectionsshssh attackssh monitoringssh scanssh-brute-forcesurface websuricata alertsuricata alertssweep scansynsyn scansystem accesst-pott1003t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1027t1040t1041t1046t1053t1053.005t1055t1059t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.002t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1589t1590t1590.001t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstargeting databasetcp protocoltcp scantcp-scanningtcp/3306telecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventionthreat_intelligencetor nodetpottsecudp port scanudp scanudp-scanningunattributed threat actorunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptsunauthorized-access-attemptunited kingdomunited statesunited states of americaunknown threat actorususer enumerationverified-benignvnc protocolvoipvoip attackvulnerability scanvulnerability-scanningvultrvultr infrastructure targetedweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitweb exploitationweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackweb_attackxmas scan
Activity Timeline
Jun 6Jun 6
Threat Activity Heatmap
· Peak: 2026-06-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
32
Reports
First seenAug 26, 2020
Last seenJun 6, 2026
GeolocationUS
CountryUnited States
LocationGunnison, Utah
ASNAS6939
OrgThe Shadow Server Foundation
Coords37.7510, -97.8220
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- Hurricane Electric LLC HURRICANE-10 (NET-74-82-0-0-1) 74.82.0.0 - 74.82.63.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-FBF64106 (NET-74-82-47-0-1) 74.82.47.0 - 74.82.47.63
- references
- https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-16/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-13/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-27/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-29/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 9 days ago
Appeared in 32 threat reports