← Back to feed
Shadowserver Foundation
SCANNER Active highPrimary ASN
—
Subnet
—
Country
🇺🇸 US
Cloud Provider
—
Member Count
12 IPs
Below average
Total Events
137
Below average by volume
Started / Ended
2026-02-23 05:51 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Discovery
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 64.62.197.137 | scanner | 48% | 1x OSINT | 19 | 2 | http:scanssh:bruteforce | scan-48a.shadowserver.org | 2026-04-11 00:04 | evidence → |
| 65.49.1.152 | scanner | 46% | 1x OSINT | 7 | 2 | http:scanssh:bruteforce | scan-71-00.shadowserver.org | 2026-04-11 02:28 | evidence → |
| 65.49.1.38 | scanner | 45% | 1x OSINT | 17 | 2 | http:scanssh:bruteforce | scan-54a.shadowserver.org | 2026-04-09 08:48 | evidence → |
| 64.62.197.32 | scanner | 43% | 1x OSINT | 22 | 2 | http:scanssh:bruteforce | scan-37a.shadowserver.org | 2026-04-08 11:18 | evidence → |
| 64.62.197.122 | unknown | 41% | 1x OSINT | 7 | 2 | http:scanssh:bruteforce | scan-40a.shadowserver.org | 2026-04-09 02:32 | evidence → |
| 64.62.156.38 | unknown | 41% | 1x OSINT | 6 | 2 | http:scanssh:bruteforce | scan-62-0.shadowserver.org | 2026-04-09 05:01 | evidence → |
| 184.105.139.67 | scanner | 41% | 1x OSINT | 16 | 2 | http:scanssh:bruteforce | scan-01.shadowserver.org | 2026-04-07 08:54 | evidence → |
| 64.62.197.139 | unknown | 36% | 1x OSINT | 5 | 1 | http:scanssh:bruteforce | scan-48c.shadowserver.org | 2026-04-11 00:04 | evidence → |
| 184.105.247.254 | unknown | 35% | 1x OSINT | 12 | 2 | http:scanssh:bruteforce | scan-13o.shadowserver.org | 2026-04-05 00:04 | evidence → |
| 64.62.197.17 | scanner | 30% | 1x OSINT | 9 | 2 | ssh:bruteforce | scan-44a.shadowserver.org | 2026-04-06 11:13 | evidence → |
| 64.62.156.52 | scanner | 30% | 1x OSINT | 9 | 2 | ssh:bruteforce | scan-63-0.shadowserver.org | 2026-04-06 11:13 | evidence → |
| 64.62.156.170 | scanner | 21% | 1x OSINT | 8 | 1 | ssh:bruteforce | scan-84-8.shadowserver.org | 2026-04-06 10:24 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds