64.62.156.148
IP Intelligence Briefing: 64.62.156.148
Date: 2026-06-10
---
**1. Core Profile**
- Risk Score: 50 (Moderate Risk)
- Ownership: Operated by *The Shadowserver Foundation, Inc.* (ASN 6939, Hurricane Electric)
- Geolocation: Minneapolis, MN, US (approx. 2500km accuracy)
- Network Role: Firewalled host with no open ports or services detected
- Threat Indicators: No malicious activity observed (no blacklists, campaigns, or DNS anomalies)
---
**2. Observation History**
- BGP Activity: Linked to Hurricane Electricβs ASN 6939 (prefix 64.62.128.0/17)
- DNS Records:
- PTR record: `scan-82-6.shadowserver.org`
- Forward DNS: `shadowserver.org` (SPF/DKIM configured for email security)
- Temporal Trends: No persistent threats or ownership changes detected
---
**3. Relationships**
- Network: Subnet `64.62.156.148/24` (low abuse density, 3.9% abuse risk)
- DNS Associations:
- `148.0-24.156.62.64.in-addr.arpa` (reverse DNS host)
- Organizations: Directly tied to Shadowserver Foundation (cybersecurity research entity)
---
**4. Neighborhood Analysis**
- Subnet Risk: 51 IPs in `64.62.156.0/24`
- High Risk: 2 IPs (55β60 authority score)
- Medium Risk: 23 IPs (40β50 authority score)
- Low Risk: 26 IPs (0β50 authority score)
- Notable Neighbors:
- `64.62.156.10` (55 risk score)
- `64.62.156.13` (0 risk score, likely benign)
---
**5. Threat Assessment**
- Likelihood of Malicious Activity: Low. The IP is associated with a trusted cybersecurity organization.
- Neighbor Risk: While some neighboring IPs show higher risk, no direct compromise or malicious behavior is attributed to this IP.
- Recommendation: Monitor subnet for unusual traffic patterns. No immediate mitigation required for this IP.
---
Conclusion:
64.62.156.148 is a legitimate, firewalled host operated by Shadowserver Foundation. While the subnet contains some risky neighbors, the IP itself shows no malicious indicators. SOC teams should focus on monitoring the broader subnet for potential lateral movement or compromised hosts.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | The Shadowserver Foundation, Inc. |
| ASN | AS6939 |
| Network Name | β |
| CIDR Block | β |
| RIR | ARIN |
| Country | β |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | 148.0-24.156.62.64.in-addr.arpa |
| Forward Confirmed | Yes β FCrDNS verified |
| Forward Hostnames | scan-82-6.shadowserver.org148.0-24.156.62.64.in-addr.arpa |
π DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 1/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Firewalled / No Services |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| No open ports detected | |||
| Server | β |
| HTTP Title | β |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 13% | 1 | 1 |
| routing | 13% | 1 | 1 |
| services | 13% | 1 | 1 |
| ownership | 27% | 2 | 3 |
| reputation | 0% | 0 | 0 |
| geolocation | 13% | 1 | 1 |
| Overall | 13% | 6 | 7 |
| Data Coherence | Mostly Consistent (80%) β 1 contradiction(s) |
| Attribution | Moderate (55%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-22 15:20:25 UTC |
| Last Seen | 2026-06-11 21:18:38 UTC |
| Profile Built | 2026-06-10 02:17:08 UTC |
| Data Freshness | Live |
| Signal Types | 19 |
| Total Observations | 24 |
Full dossier details are available via our API.