IPMediumSignal 69/100

`64.62.197.122`

Location

United States

Pleasanton, California

ASN

AS6939

The Shadowserver Foundation, Inc

First Seen

Mar 24, 2021

Last Seen

Jun 4, 2026

Mar 24

First Seen

1906d ago

Jun 4

Last Seen

9d ago

Reports

source reports

69%

Confidence

medium

Found in 38 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

69%

Signal Score

69 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

122 techniques

Network Information

Country

United States

RegionPleasanton, California

ASNAS6939

OrganizationThe Shadowserver Foundation, Inc

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

38 reports69% confidence

Source reports

69%

Confidence score

Category tags

abuseaccessaccess attemptaccess token manipulationaccount compromiseackactionactive scanactive scanningadbadb attacksadb exploitadb protocoladb-attacksadb_attackadbhoney activityadbhoney exploitsadbhoney honeypotadbhoney interactionsadbhoney related activityadvertising campaignadvertising spamagentalertandroid devicesandroid_attackandroid_debug_bridgeanomalous network connectionsapi servicesapplication layer protocolaptasiaattackattack attemptattack preparatoryattack sourceattacker ipattacker ip addressesattacker ipsattacker-ipattacker_ipattempted attackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication_bypassauthentication_failuresautomated attackautomated attack activityautomated attack attemptsautomated attacksautomated threatautomated threatsautomated-attackautomated_attackautomated_threatbad reputationbad web botbankingbeningbening scannerblock listblock.txtblocklist_allblog spambot activitybotnetbotnet activitybotnet-activitybotnet_activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcebulk messagingc2c2 communicationc2 servercanadachina mobilecins activecisco activitycisco asacisco attackcisco attackscisco brute forcecisco devicecisco device attackcisco device targetedcisco device targetingcisco devices targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescisco systemscisco_device_attackcitrix attack attemptcitrix exploitation attemptcitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescloud-infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromise attemptscompromised credentialscompromised credentials attemptcompromised hostcompromised host detectioncompromised host indicatorscompromised hostscompromised system attemptcompromised systemsconfigconnectconnect scanconnected devicesconpot activityconpot attackconpot honeypotconpot ics attacksconpot interactionscontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectedcowrie emulationcowrie honeypotcowrie honeypot detectioncowrie interactioncowrie interactionscowrie loginscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscowrie ssh logscredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential theftcredential-harvestingcredential-stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcredit card servicescsscurlcvecve exploitationcyber_threat_intelligencecyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvestingdata scrapingdata store exposuredata theftdatabase access attemptdatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitationdatabase exploitation attemptdatabase exploitation attemptsdatabase intrusion attemptdatabase login attemptdatabase probingdatabase scanningdatabase securitydatabase serverdatabase serversdatabase-serverdatabase_attackdatabase_serverdcerpcddosddos attackddos attack indicatorsddos attemptddos attemptsddos mitigationddos preparationddos probeddos probingddospotdecoy systemdelhidenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandigitalocean ipdionaeadionaea activitydionaea alertdionaea attackdionaea attack signaturesdionaea attacksdionaea capturedionaea detecteddionaea eventsdionaea exploit attemptsdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnp3dnsdns attackdockerdos preventiondropperdropper activitydshield blockelasticpot activityelasticpot detectedelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenv-huntinget dropeu cyber policieseuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit targetingexploit-attemptsexploit: web applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilitiesexploitation of vulnerabilityexploitation_attemptexploited hostexport-to-otxexposed serviceexposed servicesexternal access attemptsexternal attackersexternal ipexternal threatexternal-threatexternal_threatextortionfail2ban triggeredfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfirewall eventfrancefraudftpftp attackftp attacksftp attemptftp brute forceftp brute-forceftp protocolftp scangalahgermanygithubgluttongopotgroupshackinghellpotheralding activityheralding attackheralding behaviorheralding scan activityhk abusehandlerhoneynet connecthoneypot 24h activityhoneypot datahoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp/shttpshttps scanninghurricane usicmpics attackics securityics-scada-attacksics/ot attackics/scadaics/scada attackics/scada systemsidentity & access exploitationillegal service advertisingimapimap attackinbound scanindiaindia phone numbersindia spamindicatorindicators of compromiseindustrial control systemsindustrial iotinfoinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptsinitial access preparationinitial-access-attemptsinitial_accessinjection activityinjection attacksinternet background noiseinternet facing assetsinternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceinternet-wide scanintrusion detectioniociocsiot analyticsiot applicationsiot device attacksiot device targetingiot devicesiot exploit attemptsiot exploitationiot platformsiot securityiot targetediot/ics attackiot_attackip-address-iocippipphoney activityipphoney dataipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 attacksipv4 hostsipv4 trafficipv4-addressesipv4_addressit infrastructurejapankfsensor honeypotkibanakill-chain exploitationkill-chain reconnaissanceknown malicious iplajpat nagarlamplamp activitylamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetedlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability scanlamp_stack_attacklateral movementlateral movement techniqueslcialinuxlinux malware probelinux serverslinux systemlinux system exploitationlinux systemslinux-server-attacklinux-systemlinux_server_attackslisted sourcelog4potloginlogin attacklogin attemptlogin attemptslogin failurelondonlow-riskmail service attackmail service probingmailoney activitymailoney capturemailoney eventsmailoney honeypotmailoney indicatorsmailoney interactionsmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious adb activitymalicious campaignmalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious file transfermalicious file uploadsmalicious ip activitymalicious ip detectedmalicious ipsmalicious ipv4malicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious payload attemptsmalicious payload deliverymalicious payload detectionmalicious payload distributionmalicious sftp activitymalicious softwaremalicious software detectionmalicious sshmalicious ssh activitymalicious trafficmalicious-login-attemptsmalicious_activitymalwaremalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deployment attemptsmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptsmalware droppermalware infectionmalware landingmalware probingmalware propagationmalware propagation attemptsmalware_activitymalware_delivery_attemptmanualmedpotmispmobilemobile securitymobile threatmodbusmonthlymssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork device attacknetwork device compromisenetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-reconnaissancenetwork_device_attacknetwork_probingnetwork_reconnaissancenetwork_scannetwork_service_exploitationnetworkscanningnginxnorth americanosql database attacknull scanoceaniaopen proxyopencanaryopenctiopportunistic attackeros credential dumpingosintp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword_attackpassword_guessingpayment processingperimeter securitypgp signphishingphishing attackphishing trapphone number spamphone spampingping of deathpolandpoor reputationportport-scanningportscanpossible botnet activitypossible credential reusepossible credential stuffingpossible exploit attemptpossible exploit attemptspossible malicious activitypossible malware deliverypossible malware distributionpossible malware dropperpossible malware probingpossible malware propagationpossible mirai variantpossible reconnaissancepossible vulnerability exploitationpotential botnetpotential botnet activitypotential compromisepotential credential theftpotential data exfiltrationpotential exploitpotential exploit activitypotential exploit attemptspotential intrusionpotential intrusion attemptpotential malicious activitypotential malware activitypotential malware deliverypotential malware distributionpotential malware infectionpotential malware uploadpotential reconnaissancepotential vulnerability probingpotential_compromiseprivilege escalationprocess injectionprotoprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accesspublic cloudpublic ip addresspublicly accessible infrastructurepythonransomwareransomware activityraspberry-pirdp attacksrdp scanrdp scanningreconnaissancereconnaissance activityredisredis command executionredis exploit attemptredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredis honeypot attacksredishoneypotredishoneypot activityregional securityremote accessremote access attackremote access attacksremote access attemptremote access attemptsremote code executionremote loginremote serviceremote service exploitationremote service interactionremote servicesremote services exploitationremote_accessremote_access_serviceremote_serviceresearchresearchedresource developmentresource hijackingrule based detectionsansscada exploitation attemptsscada/ics exploitationscada_icsscamscams & fraudscannerscanner activityscanner ipscannersscanning activityscriptscripting attackssecurity eventsecurity operationssensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer connectionssentrypeer detectionsentrypeer eventssentrypeer exploitsentrypeer interactionsserverserver exploitationserver securityservice discoveryservice enumerationservice scanservice scanningservice_enumerationsex services advertisementsex worksftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptsftp intrusion attemptssftp probingsftp protocolsftp protocol abusesftp scanningsftp traffic analysissftp-attacksftp-attackssftp_attackshadowsever_org-benignshellshell accessshell access attemptsingle source ipsipsip activitysip attackssip brute forcesip probingsip protocolsip scansip scanningsip vulnerability exploitationsip vulnerability scansip-attackssippslugsmart devicessmb attackssmb brute forcesmb exploitationsmssms spamsms spam campaignsmtpsmtp attacksmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsmtp trafficsmtp traffic analysissnaresocial engineeringsoftware developmentsoftware exploitationspamspam advertisementspam campaignsql injectionsql injection attemptsql injection attemptssshssh activityssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh protocolssh scanssh scanningssh-attacksssh-brutessh-brute-forcessh_attacksurface websuricata alertsuricata alertssynsyn scansystem discoverysystem disruptiont-pott-pot frameworkt1003.006t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1199t1202t1203t1204t1204.002t1210t1486t1490t1496t1497t1497.001t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1539t1550t1550.002t1550.003t1552.001t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567.001t1572t1573t1573.001t1583t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1591t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1598t1598.003tannertanner activitytanner attacktanner attack patternstanner detectedtanner eventstanner http honeypottanner interactionstargeting databasetcptcp protocoltcp scantcp scanningtcp/23tcp/iptelecommunicationstelephone harassmenttelnettelnet attackstelnet scantelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelthreat intelligencethreat intelligence feedthreat-intelligencethreat_intelligencetimeouttokyotop10.txttopips.txttor nodetorontotpottpotcetsecttpsudp port scanudp scanunattributed activityunauthenticated access attemptsunauthorised access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunidentified threat actorunited kingdomunited statesunited states of americaunknown actorunknown threat actorunsolicited communicationunsolicited contactusus abuseus ip addressus noneus source ipvalid accountsverified-benignvnc protocolvoipvoip attackvoip attacksvoip systemsvoip_attackvpnvpn ipvulnerability scanvultrvultr_platform_activityweak credentialswealth managementweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb serverweb server attackweb server attacksweb server exploitationweb serversweb service probingweb service scanningweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-serverweb_attackweb_serverwgetwordpotxmas scan

Activity Timeline

1 total obs

Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

69%

Confidence

Reports

First seenMar 24, 2021

Last seenJun 4, 2026

GeolocationUS

CountryUnited States

LocationPleasanton, California

ASNAS6939

OrgThe Shadowserver Foundation, Inc

Coords37.7510, -97.8220

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected attempting to brute force REDIS on Vultr Melbourne (Australia) honeypot
raw: Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4E693F5B (NET-64-62-197-0-1) 64.62.197.0 - 64.62.197.255
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrparis-telnet-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceanlondon-telnet-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-08/

`64.62.197.122`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy