IPMediumSignal 57/100

`64.62.197.131`

Location

United States

Pleasanton, California

ASN

AS6939

The Shadowserver Foundation, Inc

First Seen

Mar 28, 2021

Last Seen

Jun 3, 2026

Mar 28

First Seen

1902d ago

Jun 3

Last Seen

8d ago

Reports

source reports

57%

Confidence

medium

Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

57%

Signal Score

57 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

91 techniques

Network Information

Country

United States

RegionPleasanton, California

ASNAS6939

OrganizationThe Shadowserver Foundation, Inc

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

33 reports57% confidence

Source reports

57%

Confidence score

Category tags

abuseaccessaccess attemptsaccess controlaccount compromiseaccount securityackactive scanactive scanningadbhoney activityadbhoney alertsadbhoney honeypotadbhoney related activityadminadministrative accessagentalertapacheapache attackerapiapplication reconnaissanceaptasiaattackattack preparatoryattacker ipattacker-ipattacker_ipattacking-ipsaustraliaauthentication attemptsauthentication failureautomated attackautomated attacksautomated threatautomated threatsautomated-attackautomated_attackbad reputationbad web botbankingbeningbening scannerblacklist candidateblog spambotnetbotnet activitybotnet detectionbotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2 communicationc2 detectionc2 servercanadacins activeciscocisco asa attackcisco attackcisco devicecisco device attackcisco device targetingcisco exploitation attemptcisco exploitation attemptscitrix exploitation attemptcitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescms detectioncommand & controlcommand and controlcommand injectioncommunication protocolcommunication securitycompromise attemptcompromised credentialscompromised hostcompromised hostsconfigconnect scanconpot activityconpot attackconpot honeypotconpot ics attackscowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie honeypotcowrie interactioncowrie interactionscowrie loginscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscowrie ssh logscredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-accesscredential-stuffingcredit card servicescyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase intrusion attemptdatabase securityddosddos attackddos attacksddos attemptsddos preparationddos probingdecoy systemdenial of servicedenial-of-servicedesktopdevice managementdigital oceandigitalocean ipsdionaeadionaea activitydionaea attacksdionaea capturedionaea detectiondionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory bruteforcingdirectory traversaldistributed attacksdnsdns attackdrive-by compromisedshield blockelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityet dropeu cyber policieseuropeexecutable fileexploitexploit attemptexploit attemptsexploit kitsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal attackexternal ipexternal reconnaissanceexternal scanningexternal threatexternal_threatfailed login attemptsfattfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfranceftpftp attacksftp brute forceftp brute-forcegermanygithubgroupshackingheralding activityheralding behaviorheralding scan activityhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshtmlhttphttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsicmpics attackics securityidentity & access exploitationindexindicatorindicators of compromiseindicators-of-compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure targetinginitial accessinitial access attemptinitial_accessinjection activityinjection attacksinput validationinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-wide scaninternet_scaninternet_wide_scanintrusion attemptintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 indicatorsipv4 iocipv4 scanningipv4 threatsipv4_indicatorsjapankfsensor honeypotlamplamp attacklamp attackslamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetinglateral movementlcialfilinux systemslinux-server-attacklisted sourceload balancerlogin attacklogin attemptlogin attemptsmailoney activitymailoney attackmailoney eventsmailoney honeypotmailoney interactionsmailoney trafficmalicious activitymalicious activity detectedmalicious file transfermalicious ip addressesmalicious ipsmalicious loginmalicious network activitymalicious payload attemptmalicious script executionmalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-login-attemptsmalicious-scanmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware filtermalware landingmalware propagationmanualmelbourne regionmirai botnetmonthlymysql brute forcenetworknetwork activitynetwork anomaliesnetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-reconnaissancenetwork_enumerationnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnorth americanull scanoceaniaopen proxyopen_port_discoveryopenctioperating systemoperating system securityopportunistic attackeropportunistic-attackowaspp0fp0f network fingerprintingp0f os fingerprintingp0f signaturespassword attackpassword attackspassword cracking attemptspayloadpayment processingperimeter securityphishingphishing attackphishing trappingpolandpoor reputationportport-scanningportscanpossible credential reusepossible malware distributionpossible mirai variantpotential botnetpotential vulnerability scanpotential_compromiseprivilege escalationprocess injectionprotoprotocol exploitationprotocol-abuseproxypythonransomwarerdp attacksrdp scanningreconnaissanceredis exploit attemptredis honeypotredishoneypot activityredmineregional securityremote accessremote access attackremote access attemptsremote servicesresearchedresource hijackingrfirtbhsansscanscannerscanner ipscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer exploitsentrypeer interactionsserver exploitationserver securityservice discoveryservice enumerationservice scanservice-discoveryservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp probingsftp protocol abusesftp traffic analysissftp-attackshadowsever_org-benignshell access attemptssingaporesipsip brute forcesip scanningslugsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp traffic analysissocial engineeringspamsql injectionsshssh attackssh attacksssh monitoringssh scanningssh-brute-forcessrfsurface websuricata alertsuricata alertssynsyn scant-pott1003t1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1053.005t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1495.001t1496t1497t1498t1499.001t1499.002t1499.003t1505.002t1550t1550.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1569t1572t1573t1573.001t1583t1587.001t1588t1589t1590t1590.001t1590.002t1590.003t1590.005t1590.006t1592t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner eventstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp-scantcp_scantelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat actor: unknownthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligencetokyotor nodetorontotpottpotceudp port scanudp scanudp-scanudp_scanunattributed activityunattributed threat actorunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunauthorized probingunauthorized-access-attemptunited statesunited states of americaunknown threat actorusv2valid accountsverified-benignvnc protocolvoipvoip attackvoip systemsvulnerability scanvulnerability-scanningvultrvultr infrastructure targetedvultr parisvultr_platform_activitywafwealth managementweb app attackweb application attackweb application attacksweb application fingerprintingweb application scanningweb attackweb attacksweb crawlerweb exploitationweb scannerweb server attacksweb serversweb service scanningweb shell detectionweb spamweb trafficweb-application-attackxmas scanxmlxss

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

57%

Confidence

Reports

First seenMar 28, 2021

Last seenJun 3, 2026

GeolocationUS

CountryUnited States

LocationPleasanton, California

ASNAS6939

OrgThe Shadowserver Foundation, Inc

Coords37.7510, -97.8220

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4E693F5B (NET-64-62-197-0-1) 64.62.197.0 - 64.62.197.255
references: https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-13/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-05/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-04/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-05/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-02/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-31/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-27/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-28/

`64.62.197.131`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy