IOC Radar
IPMediumSignal 77/100

64.62.197.167

Location
United StatesUnited States
Pleasanton, California
ASN
AS6939
The Shadowserver Foundation, Inc
First Seen
May 27, 2021
Last Seen
Jun 19, 2026
May 27
First Seen
1855d ago
Jun 19
Last Seen
7d ago
38
Reports
source reports
77%
Confidence
medium
Found in 38 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
77%
Signal Score
77 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

117 techniques

Network Information

CountryUSUnited States
RegionPleasanton, California
ASNAS6939
OrganizationThe Shadowserver Foundation, Inc

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

38 reports77% confidence
38
Source reports
77%
Confidence score
Category tags
a5 httpsa6 httpsabuseaccessaccess controlaccount compromiseackactionactive scanactive scanningadbadb attacksadb brute forceadb exploitadb honeypot activityadb protocoladbhoney activityadbhoney attackadbhoney attacksadbhoney honeypotadbhoney interactionsadbhoney related activityadbhoneypot trafficagentalertalpnandroidandroid device attacksandroid devicesandroid_attackandroid_debug_bridgeanomalous network connectionsapi servicesapplication exploitationapplication layer attackapplication layer protocolapplication reconnaissanceaptasaasiaasset discoveryatif feedattackattack attemptattack preparatoryattack sourceattack vectorsattacker ipsattacker-ipattempted exploitationaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication-attemptsauto-generated securityautomated attackautomated attack attemptsautomated attacksautomated threatautomated threatsautomated-attackautomated_threatbad ip'sbad reputationbad web botbankingbanlist feedbeningbening scannerbinary defenseblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnet-activitybotnet_activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute-force attackbrute_forcebruteforcec2c2 communicationcanadacertchina mobilecins activeciscocisco activitycisco asacisco asa attackcisco asa targetedcisco attackcisco attackscisco brute forcecisco devicecisco device attackcisco device scanningcisco device targetedcisco device targetingcisco exploitcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco ios probingcisco logscisco network devicescisco targetedcisco targetingcisco vulnerability exploitationcisco_exploitcitrix attackcitrix brute forcecitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescloud_infrastructurecms detectioncode executioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromise attemptscompromised credentialscompromised credentials attemptcompromised hostcompromised host activitycompromised host detectioncompromised system attemptcompromised system detectioncompromised systemsconfigconnectconnect scanconnected devicesconpot activityconpot attackconpot attacksconpot exploitationconpot honeypotconpot ics attacksconpot interactionscontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectioncowrie emulationcowrie honeypotcowrie honeypot datacowrie honeypot detectioncowrie interactioncowrie interactionscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscowrie ssh logscowrie_attackcrawlercredential accesscredential attackcredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential stuffing attemptscredential theftcredential-accesscredential-stuffingcredential_accesscredential_stuffingcredit card servicescsscurlcvecve exploitationcyber_threat_intelligencecyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase access attemptdatabase activitydatabase attackdatabase attack attemptsdatabase attacksdatabase brute forcedatabase enumerationdatabase exploit attemptsdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptdatabase login attemptdatabase probedatabase probingdatabase scandatabase securitydatabase-serverdatabase_attackdcerpcddosddos attackddos attack indicatorsddos attemptddos attemptsddos participationddos preparationddos probeddos reflectionddospotdecoy systemdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean infrastructuredigitalocean ipsdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea exploitsdionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory bruteforcingdirectory traversaldirectory traversal attemptdistributed attacksdnsdns attackdockerdropperdropper activitydshield blockelasticpot activityelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationet dropeu cyber policieseuropeexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kitexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit scanexploit targetingexploit vulnerabilityexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation_attemptexploited hostexport-to-otxexposed servicesexternal access attemptsexternal reconnaissanceexternal threatexternal_threatextortionfail2ban triggeredfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftpftp activityftp attackftp attacksftp brute forceftp brute-forceftp scangalahgermanygithubgluttongopotgroupshackinghellpotheralding activityheralding scan activityhigh-riskhk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap attackhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp probinghttp request anomalieshttp scannerhttp scanninghttp/httpshttp/shttpshttps scanninghurricane usicmpicsics attackics securityics/ot attackics/scada attacksics/scada systemsidentity & access exploitationimapimap attackindicatorindicators of compromiseindustrial control systemsindustrial iotinfoinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial access vectorinitial-accessinitial_accessinjection activityinjection attacksinput validationinternet exposedinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-scanninginternet-wide monitoringinternet-wide scaninternet_scaninternet_scannersintrusion detectioniociocsiot analyticsiot applicationsiot device attackiot device attacksiot device targetingiot devicesiot exploit attemptsiot platformsiot securityiot targetediot/ics attackip-addressip-address-iocippipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressipv4 attacksipv4 iocipv4 trafficipv4-scanningipv4_activityjapankfsensor honeypotkibanakill-chain exploitationkill-chain reconnaissancelamplamp activitylamp attacklamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetedlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability scanlamp_exploitlateral movementlcialfilinuxlinux malware probelinux serverslinux systemlinux system exploitationlinux systemslinux-server-attacklinux-server-attackslinux-systemlinux_server_attackslisted sourceload balancerlog4potloginlogin attacklogin attemptlogin_attemptlow-riskmail protocol abusemailoney activitymailoney attackmailoney capturemailoney eventsmailoney honeypotmailoney interactionsmailoney logsmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious adb activitymalicious code detectionmalicious domainmalicious emailmalicious email activitymalicious emailsmalicious file transfermalicious ip activitymalicious ip addressesmalicious ipsmalicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptsmalicious payload deliverymalicious payload detectionmalicious payload distributionmalicious script executionmalicious sftp activitymalicious sip activitymalicious softwaremalicious software detectionmalicious sshmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious-scanmalicious_activitymalicious_trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptsmalware droppermalware landingmalware probingmalware propagationmalware propagation attemptsmalware_activitymalware_delivery_attemptmanualmass-scanningmedpotmispmobilemobile securitymobile threatmodbus attacksmonthlymssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork devicenetwork device attacksnetwork device compromisenetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service attacknetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-reconnaissancenetwork_activitynetwork_devicenetwork_device_attacknetwork_discoverynetwork_intrusionnetwork_reconnaissancenetwork_scannorth americanosql database attacknull scanobjectoceaniaopen proxyopen_port_discoveryopencanaryopportunistic attackeros command injectionosintowaspp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpayment processingperimeter securitypgp signphishingphishing attackphishing trapphp exploitpingping of deathpolandpoor reputationportport-scanport-scanningportscanpossible botnet activitypossible botnet communicationpossible credential reusepossible credential stuffingpossible credential theftpossible malware activitypossible malware deliverypossible malware distributionpossible malware propagationpossible mirai variantpotential botnetpotential botnet activitypotential compromisepotential credential stuffingpotential credential theftpotential exploitpotential exploit activitypotential intrusionpotential intrusion attemptpotential lateral movementpotential malicious activitypotential malware activitypotential malware deliverypotential malware distributionpotential malware hostingpotential reconnaissancepotential vulnerability exploitationpre-attackprivilege escalationprobingprocess injectionprotoprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accesspythonransomwareransomware activityraspberry-pirdprdp attacksreconnaissancereconnaissance activityredisredis exploit attemptredis exploitationredis exploitation attemptsredis honeypotredis honeypot attackredis-cliredishoneypotredishoneypot activityregional securityremote accessremote access abuseremote access attackremote access attacksremote access attemptremote access attemptsremote service exploitationremote servicesremote-access-attemptresearchedresource developmentresource hijackingrfis7comm attackssansscada exploitation attemptsscada_icsscannerscanner activityscanner ipsscannersscanningscanning activityscriptscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer exploitsentrypeer interactionssentrypeer logsserverserver exploitationserver securityservice discoveryservice enumerationservice exploitation attemptsservice scanservice scanningservice-discoveryservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptssftp probingsftp protocol abusesftp scanningsftp traffic analysissftp-attacksftp_attackshadowsever_org-benignshellshell accessshell access attemptsingaporesipsip activitysip attackssip brute forcesip probingsip scansip scanningsip vulnerability scansip_attacksippslugsmart devicessmb attackssmb brute forcesmb exploitationsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsmtp traffic analysissnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh activityssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh scanssh-brute-forcessh-bruteforcessh_bruteforcesslssl/tls protocolsssrfsurface websuricata alertsuricata alertssynsyn scansystem discoverysystem disruptionsystem reconnaissancet-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1033t1040t1041t1046t1047t1048t1048.003t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1070.004t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1490t1495.001t1496t1497t1498t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1547t1550t1550.002t1550.003t1552.001t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1569t1572t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.003t1590.004t1590.005t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner attacktanner attackstanner eventstanner interactionstanner logstargeting databasetcptcp protocoltcp scantcp scanningtcp-scantcp_scantelecommunicationstelnettelnet attackstelnet attemptstelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencetimeouttokyotop10.txttopips.txttor nodetorontotpottpotcetsecttpsudp port scanudp scanudp-scanudp_scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized-access-attemptunauthorized_access_attemptunidentified threat actorunited kingdomunited statesunited states of americaunknown threat actorusus abuseus noneus sourceus source ipvalid accountsverified-benignvncvnc protocolvoidtrapvoipvoip attackvoip systemvoip systemsvoip_attackvpnvpn ipvpn protocolsvulnerability scanvulnerability-scanvulnerability-scanningvultrwafwazuhweak credentialswealth managementweb apisweb app attackweb applicationweb application attackweb application attacksweb application fingerprintingweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb crawlerweb developmentweb exploit attemptweb exploit attemptsweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb serverweb server attacksweb serversweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-attackweb-serverweb_applicationweb_attackwebscanwebscannerwgetwindows systemwordpotxmas scanxss

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
77
SIGNAL
Signal Score
77%
Confidence
38
Reports
First seenMay 27, 2021
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationPleasanton, California
ASNAS6939
OrgThe Shadowserver Foundation, Inc
Coords37.6951, -121.9000
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4E693F5B (NET-64-62-197-0-1) 64.62.197.0 - 64.62.197.255
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 7 days ago
Appeared in 38 threat reports