IOC Radar
IPMediumSignal 69/100

64.62.197.182

Location
United StatesUnited States
Pleasanton, California
ASN
AS6939
The Shadowserver Foundation, Inc
First Seen
Mar 25, 2021
Last Seen
Jun 11, 2026
Mar 25
First Seen
1904d ago
Jun 11
Last Seen
today
39
Reports
source reports
69%
Confidence
medium
Found in 39 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

129 techniques

Network Information

CountryUSUnited States
RegionPleasanton, California
ASNAS6939
OrganizationThe Shadowserver Foundation, Inc

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

39 reports69% confidence
39
Source reports
69%
Confidence score
Category tags
a5 httpsa6 httpsabuseaccessaccess attemptsaccess controlaccount accessaccount compromiseaccount discoveryaccount profilingaccount takeoveractive scanactive scanningadbadb attacksadb brute forceadb exploitadb protocoladb scanningadb-attacksadbhoney activityadbhoney honeypotadbhoney interactionsadvertising campaignadvertising spamandroidandroid device attacksandroid devicesandroid_attackanomalous network connectionsapi servicesapplication layer protocolaptasaasiaattackattack destination ipattack sourceattack source ipattacker ipattacker-ipattacker_ipattempted-intrusionaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication_bypassautomated attackautomated attack activityautomated attack attemptsautomated attacksautomated threatautomated threatsautomated-attackautomated_attackbad ip'sbad reputationbad web botbankingbeningbening scannerblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnet-activitybotnet_activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute force ftpbrute force sshbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcebulk messagingc2c2 communicationc2 servercanadacertchina mobilecisco asacisco attackcisco attackscisco brute forcecisco devicecisco device attackcisco device attackscisco device targetingcisco exploitcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescisco protocol attackscisco scanningcisco targetingcisco vulnerability exploitationcisco-device-targetingcisco_device_attackcitrix enumerationcitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommercial sexcommercial spamcommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host indicatorscompromised hostscompromised system attemptcompromised system detectioncompromised systemsconnectconnected devicesconpotconpot activityconpot attackconpot attacksconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactionconpot interactionscontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectedcowrie detectioncowrie emulationcowrie honeypotcowrie honeypot detectioncowrie interactioncowrie interactionscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential theftcredential-harvestingcredential-stuffingcredential_accesscredential_stuffingcredit card servicescurlcvecve exploitation attemptdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata scrapingdata store exposuredata theftdatabase activitydatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploit attemptsdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptdatabase intrusion attemptsdatabase login attemptdatabase probingdatabase scandatabase securitydatabase serversdatabase-serverdatabase_attackdatabase_serverdcerpcddosddos attackddos attack indicatorsddos attemptddos preparationddos probeddos probingddos reflectionddospotdecoy systemdelhidenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandigitalocean infrastructuredionaeadionaea activitydionaea alertdionaea attackdionaea attack signaturesdionaea attacksdionaea capturedionaea detecteddionaea detectiondionaea eventsdionaea exploit attemptsdionaea exploitsdionaea honeypotdionaea interactionsdionaea malwaredionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea malware trapdionaea payloadsdirectory traversaldirectory traversal attemptdistributed attacksdnp3dnsdns attackdockerdropperelasticpot activityelasticpot attackselasticpot dataelasticpot detectedelasticpot honeypotelasticsearchelasticsearch monitoringemailemail-serversencryptionenterprise networkingenterprise securityenumerationenv-huntingethernet/ipeu cyber policieseuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploit-attemptsexploit_attemptexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilitiesexploitation of vulnerabilityexploitation_attemptexploited hostexport-to-otxexposed services exploitationexternal access attemptsexternal ipexternal remote servicesexternal scanningexternal threatexternal_threatextortionfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinancefinancial servicesfinancial technologyfinlandfrancefraudftpftp activityftp attackftp attacksftp attemptftp brute forceftp brute-forceftp scanftp scanningftp_scangalahgermanygithubgluttongopotgroupsgurgaonhackinghellpotheralding activityheralding attackheralding attacksheralding behaviorheralding probesheralding protocol abuseherolding attackshk abusehandlerhoneynet connecthoneypot 24h activityhoneypot triggeredhoneytrap activityhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp/httpshttp/shttp_scanhttpshttps brute forcehttps scanninghurricane usicmpicsics protocol attacksics securityics-scada-attacksics/scadaics/scada attackics/scada attacksics/scada systemsidentity & access exploitationillegal service advertisingillegal servicesimapimap attackinbound scanindiaindia phone numbersindia spamindicatorindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access preparationinitial-access-attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksinput validationinternet background noiseinternet facinginternet facing assetsinternet of thingsinternet scaninternet-facinginternet-facing serviceinternet-facing systemsinternet-wide observationinternet-wide scaninternet_wide_scanintrusion detectioniociocsiot analyticsiot applicationsiot attackiot attacksiot device attackiot device attacksiot device targetingiot devicesiot exploit attemptsiot platformsiot securityiot targetediot/ics attackiot_attackip-address-iocipmi scanningippipphoney activityipphoney dataipphoney honeypotipv4ipv4 activityipv4 addressesipv4 attacksipv4_addressipv4_scanningjapankfsensor honeypotkibanaknown malicious iplajpat nagarlamplamp attacklamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server probelamp server targetedlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp vulnerability scanninglamp_stack_attacklateral movementlcialinuxlinux malware probelinux serverslinux systemlinux system exploitationlinux systemslinux-server-attacklinux-server-targetinglinux-systemlinux_server_attacksload balancerlog4potloginlogin attacklogin attemptlogin attemptslogin failurelondonmail protocol abusemail service attackmail service probingmailoney activitymailoney attackmailoney attacksmailoney capturemailoney detectionmailoney email spoofingmailoney eventsmailoney honeypotmailoney indicatorsmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious adb activitymalicious campaignmalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious emailsmalicious file transfermalicious file uploadsmalicious infrastructuremalicious ip activitymalicious ip detectedmalicious ipsmalicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptsmalicious payload detectionmalicious scanmalicious script executionmalicious sftp activitymalicious softwaremalicious software detectionmalicious software targetingmalicious sshmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptmalware download attemptsmalware droppermalware hostingmalware infectionmalware propagationmalware_activitymanualmass scanningmedpotmispmobilemobile securitymobile threatmodbusmodbus attacksmonthlymssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork devicenetwork device attacknetwork device attacksnetwork device compromisenetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork monitoringnetwork perimeternetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-devicesnetwork-reconnaissancenetwork-scanningnetwork_devicenetwork_device_attacknetwork_intrusionnetwork_reconnaissancenetwork_scannetwork_scanningnetwork_service_exploitationnginxnoidanorth americanosqlnull scanoceaniaopen proxyopencanaryopportunistic attackopportunistic attackeros credential dumpingos credentials dumpingp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpayment processingpgp signphishingphishing attackphishing trapphone number spamphone spamphp exploitphp exploitation attemptsping of deathpolandpop3 attackport-scanningportscanpossible botnet activitypossible credential reusepossible credential stuffingpossible exploit attemptpossible malicious activitypossible malware activitypossible malware deliverypossible malware distributionpossible malware dropperpossible malware propagationpossible mirai variantpossible reconnaissancepotential botnetpotential botnet activitypotential compromisepotential credential compromisepotential credential stuffingpotential credential theftpotential data exfiltrationpotential exploitpotential exploit activitypotential exploit attemptpotential malicious activitypotential malware activitypotential malware deliverypotential malware distributionpotential malware downloadpotential malware hostingpotential malware infectionpotential malware uploadpotential reconnaissancepotential vulnerability probingpotential_compromiseprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accesspublic cloud targetingpublicly accessible infrastructurepythonransomwareransomware activityraspberry-pircerdprdp attacksrdp scanrdp_scanreconnaissancereconnaissance activityreconnaissance-activitiesredisredis attacksredis brute forceredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredis honeypot attacksredishoneypot activityregional securityremote accessremote access abuseremote access attackremote access attemptremote access attemptsremote access serviceremote serviceremote service exploitationremote service interactionremote servicesremote_accessremote_access_serviceremote_serviceresearchedresource developmentresource hijackings7comm attackssansscada exploitation attemptsscada/ics attacksscamscams & fraudscannerscannersscanning activityscriptscripting attackssecurity eventsecurity operationssensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer connectionssentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer intrusion attemptssentrypeer p2p attacksentrypeer targetedserver exploitationservice discoveryservice enumerationservice probingservice scanservice scanningsex services advertisementsex worksftpsftp abusesftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptsftp exploitation attemptssftp intrusion attemptssftp probingsftp scanningsftp-attacksftp-attackssftp-brute-forceshadowsever_org-benignshell accessshell access attemptshell access attemptssipsip activitysip attackssip brute forcesip enumerationsip heraldingsip scansip scanningsip vulnerability exploitationsip vulnerability probingsip vulnerability scansip vulnerability scanningsip-attackssip-scanningsippslugsmart devicessmb attackssmb brute forcesmb exploitationsmb probingsmb scanningsmssms spamsms spam campaignsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsocradarsoftware exploitationspamspam advertisementspam advertisement campaignspam campaignsql injectionsql injection attemptsql injection attemptssshssh activityssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh scanssh-attacksssh-brute-forcessh-bruteforcessh_scansslsurface websuricata alertsuricata alertssyn scansystem discoverysystem disruptiont-pott-pot frameworkt1003t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1033t1040t1041t1046t1047t1048t1048.003t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1070.004t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1199t1202t1203t1204t1204.002t1210t1213t1486t1490t1495.001t1496t1497t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1550t1550.002t1550.003t1555t1555.003t1555.004t1555.005t1559t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1567.001t1572t1573t1573.001t1583t1583.001t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.003t1590.004t1590.005t1590.006t1591t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1598t1598.003t1608tannertanner activitytanner attacktanner attack patternstanner attackstanner detectedtanner eventstanner exploit kittanner honeypot activitytanner http honeypottanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp scanningtcp/23tcp/iptelecommunicationstelephone harassmenttelnettelnet attackstelnet attemptstelnet scantelnet threattelnet-brute-forcetftpthreat actorthreat actor activitythreat detectionthreat feedthreat intelthreat intelligencethreat intelligence feedthreat_actor_unknownthreat_intelligencetimeouttokyotop10.txttopips.txttor nodetpottpotcetsecttpsttps observedudp port scanudp scanunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized-access-attemptunidentified attackerunidentified threat actorunited kingdomunited statesunited states of americaunknown actorunknown threat actorunsolicited communicationunsolicited contactunsolicited contentunsolicited emailusus abuseus ip addressus noneus source ipvalid accountsverified-benignvnc protocolvoipvoip attackvoip attacksvoip systemvoip systemsvoip_attackvpnvpn ipvulnerability scanvultrvultr tokyowafweak credentialswealth managementweb apisweb app attackweb applicationweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb crawlerweb developmentweb exploit attemptweb exploit attemptsweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb serverweb server attackweb server attacksweb serversweb service probingweb service scanningweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-application-attacksweb-serverweb-serversweb_applicationweb_attackweb_serverweb_server_attackwgetwindows systemwordpotxmas scanxss

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
39
Reports
First seenMar 25, 2021
Last seenJun 11, 2026
GeolocationUS
CountryUnited States
LocationPleasanton, California
ASNAS6939
OrgThe Shadowserver Foundation, Inc
Coords37.7510, -97.8220
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4E693F5B (NET-64-62-197-0-1) 64.62.197.0 - 64.62.197.255
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen today
Appeared in 39 threat reports