IOC Radar
IPMediumSignal 60/100

64.62.197.203

Location
United StatesUnited States
Pleasanton, California
ASN
AS6939
The Shadowserver Foundation, Inc
First Seen
May 2, 2021
Last Seen
Jun 19, 2026
May 2
First Seen
1878d ago
Jun 19
Last Seen
5d ago
34
Reports
source reports
60%
Confidence
medium
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

87 techniques

Network Information

CountryUSUnited States
RegionPleasanton, California
ASNAS6939
OrganizationThe Shadowserver Foundation, Inc

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

34 reports60% confidence
34
Source reports
60%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadbhoney activityadbhoney attacksadbhoney honeypotadministrative accessaerospace & defenseapacheapache attackerapplication layer protocolaptasiaattackattack preparatoryattack source ipattacker ipattacker ip addressesattacker-ipattacker_ipaustraliaauthentication abuseauthentication attacksauthentication attemptsauthentication brute forceauto-generated securityautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated-attackautomated_attackautomotive manufacturingbad reputationbad web botbankingbeningbening scannerblock listblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute-force attackbrute_forcebrute_force_attackbrute_force_attemptbruteforcec2c2 servercanadachinachina mobilecisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscitrix exploitation attemptscitrix securitycivil servicesclosecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommand injectioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised devicecompromised hostcompromised hostscompromised systemcompromised systemsconpot activityconpot attacksconpot emulationconpot honeypotconpot ics attackcowriecowrie activitycowrie attackscowrie capturecowrie emulationcowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscowrie ssh logscredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_attackcredit card servicesdata encryptiondata exfiltrationdata harvestingdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase attacksdatabase securityddosddos attackddos attacksddos attemptddos probeddos reflectiondecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdictionary_attackdigital oceandigitalocean infrastructuredionaeadionaea activitydionaea attacksdionaea capturedionaea emulationdionaea honeypotdionaea interactionsdionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversaldistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringelectronics manufacturingencryptionenterprise networkingenterprise securityenumerationeuropeexploitexploit attemptexploit attemptsexploit kitsexploit probingexploit scanexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexposed servicesexternal access attemptsexternal ipexternal reconnaissanceexternal threatexternal-threatexternal_threatfail2ban alertfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfranceftpftp attacksftp brute forceftp brute-forceftp scanninggeckogermanygovernment technologyhackinghelloheralding activityhk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap emulationhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanningics securityidentity & access exploitationimap brute forceindicatorindicators of compromiseindustrial automationindustrial control systemsindustrial iotindustrial productioninformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access attemptinjection activityinjection attacksinput validationintel macinternet facing systemsinternet of thingsinternet-facinginternet-scanninginternet-wide observationinternet-wide scanintrusion attemptintrusion detectioniociot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 addressipv4 addressesipv4 iocipv4 threatsipv4-iocipv4-scanningipv4_addressjapankfsensor honeypotkhtmllamplamp attacklamp attackslamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetinglateral movementlateral movement techniqueslcialinux serverslinux systemslinux x8664linux-server-attackload balancerlogin attacklogin attemptlondonmail protocol attacksmailoney activitymailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious emailmalicious email activitymalicious file transfermalicious infrastructuremalicious ip activitymalicious ip listmalicious ipsmalicious network activitymalicious payloadmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware hostingmalware landingmalware propagationmanualmanufacturing technologymass-scanningmilitary operationsmirai botnetmobilemobile securitymysql brute forcenational securitynetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_discoverynetwork_probingnetwork_reconnaissancenetwork_scanningnetworkscanningnextraynorth americanull scanoceaniaopen proxyoperating systemoperating system securityos credential dumpingos fingerprintingos xp0fp0f network fingerprintingp0f signaturespassword attackpassword attackspassword_attackpayment processingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible credential reusepossible malware distributionpossible mirai variantpossible reconnaissance activitypotential botnet activitypotential exploit attemptspotential intrusionpotential malicious activitypotential malware deploymentpotential malware distributionpotential threat actorpotential vulnerability scanpotential_compromisepre-attackprivilege escalationprocess injectionprocess manufacturingprotocol exploitationprotocol-abuseproxypublic administrationpublic cloudpublic cloud targetingpublic infrastructurepublic policypublicly accessible infrastructurequality controlransomwarerdp attacksrdp scanningreconnaissanceredis exploitation attemptsredis honeypotregulatory agenciesremote accessremote access attackremote servicesresearchedresource hijackingrtbhsansscanscannerscanner detectionscannersscanning activityscanning_activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserver exploitationservice enumerationservice scanservice scanningservice_enumerationsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp probingsftp scanningsftp traffic analysissftp-attackshadowsever_org-benignshell access attemptssingaporesip attackssip brute forcesip scanningsmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probesmtp probingsmtp scanningsmtp traffic analysissocial engineeringspamsql injectionsql injection attemptssshssh attackssh attacksssh brute-forcessh monitoringssh-brute-forcesupply chain attacksupply chain managementsuricata alertssynsyn port scansyn scansystem discoveryt-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1040t1041t1046t1047t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1064t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1587.001t1588t1588.002t1589t1589.002t1590t1590.001t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner attackstanner eventstanner interactionstanner web attacktargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_discoverythreat_intelligencetimeouttor nodetpotubuntuudp port scanudp scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized-access-attemptunidentified attackerunited kingdomunited statesunited states of americaunknown threat actorunusual network trafficusus abuseus noneuser enumerationvalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr infrastructurevultr parisvultr tokyovultr-platformwafwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb crawling detectionweb exploit attemptweb exploitationweb exploitsweb scannerweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackwindows ntxmas scanxss

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
34
Reports
First seenMay 2, 2021
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationPleasanton, California
ASNAS6939
OrgThe Shadowserver Foundation, Inc
Coords37.6951, -121.9000
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4E693F5B (NET-64-62-197-0-1) 64.62.197.0 - 64.62.197.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 5 days ago
Appeared in 34 threat reports