IOC Radar
IPMediumSignal 62/100

64.62.197.216

Location
United StatesUnited States
Pleasanton, California
ASN
AS6939
The Shadowserver Foundation, Inc
First Seen
Mar 25, 2021
Last Seen
Jun 20, 2026
Mar 25
First Seen
1918d ago
Jun 20
Last Seen
5d ago
35
Reports
source reports
62%
Confidence
medium
Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

89 techniques

Network Information

CountryUSUnited States
RegionPleasanton, California
ASNAS6939
OrganizationThe Shadowserver Foundation, Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

35 reports62% confidence
35
Source reports
62%
Confidence score
Category tags
abuseaccess attemptsaccess controlaccount compromiseack scanactive reconnaissanceactive scanactive scanningadb brute forceadbhoney activityadbhoney honeypotapplication layer protocolaptasiaattackattack vectorsaustraliaauthentication abuseauto-generated securityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbankingbeningbening scannerblacklist candidateblacklisted ipblock listblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec2c2 communicationc2 servercanadachina mobilecisco asacisco attackcisco brute forcecisco devicecisco device scanningcisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscitrix exploitation attemptscitrix securitycloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompany limitedcompromised credentialscompromised devicecompromised hostcompromised host detectioncompromised host indicatorscompromised hostscompromised systemcompromised systemsconnect scanconpotconpot activityconpot honeypotcontainer securitycowriecowrie activitycowrie attackscowrie capturecowrie honeypotcowrie honeypot detectioncowrie interactioncowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscowrie ssh logscredential accesscredential access attemptcredential access attemptscredential attackcredential attackscredential brute forcecredential compromisecredential harvestingcredential stuffingcredential-stuffingcredentialaccesscredit card servicescurlcvecve exploitationdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attacksddos attemptddos probeddos reflectionddospotdecoy systemdenial of servicedevice managementdictionary attackdigital oceandigitalocean ipdigitalocean ipsdionaeadionaea activitydionaea attack signaturesdionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringemailemailattackencryptionenterprise networkingenterprise securityenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit kitsexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal_threatextortionfail2ban blocked ipfail2ban triggerfailed authenticationfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftpftp attackftp attacksftp brute forceftp scangalahgermanygithubgluttongopothackinghellpotheralding activityhk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttp/shttpsicmpics securityidentity & access exploitationimapinbound scanindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial access preparationinitial_access_attemptinjection activityinjection attacksinternet background noiseinternet facing assetsinternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-wide monitoringinternet-wide scanintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 addressesipv4 scanningipv4_addressjapankfsensor honeypotkibanalamplamp attacklamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetedlamp stack targetinglateral movementlinux serverslinux systemslinux-server-attacklinux_server_attackslog4potlogin attacklogin attemptlogin attemptsmail protocol abusemailoney activitymailoney capturemailoney eventsmailoney honeypotmailoney indicatorsmailoney interactionsmailoney trafficmalicious activitymalicious activity detectedmalicious emailmalicious file transfermalicious ip activitymalicious ipsmalicious network activitymalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware landingmalware propagationmalware_activitymanualmasscan activitymedpotmirai botnetmssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork_enumerationnetwork_scanningnetworkscanningnmap scan detectednorth americanull scanoceaniaopen proxyopportunistic attackeros credential dumpingp0fp0f network fingerprintingp0f os fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpayment processingpgp signphishingphishing attackphishing trappolandport-scanningportscanpossible malware distributionpossible mirai variantpossible reconnaissancepossible vulnerability probingpotential exploitpotential exploit targetingpotential malware distributionpotential reconnaissance activityprocess injectionprotocol exploitationprotocol-abuseproxyproxy accesspythonransomwarerdp scanrdp scanningreconnaissanceredis exploitation attemptsredis honeypotremote accessremote access attemptsremote service interactionremote servicesresearchedresource hijackingrtbhsansscada exploitation attemptsscanscannerscanner ipscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver attackserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp credential attacksftp traffic analysissftp-attackshadowsever_org-benignshell accessshell access attemptsip attackssip brute forcesip scansip scanningsip vulnerability scansippslugsmtpsmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsmtp traffic analysissnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsshssh attackssh attacksssh monitoringssh scanssh-brute-forcestealth scansurface websuricata alertsuricata alertssynsyn scansystem discoverysystem disruptiont-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner attack patternstanner eventstanner interactionstargeting databasetcp protocoltcp scantcp/iptelecommunicationstelnettelnet attemptstelnet scantelnet scanningtelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventionthreat_intelligencetimeouttor nodetpottpotcetsecudp port scanudp scanunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized-access-attemptunited kingdomunited statesunited states of americaunknown actorunknown threat actorusus nonevalid accountsverified-benignvnc protocolvoipvoip attackvulnerability scanvultrvultr cloud infrastructurewealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploit attemptweb exploitationweb login attemptweb scannerweb shellweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackweb_attackwgetwordpotxmas scan

Activity Timeline

1 total obs
Jun 20Jun 20

Threat Activity Heatmap

· Peak: 2026-06-20
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
35
Reports
First seenMar 25, 2021
Last seenJun 20, 2026
GeolocationUS
CountryUnited States
LocationPleasanton, California
ASNAS6939
OrgThe Shadowserver Foundation, Inc
Coords37.6951, -121.9000
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw
Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4E693F5B (NET-64-62-197-0-1) 64.62.197.0 - 64.62.197.255
references
https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://list.rtbh.com.tr/output.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 5 days ago
Appeared in 35 threat reports