IOC Radar
IPMediumSignal 60/100

64.62.197.5

Location
United StatesUnited States
Pleasanton, California
ASN
AS6939
The Shadowserver Foundation, Inc
First Seen
Apr 10, 2021
Last Seen
Jun 19, 2026
Apr 10
First Seen
1902d ago
Jun 19
Last Seen
6d ago
33
Reports
source reports
60%
Confidence
medium
Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

88 techniques

Network Information

CountryUSUnited States
RegionPleasanton, California
ASNAS6939
OrganizationThe Shadowserver Foundation, Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

33 reports60% confidence
33
Source reports
60%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadbadb protocoladbhoney activityadbhoney honeypotadbhoney interactionsadminadministrative accessagentalertapplication layer protocolaptasiaattackattack activityattack source ipattack vectorsattacker-ipaustraliaauthentication attackauto-generated securityautomated attackautomated attacksautomated-attackbad reputationbad web botbankingbeningbening scannerblacklist candidateblock listbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_force_attemptbruteforcec2 servercanadachinachina mobilecins activecisco asacisco devicecisco device attackcisco exploit attemptcisco exploit attemptscisco exploitation attemptcisco exploitation attemptscitrix attack attemptcitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud-infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemsconnect scanconpot activityconpot honeypotconpot ics attackconpot ics exploitationconpot interactionscowriecowrie activitycowrie attackscowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential access attemptcredential attackcredential brute forcecredential compromisecredential guessingcredential harvestingcredential stuffingcredential-bruteforcingcredential-stuffingcredentialaccesscredit card servicescvecyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase exploitationdatabase securitydcom exploitationddosddos attackddos attacksddos probedecoy systemdenial of servicedenial-of-servicedevice managementdigital oceandigitalocean ipsdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversaldistributed attacksdnsdns attackdropperdshield blockelasticpot attackselasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenterprise securityenumerationet dropeuropeexploitexploit attemptexploit attemptsexploit probingexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackersexternal threatexternal-scanningexternal-threatexternal_threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfirewall eventfranceftpftp attackftp attacksftp brute forceftp brute-forceftp scangermanyhackingheralding activityheralding probeshk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttpshttps scanningicmpics securityidentity & access exploitationimapimap brute forceinbound scanindicatorindicators of compromiseindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinjection activityinjection attacksinput validationinternet of thingsinternet-facinginternet-facing assetsinternet-facing systemsinternet-wide monitoringinternet-wide scaninternet_scanintrusion detectioniociocsiot botnetiot device attackiot exploit attemptsiot securityiot targetediot/ics attackip-addressesipv4ipv4 addressesipv4 scanningipv4-addressesipv4_addressit infrastructurejapankfsensor honeypotlamplamp attacklamp attack attemptlamp exploitlamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack targetinglateral movementlcialinux serverslinux-server-attacklisted sourceload balancerlogin attacklogin attemptlogin attemptsloginattacklondonmailoney activitymailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious file transfermalicious ipmalicious ip activitymalicious ipsmalicious ipv4malicious network activitymalicious payloadmalicious payload detectionmalicious scanmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-login-attemptsmalwaremalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware droppermalware propagationmanualmicrosoft technologiesmiraimirai botnetmobilemobile securitymssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-reconnaissancenetwork_discoverynetwork_reconnaissancenetwork_scanningnorth americanull scanoceaniaopen proxyopen_port_discoveryoperating systemoperating system securityopportunistic attackopportunistic attackeropportunistic-attackos credential dumpingp0fp0f network fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspayment processingpgp signphishingphishing attackphishing trappingping of deathpolandpoor reputationportport-scanningportscanpossible botnet activitypossible malware distributionpossible mirai variantpotential botnet activitypotential malicious activitypotential malware activitypotential malware distributionpotential vulnerability exploitationpotential vulnerability scanprivilege escalationprocess injectionprotoprotocol exploitationprotocol-abuseproxypublic ip addressransomwarercerdprdp attacksrdp scanrdp scanningreconnaissanceredisredis brute forceredis exploitation attemptredis exploitation attemptsredis honeypotremote accessremote access attackremote servicesresearchedresource hijackingrpcrtbhsansscanscannerscannersscanning activityscanning_activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer eventssentrypeer interactionssentrypeer p2p attackserver exploitationservice discoveryservice enumerationservice probingservice scanservice scanningservice_enumerationsftp access attemptsftp access attemptssftp activitysftp attacksftp scanningsftp-attackshadowsever_org-benignsingaporesip attackssip brute forcesip scanningsmbsmb scanningsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scansocial engineeringsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsshssh attackssh attacksssh monitoringssh scanssh scanningssh-brute-forcestealth scansuricata alertssynsyn scansystem accesst-pott1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1047t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.003t1590.005t1592t1592.002t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner eventstanner exploit kittanner honeypot activitytanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp scanningtcp-scanningtcp_scantelecommunicationstelnet attackstelnet scantelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_discoverythreat_intelligencetimeouttokyotor nodetpottpotceudp port scanudp scanudp-scanningudp_scanunattributed activityunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized network activityunauthorized-access-attemptunidentified attackerunited kingdomunited statesunited states of americaunknown actorunknown threat actorusus nonevalid accountsverified-benignvnc protocolvoipvoip attackvulnerability scanvultrvultr tokyowafwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploitationweb scannerweb service scanningweb shell detectionweb spamweb trafficweb-application-attackwinwindowsxmas scanxss

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
33
Reports
First seenApr 10, 2021
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationPleasanton, California
ASNAS6939
OrgThe Shadowserver Foundation, Inc
Coords37.6951, -121.9000
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4E693F5B (NET-64-62-197-0-1) 64.62.197.0 - 64.62.197.255
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 6 days ago
Appeared in 33 threat reports