IOC Radar
IPMediumSignal 66/100

64.62.197.52

Location
United StatesUnited States
Pleasanton, California
ASN
AS6939
The Shadowserver Foundation, Inc
First Seen
Apr 8, 2021
Last Seen
Jun 18, 2026
Apr 8
First Seen
1904d ago
Jun 18
Last Seen
7d ago
34
Reports
source reports
66%
Confidence
medium
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

94 techniques

Network Information

CountryUSUnited States
RegionPleasanton, California
ASNAS6939
OrganizationThe Shadowserver Foundation, Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

34 reports66% confidence
34
Source reports
66%
Confidence score
Category tags
abuseaccessaccess attemptsaccess controlaccount compromiseaccount securityack scanactive scanactive scanningadbadb protocoladbhoney activityadbhoney honeypotadministrative accessapacheapache attackerapplication layer protocolaptasiaattackattack source ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attemptsauto-generated securityautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated-attackautomated_attackbad reputationbad web botbankingbeningbening scannerblacklist ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec2c2 communicationc2 servercanadachinacisco devicecisco device targetingcisco exploitation attemptscitrix exploitation attemptcitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised devicecompromised hostcompromised hostscompromised systemcompromised system attemptconpot activityconpot honeypotcontainer securitycowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-stuffingcredit card servicescurldata encryptiondata exfiltrationdata exfiltration attemptdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase attacksdatabase exploitation attemptsdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attacksddos probeddospotdecoy systemdenial of servicedevice managementdictionary attackdigital oceandigitalocean ipdigitalocean platformdionaeadionaea activitydionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea malware samplesdiscovery phasedistributed attacksdnsdns attackdockerdropperelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploit: web applicationexploitationexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal scanningexternal threatextortionfailed loginfailed login attemptsfattfatt analysisfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scangalahgeckogermanygithubgluttongopotgroupshackinghellohellpotheralding activityhoneynet connecthoneytrap activityhoneytrap datahoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp/shttpshydraicmpics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial_accessinjection activityinjection attacksintel macinternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceinternet-facing systemsinternet-wide scaninternet_scannersinternet_wide_scanintrusion detectioniociocsiot attackiot botnetiot device attackiot securityiot targetediot/ics attackip-addressesipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressesipv4 port scanningipv4 scanningipv4 trafficipv4_indicatorsjapankfsensor honeypotkhtmlkibanakill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack targetinglateral movementlateral movement techniqueslcialinux serverslinux systemslinux x8664linux-server-attacklinux_server_attackslog4potlogin attacklogin attemptlondonlow-riskmailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious file transfermalicious ipmalicious ip listmalicious ipsmalicious network activitymalicious payloadmalicious scanmalicious sftp activitymalicious softwaremalicious ssh activitymalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware detectionmalware distributionmalware downloadmalware droppermalware hostingmalware propagationmalware scanningmalware_activitymanualmasscanmasscan activitymedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmobilemobile securitymonthlymssqlmysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnmapnmap scan detectednorth americanull scanoceaniaopen proxyoperating systemoperating system securityos fingerprintingos xosintp0fp0f network fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpayment processingphishingphishing attackphishing trappolandport-scanningportscanpossible malware distributionpossible mirai variantpossible vulnerability probingpotential exploit attemptspotential exploit targetingpotential intrusionpotential malware deliverypotential malware distributionpotential reconnaissance activityprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpythonransomwarerdp attacksrdp scanrdp scanningreconnaissancereconnaissance activityredis exploitationredis honeypotredishoneypot activityremote accessremote access attemptsremote loginremote servicesresearchedresource hijackingrpcsansscams & fraudscanscannerscanner activityscanner detectionscanner ipscannersscanning activityscriptscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice discoveryservice enumerationservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp-attackshadowsever_org-benignshell accessshell access attemptshell access attemptssingaporesipsip attackssip brute forcesip enumerationsip scansip scanningsip vulnerability scanningsippslugsmtpsmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh scanssh scanningssh-brute-forcestealth scansurface websuricata alertssynsyn scansystem accesssystem disruptiont-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1587.001t1588t1588.002t1588.004t1588.005t1588.006t1589t1590t1590.001t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcptcp port scanningtcp protocoltcp scantcp scanningtelecommunicationstelnet attackstelnet scantelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontokyotor nodetpottsecubuntuudp port scanudp port scanningudp scanunattributed activityunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized-access-attemptunited kingdomunited statesunited states of americaunknown actorunknown threat actorunusual network trafficusverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanvultrvultr infrastructure targetedvultr ip addresswealth managementweb app attackweb application attackweb application attacksweb application probingweb application scanningweb attackweb attacksweb crawling detectionweb exploitweb exploitationweb exploitsweb login attemptweb scannerweb serversweb service scanningweb shellweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackweb_attackwgetwindows ntwordpotxmas scan

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
34
Reports
First seenApr 8, 2021
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationPleasanton, California
ASNAS6939
OrgThe Shadowserver Foundation, Inc
Coords37.6853, -121.8948
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw
Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4E693F5B (NET-64-62-197-0-1) 64.62.197.0 - 64.62.197.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 7 days ago
Appeared in 34 threat reports