IOC Radar
IPMediumSignal 60/100

64.62.197.68

Location
United StatesUnited States
Pleasanton, California
ASN
AS6939
The Shadowserver Foundation, Inc
First Seen
Apr 11, 2021
Last Seen
Jun 19, 2026
Apr 11
First Seen
1899d ago
Jun 19
Last Seen
5d ago
34
Reports
source reports
60%
Confidence
medium
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

91 techniques

Network Information

CountryUSUnited States
RegionPleasanton, California
ASNAS6939
OrganizationThe Shadowserver Foundation, Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

34 reports60% confidence
34
Source reports
60%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount securityactive reconnaissanceactive scanactive scanningadbadb protocoladb scanningadbhoney activityadbhoney attacksadbhoney honeypotadministrative accessandroid device attacksapplication layer protocolapplication reconnaissanceaptasiaasset discoveryattackattack activityattack source identificationattack source ipattack vectorsattacker-ipaustraliaauthentication attackauthentication attacksauthentication failureauto-generated securityautomated attackautomated attacksautomated threatautomated-attackautomated_attackbad reputationbad web botbankingbeningbening scannerblacklist candidateblock listblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackbruteforcec2c2 servercanadachinachina mobilecisco asacisco attackcisco devicecisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscitrix exploitation attemptcitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescms detectioncode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised credentialscompromised devicecompromised hostcompromised hostscompromised systemcompromised system attemptcompromised systemsconnectconpot activityconpot attacksconpot exploitationconpot honeypotconpot ics attacksconpot ics exploitationcowriecowrie activitycowrie attackcowrie attackscowrie detectioncowrie honeypotcowrie honeypot detectioncowrie interactioncowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential_accesscredit card servicesdata encryptiondata exfiltrationdata store exposuredata theftdatabase activitydatabase attackdatabase attacksdatabase exploitdatabase exploitation attemptsdatabase intrusion attemptdatabase probingdatabase securitydatabase serversddosddos attackddos attacksddos probeddos probingdecoy systemdenial of servicedevice managementdigital oceandigitalocean infrastructuredionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory bruteforcingdirectory traversaldistributed attacksdnsdns attackdropperelasticpot activityelasticpot attackselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeuropeexploitexploit attemptexploit attemptsexploit kitsexploit probingexploit public-facing applicationexploit_attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal threatexternal-scanningexternal_threatfail2ban alertfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin port scanfin scanfinancefinance and insurancefinancial servicesfinancial technologyfinlandfranceftpftp attackftp attacksftp brute forceftp brute-forceftp_scangermanygithubgroupshackingheralding activityheralding attacksheralding probeshk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp enumerationhttp exploitation attemptshttp probinghttp scannerhttp scanninghttp/shttp/s brute forcehttp_scanhttpshttps scanninghydraicmpicsics securityics/scada attacksidentity & access exploitationimapimap brute forceinbound scanindicatorindicators of compromiseindustrial control systemsinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinitial_accessinjection activityinjection attacksinput validationinternet exposedinternet of thingsinternet-facinginternet-facing assetsinternet-facing systemsinternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion detectioniociot attackiot botnetiot device attackiot device targetingiot securityiot targetediot/ics attackipmi scanningipphoney activityipphoney honeypotipv4ipv4 port scanningipv4 scanningipv4_addressipv4_scanningjapankfsensor honeypotlamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp stack attacklamp stack targetedlamp stack targetinglateral movementlcialfilinux serverslinux systemsload balancerlogin attacklogin attemptlogin_attemptmailoney activitymailoney detectionmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious emailmalicious email activitymalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious payload detectionmalicious scanmalicious softwaremalicious ssh activitymalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware droppermalware hostingmalware propagationmalware scanningmanualmass scanningmasscanmirai botnetmobilemobile securitymobile threatmodbus attacksnetworknetwork activitynetwork attacksnetwork device attacksnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork-reconnaissancenetwork_activitynetwork_devicenetwork_reconnaissancenetwork_scannetwork_scanningnmapnorth americanull port scannull scanoceaniaopen port detectionopen proxyopen_port_discoveryoperating systemoperating system securityopportunistic attackopportunistic attackerowaspp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword sprayingpayment processingpgp signphishingphishing attackphishing trappolandpop3 brute forceportscanpossible botnet activitypossible credential reusepossible exploit attemptpossible malware activitypossible malware distributionpossible mirai variantpotential credential stuffingpotential exploitpotential exploit activitypotential malicious activitypotential malware deploymentpotential malware distributionpotential threat actorpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationproxypythonransomwareransomware activityrdp attacksrdp scanningrdp_scanreconnaissanceredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypot activityremote accessremote access attackremote access attemptremote access attemptsremote service interactionremote servicesresearchedresource hijackingrfis7comm attackssansscanscannerscannersscanning activityscriptscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsservice discoveryservice enumerationservice probingservice scanservice scanningservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptshadowsever_org-benignshell access attemptsingaporesipsip attackssip brute forcesip enumerationsip scanningsip vulnerability scansip vulnerability scanningslugsmb attackssmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware exploitationspamspam campaignssql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh_scanssrfsurface websuricata alertsuricata alertssynsyn port scansyn scant-pott1003t1005t1016t1018t1020t1021t1021.001t1021.002t1021.004t1021.006t1027t1040t1041t1046t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059.008t1064t1065t1068t1069.001t1070t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1495.001t1496t1497t1499.001t1499.002t1499.003t1550.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1587.001t1588t1589t1590t1590.001t1590.003t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner attackstanner eventstanner exploit kittanner honeypot activitytanner interactionstargeting databasetcptcp protocoltcp scantcp-scanningtcp_scantelecommunicationstelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_actor_unknowntimeouttor nodetorontotpotudp port scanudp scanudp-scanningudp_scanunattributed activityunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized probingunauthorized scanningunidentified attackerunited kingdomunited statesunited states of americaunknown threat actorusus abuseus nonevalid accountsverified-benignvoidtrapvoipvoip attackvoip attacksvulnerability scanvultrvultr cloud infrastructurevultr ip addresswafwealth managementweb app attackweb application attackweb application attacksweb application fingerprintingweb application scanningweb attackweb crawlerweb exploitweb exploitationweb exploitsweb scannerweb server attacksweb serversweb shell attemptweb shell detectionweb spamweb trafficweb_applicationxmas port scanxmas scanxss

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
34
Reports
First seenApr 11, 2021
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationPleasanton, California
ASNAS6939
OrgThe Shadowserver Foundation, Inc
Coords37.6951, -121.9000
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
Hurricane Electric LLC HURRICANE-4 (NET-64-62-128-0-1) 64.62.128.0 - 64.62.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-4E693F5B (NET-64-62-197-0-1) 64.62.197.0 - 64.62.197.255
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 5 days ago
Appeared in 34 threat reports