64.62.197.197 | Threat Intelligence Lookup

Threat

64.62.197.197

Substantial evidence indicates that this IP should be regarded as a threat. Advised action: Conduct a thorough investigation of the activities linked to this IP and consider implementing restrictions on its traffic.

How is the evaluation?

First detected

March 9, 2023

Last detected

September 7, 2024

Detected threat types

Type

Malware

The IoC is related to malicious software distribution. It can be a host or a URL serving the malware.

References

https://zonefiles.io/f/compromised/ip/full/

Type

Attack

Malicious activity detected from the host.

References

https://lists.blocklist.de/lists/mail.txt https://github.com/ShadowWhisperer/IPs/archive/refs/heads/master.zip https://lists.blocklist.de/lists/apache.txt https://lists.blocklist.de/lists/ssh.txt https://api.cybercure.ai/feed/get_ips?type=csv https://view.sentinel.turris.cz/greylist-data/greylist-latest.csv https://github.com/stamparm/ipsum/archive/refs/heads/master.zip https://lists.blocklist.de/lists/bruteforcelogin.txt https://github.com/CriticalPathSecurity/Zeek-Intelligence-Feeds/archive/refs/heads/master.zip

Malicious activity

Critical

Detected 2 times

Last detected July 29, 2024

CVE-2018-0101

Malicious activity

Signature: Exploit attempt

Medium

Detected 2 times

Last detected August 19, 2024

Malicious activity

Signature: Brute-force attempt

Target protocol: telnet

Medium

Detected 6 times

Last detected August 4, 2024

Malicious activity

Signature: Malicious traffic

Target protocol: smtp

Medium

Detected 1 times

Last detected August 10, 2024

CVE-2002-0013 CVE-2002-0012 CVE-1999-0517

Attempted Information Leak

Signature: public access udp

Medium

Detected 1 times

Last detected August 10, 2024

CVE-2002-0013 CVE-2002-0012

Attempted Information Leak

Signature: request udp

IP Netblock

Threat score: 5%

Inetnum

64.62.128.0 - 64.62.255.255

Parent

NET-64-0-0-0-0

Source

ARIN

Netname

HURRICANE-4

Organization

HURC

Name

Hurricane Electric LLC

Address

760 Mission Court, Fremont, CA, 94539, United States

Admin Contact

No contact information

How is the evaluation?

First detected

March 9, 2023

Last detected

September 7, 2024

Geolocation

Country

United States of America

City

Pleasanton

Region

California

Proxy detection

Public VPN

Not detected

Tor exit node

AS Information

ASN

6939

Name

Hurricane Electric

Route

telnet://route-server.he.net

Domain

http://he.net

Reverse DNS (PTR)

Direct resolving

scan-50a.shadowserver.org.

PTR match

Integrations

API Access

Our API offers the same data as the Lookup service, seamlessly integrating and into your security platform.

Data Feed access

Download the complete dataset behind this lookup, available as daily updates or real-time streaming.