IntrusionLabs IntrusionLabs
← Back to feed

Subnet 64.62.156.0/24

SUBNET Active high
Why this campaign was detected
14 IPs from the same /24 subnet (64.62.156.0/24) were observed attacking our sensors within the same time window. All belong to Hurricane Electric LLC (AS6939). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS6939 · Hurricane Electric LLC
Subnet
64.62.156.0/24
Country
πŸ‡ΊπŸ‡Έ US
Cloud Provider
Member Count
14 IPs
Below average
Total Events
138
Below average by volume
Started / Ended
2026-02-17 05:02 — ongoing
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595 T1595.002
Initial Access
T1190
Credential Access
T1110 T1110.001
Discovery
T1046
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
64.62.156.192 scanner 66% 1x OSINT 23 3 http:scanssh:bruteforce β€” 2026-05-15 05:04 evidence →
64.62.156.66 scanner 65% 1x OSINT 23 3 http:scanssh:bruteforce β€” 2026-05-15 01:57 evidence →
64.62.156.122 scanner 56% 1x OSINT 33 3 http:scanssh:bruteforce β€” 2026-05-09 11:27 evidence →
64.62.156.140 scanner 49% 1x OSINT 5 2 http:scanssh:bruteforce β€” 2026-05-15 19:32 evidence →
64.62.156.10 scanner 47% 2x OSINT 16 2 http:scanssh:bruteforce β€” 2026-05-11 11:35 evidence →
64.62.156.141 scanner 40% 1x OSINT 5 2 http:scanssh:bruteforce β€” 2026-05-10 15:15 evidence →
64.62.156.11 scanner 35% 1x OSINT 8 2 ssh:bruteforce β€” 2026-05-13 04:09 evidence →
64.62.156.156 web_probe 32% 1x OSINT 2 2 http:scan β€” 2026-05-11 10:08 evidence →
64.62.156.78 scanner 32% 1x OSINT 8 2 ssh:bruteforce β€” 2026-05-11 14:58 evidence →
64.62.156.217 scanner 29% 1x OSINT 4 1 ssh:bruteforce β€” 2026-05-14 17:06 evidence →
64.62.156.113 web_probe 28% 1x OSINT 2 2 http:scan β€” 2026-05-09 00:03 evidence →
64.62.156.60 web_probe 26% 1x OSINT 1 1 http:scan β€” 2026-05-13 13:01 evidence →
64.62.156.22 scanner 25% 1x OSINT 4 1 ssh:bruteforce β€” 2026-05-13 13:43 evidence →
64.62.156.129 scanner 18% 1x OSINT 4 1 ssh:bruteforce β€” 2026-05-09 13:40 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds