IPMediumSignal 32/100
132.145.161.30
Location
United StatesAshburn, Virginia
ASN
AS31898
Oracle Cloud Infrastructure (us-ashburn-1)
First Seen
Jan 25, 2025
Last Seen
Apr 7, 2026
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
32%
Signal Score
32 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionAshburn, Virginia
ASNAS31898
OrganizationOracle Cloud Infrastructure (us-ashburn-1)
Feed Intelligence Summary
11 reports32% confidence
11
Source reports
32%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney honeypotattackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptscisco devicecisco exploitation attemptscommand and controlconpot honeypotcowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationdata store exposuredecoy systemdevice managementdionaea honeypotdistributed attacksenterprise networkingexploit public-facing applicationexploitation activityhoneytrap honeypotics securityidentity & access exploitationindicatorindustrial control systemsinitial accessinjection activityiot device targetingiot securityiot/ics attackipphoney honeypotlamplamp exploit attemptslamp exploitation attemptsmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork infrastructurenetwork scanningnetwork securitynetwork service scanningnorth americapassword attacksphishingphishing attackphishing trapprocess injectionreconnaissanceresearchedscannerservice scansftp attacksocial engineeringssh attackssh monitoringt1021t1041t1046t1055t1059t1068t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003telecommunicationsthreat actorthreat detectionthreat intelligencetor nodeunited statesunited states of americaus
Activity Timeline
Apr 7Apr 7
Threat Activity Heatmap
· Peak: 2026-04-07LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
32
SIGNAL
Signal Score
32%
Confidence
11
Reports
First seenJan 25, 2025
Last seenApr 7, 2026
GeolocationUS
CountryUnited States
LocationAshburn, Virginia
ASNAS31898
OrgOracle Cloud Infrastructure (us-ashburn-1)
Coords39.0180, -77.5390
VirusTotal
Not checked
WHOIS
- description
- 2025-02-02T19:36:49.940509379Z Honeypot : Ipphoney : Source: 132.145.161.30 : Port: 631 Query: {'version': '2.0', 'operation': 'Get-Printer-Attributes', 'request_id': '0000919A', 'groups': [{'attributes': [{'attribute_name': 'attributes-charset', 'attribute_type': 'charset', 'attribute_value': ['utf-8']}, {'attribute_name': 'attributes-natural-language', 'attribute_type': 'language', 'attribute_value': ['en']}, {'attribute_name': 'printer-uri', 'attribute_type': 'uri', 'attribute_value': ['ipp://99.18.26.21:631/ipp/print']}, {'attribute_name': 'requesting-user-name', 'attribute_type': 'nameWithoutLanguage', 'attribute_value': ['Discord: vxor.vv']}, {'attribute_name': 'requested-attributes', 'attribute_type': 'keyword', 'attribute_value': ['document-format-supported']}], 'group_type': 'Operation-Attributes-Tag'}]} request_method: POST
- raw
- Oracle Corporation OC-195 (NET-132-145-0-0-1) 132.145.0.0 - 132.145.255.255 Oracle Public Cloud OC-195 (NET-132-145-0-0-2) 132.145.0.0 - 132.145.255.255
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 11 threat reports