IPMediumSignal 84/100
136.116.202.5
Location
United StatesCouncil Bluffs, Iowa
ASN
AS396982
Google Cloud (us-central1)
First Seen
Mar 7, 2026
Last Seen
May 22, 2026
Found in 18 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionCouncil Bluffs, Iowa
ASNAS396982
OrganizationGoogle Cloud (us-central1)
Feed Intelligence Summary
18 reports84% confidence
18
Source reports
84%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningapacheapache attackeraptasiaattackattack surface discoveryattacker-ipaustraliaautomated attacksbad reputationbad web botblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcecisco devicecloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommand injectioncommunication protocolcowrie activitycowrie attackscowrie honeypotcredential accesscredential access attemptcredential attackscredential harvestingcredential stuffingcyberattackdata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaea activitydionaea attacksdionaea honeypotelasticpot honeypotelasticsearch monitoringenterprise networkingenumerationeuropeexploit attemptexploitation activityexploitation attemptexploited hostexploitsexternal threatexternal_threatfattftpftp brute forceftp brute-forceftp scanhackinghoneytrap honeypothttp scanhttp scannerhttp scanningidentity & access exploitationindicatorindicators of compromiseinitial_access_attemptinjection activityinjection attacksinternet scaninternet-wide observationiot securityiot targetedipv4ipv4 addressesipv4_addressjapanlamplamp attacklamp exploitation attemptslamp stack targetinglateral movementmailoney honeypotmalicious activitymalicious activity detectedmalicious infrastructuremalwaremalware behaviourmalware capturemalware detectionmalware distributionmass scanningnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork_scanningnorth americaoceaniap0fpassword attacksphishingphishing attackphishing trapping of deathpossible malware distributionprotocol exploitationpublic cloud targetingransomwarerdp scanreconnaissanceremote accessremote code executionremote servicesresearchedresource hijackingscannerscannersscanning activityscripting attackssensor-taggedsentrypeer botnetsftp attacksip brute forcesmtpsmtp scansocial engineeringsocradar honeypotspamssh attackssh monitoringssh scansystem accesst1021t1021.001t1040t1041t1046t1059t1059.003t1059.007t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1566.001t1566.002t1566.003t1566.004t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scanningtelecommunicationstelnet scantelnet threatthreat actorthreat detectionthreat intelligencethreat-intelligencethreat_intelligencetokyotor nodetpotunattributed activityunauthorized access attemptunauthorized activityunited kingdomunited statesunknown actorusvoidtrapvoipvoip attackweb app attackweb application attackweb application scanningweb attackweb exploitweb exploitationweb serverweb spamweb traffic
Activity Timeline
May 22May 22
Threat Activity Heatmap
· Peak: 2026-05-22LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
18
Reports
First seenMar 7, 2026
Last seenMay 22, 2026
GeolocationUS
CountryUnited States
LocationCouncil Bluffs, Iowa
ASNAS396982
OrgGoogle Cloud (us-central1)
Coords41.2619, -95.8608
VirusTotal
Not checked
WHOIS
- description
- Score: 78/100 | Detector: threat_feed | Label: reported_abuse | Tags: honeypot_hit, reported_abuse, suspicious_activity
- raw
- NetRange: 136.112.0.0 - 136.127.255.255 CIDR: 136.112.0.0/12 NetName: GOOGL-46 NetHandle: NET-136-112-0-0-1 Parent: NET136 (NET-136-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Google LLC (GOOGL-2) RegDate: 2018-08-27 Updated: 2024-02-02 Ref: https://rdap.arin.net/registry/ip/136.112.0.0 OrgName: Google LLC OrgId: GOOGL-2 Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US RegDate: 2006-09-29 Updated: 2019-11-01 Comment: *** The IP addresses under this Org-ID are in use by Google Cloud customers *** Comment: Comment: Direct all copyright and legal complaints to Comment: https://support.google.com/legal/go/report Comment: Comment: Direct all spam and abuse complaints to Comment: https://support.google.com/code/go/gce_abuse_report Comment: Comment: For fastest response, use the relevant forms above. Comment: Comment: Complaints can also be sent to the GC Abuse desk Comment: ([email protected]) Comment: but may have longer turnaround times. Comment: Comment: Complaints sent to any other POC will be ignored. Ref: https://rdap.arin.net/registry/entity/GOOGL-2 OrgNOCHandle: GCABU-ARIN OrgNOCName: GC Abuse OrgNOCPhone: +1-650-253-0000 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/GCABU-ARIN OrgAbuseHandle: GCABU-ARIN OrgAbuseName: GC Abuse OrgAbusePhone: +1-650-253-0000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/GCABU-ARIN OrgTechHandle: ZG39-ARIN OrgTechName: Google LLC OrgTechPhone: +1-650-253-0000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ZG39-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 months ago · Last seen 23 days ago
Appeared in 18 threat reports