IOC Radar
IPMediumSignal 35/100

139.87.112.98

Location
United StatesUnited States
Montreal, Quebec
ASN
AS6142
Oracle Public Cloud
First Seen
Nov 14, 2024
Last Seen
May 25, 2026
Nov 14
First Seen
576d ago
May 25
Last Seen
19d ago
9
Reports
source reports
35%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
35%
Signal Score
35 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryUSUnited States
RegionMontreal, Quebec
ASNAS6142
OrganizationOracle Public Cloud

Feed Intelligence Summary

9 reports35% confidence
9
Source reports
35%
Confidence score
Category tags
active scanactive scanningapacheapache camelapache tomcatbeningbening scannerbotnetbotnet activitybrute forcebrute-forcebrute_forcecacamelcanadacodecode executioncode injectioncode injection vulnerabilitycode segmentcommand and controlcommand executioncommunication protocolcookiecredential accesscredential stuffingcredential_accessdata exfiltrationdata injectiondata store exposuredatabase securityddosddos attackdenial of servicedistributed attacksexploitexploitation activityfigurefinance and insurancefirstftphackinghalosecurity-benignheader hijackingheader hijacking attackhttphttp puthttp requesthttp scanneridentity & access exploitationindicatorinjection activityinjection attacksmalicious softwaremalwarenettynetworknetwork securitynetwork_reconnaissancenorth americapartial putpartial put attackpartial put vulnerabilityprobingprocess injectionprotocol exploitationqualys-benignreconnaissanceremote accessremote code executionremote servicesresearchedscannerscanningscripting attacksssh attackt1021t1021.001t1040t1046t1055t1059t1059.003t1059.007t1068t1071.001t1076t1078t1082t1110t1110.002t1189t1190t1192t1203t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505t1505.003t1555t1562.001t1563t1565t1588t1595t1595.001t1595.002t1595.003telnet threattomcatunauthenticated vulnerabilityunited statesusverified-benignvulnerabilityvulnerability scanweb app attackweb application attackweb attackweb exploitationweb server exploitweb trafficwebscanwebscanner

Activity Timeline

1 total obs
May 25May 25

Threat Activity Heatmap

· Peak: 2026-05-25
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
35
SIGNAL
Signal Score
35%
Confidence
9
Reports
First seenNov 14, 2024
Last seenMay 25, 2026
GeolocationUS
CountryUnited States
LocationMontreal, Quebec
ASNAS6142
OrgOracle Public Cloud
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

raw
Oracle Corporation OC-195 (NET-139-87-0-0-1) 139.87.0.0 - 139.87.255.255 Oracle Public Cloud OC-195 (NET-139-87-0-0-2) 139.87.0.0 - 139.87.255.255
references
https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891, https://unit42.paloaltonetworks.com/apache-cve-2025-24813-cve-2025-27636-cve-2025-29891/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 19 days ago
Appeared in 9 threat reports