IPMediumSignal 48/100
146.88.241.107
Location
United StatesDallas, Texas
ASN
AS20052
Arbor Networks, Inc.
First Seen
Jul 4, 2023
Last Seen
Jun 1, 2026
Jul 4
First Seen
1074d ago
Jun 1
Last Seen
11d ago
21
Reports
source reports
48%
Confidence
medium
2/91
VirusTotal
detections
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
48%
Signal Score
48 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionDallas, Texas
ASNAS20052
OrganizationArbor Networks, Inc.
Feed Intelligence Summary
21 reports48% confidence
21
Source reports
48%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapacheapache attackeraptattackaustraliabad reputationbad web botbeningbening scannerbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsc2c2 communicationcommand & controlcommand and controlcommand injectioncommunication protocolcompromised hostcompromised systemconpotconpot honeypotconpot interactioncowriecowrie honeypotcowrie interactioncowrie ssh attackcredential accesscredential attackcredential harvestingcredential stuffingcvedata encryptiondata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedetected botnet activitydionaeadionaea activitydionaea honeypotdistributed attacksdnsdns attackencryptioneuropeexploitexploit probingexploitation activityexploitation attemptexploited hostfattfatt analysisfinlandfranceftpftp attacksftp brute forcegermanyhackinghoneynet connecthoneytrap activityhoneytrap honeypothttp brute forcehttp scannerhttp scanninghttpsics securityidentity & access exploitationimapindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet-facingintrusion detectioniociot securityiot/ics attackkfsensor honeypotlamplamp stack targetinglamp vulnerability exploitationlateral movementlogin attemptmailoney activitymailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware deliverymanualmssqlnetscout_tiisi-benignnetworknetwork attacksnetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynorth americaoceaniaopenctip0fp0f os fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trappolandpossible malware distributionprocess injectionprotocol exploitationransomwarerdpreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity policysensor-taggedsentrypeer activitysentrypeer botnetserver exploitationservice scansftpsftp access attemptsftp attacksip attackssmb brute forcesmtpsmtp attackssmtp brute forcesocial engineeringsocradar honeypotsql injectionsshssh attackssh attacksssh monitoringsuricata alertsuricata alertst1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1136t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566t1566.001t1566.002t1566.003t1587.001t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytargeting databasetcp scantcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotudp scanunauthorized access attemptunited statesusverified-benignvnc protocolvoipvoip attackvulnerability scanweb application attackweb attackweb exploitationweb traffic
Activity Timeline
Jun 1Jun 1
Threat Activity Heatmap
· Peak: 2026-06-01LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
48
SIGNAL
Signal Score
48%
Confidence
21
Reports
First seenJul 4, 2023
Last seenJun 1, 2026
GeolocationUS
CountryUnited States
LocationDallas, Texas
ASNAS20052
OrgArbor Networks, Inc.
Coords37.7510, -97.8220
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=sentrypeer; threshold?1; private IPs excluded. geo=US; ports=5060 Location=Sydney, Australia.
- raw
- NetRange: 146.88.240.0 - 146.88.255.255 CIDR: 146.88.240.0/20 NetName: ARBORN NetHandle: NET-146-88-240-0-1 Parent: NET146 (NET-146-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Arbor Networks, Inc. (ARBORN) RegDate: 2016-10-27 Updated: 2023-10-24 Comment: NETSCOUT | Arbor Networks Research Scanner Comment: Comment: https://www.internet-albedo.net/ Ref: https://rdap.arin.net/registry/ip/146.88.240.0 OrgName: Arbor Networks, Inc. OrgId: ARBORN Address: 2727 S. State St. Address: Suite 200 City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2001-01-24 Updated: 2011-09-24 Ref: https://rdap.arin.net/registry/entity/ARBORN OrgTechHandle: HOSTM187-ARIN OrgTechName: hostmaster OrgTechPhone: +1-734-327-0000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/HOSTM187-ARIN OrgAbuseHandle: HOSTM187-ARIN OrgAbuseName: hostmaster OrgAbusePhone: +1-734-327-0000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/HOSTM187-ARIN RAbuseHandle: ASERT-ARIN RAbuseName: ASERT Abuse RAbusePhone: +1-734-327-0000 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/ASERT-ARIN
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 11 days ago
Appeared in 21 threat reports