IOC Radar
IPMediumSignal 57/100

146.88.241.130

Location
United StatesUnited States
Dallas, Texas
ASN
AS20052
Arbor Networks, Inc.
First Seen
Mar 31, 2023
Last Seen
Jun 1, 2026
Mar 31
First Seen
1168d ago
Jun 1
Last Seen
10d ago
24
Reports
source reports
57%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

52 techniques

Network Information

CountryUSUnited States
RegionDallas, Texas
ASNAS20052
OrganizationArbor Networks, Inc.

Feed Intelligence Summary

24 reports57% confidence
24
Source reports
57%
Confidence score
Category tags
abuseactive scanactive scanningadbhoney activityadbhoney attackadbhoney honeypotaerospace & defenseapacheapache attackeraptattackaustraliaauto-generated securityautomated attackautomotive manufacturingbad reputationbad web botbeningbening scannerblacklisted ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationcertciscocisco attackscisco devicecisco device scanningcisco exploitation attemptscivil servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompromised hostcompromised hostscompromised system detectionconpotconpot activityconpot attackconpot honeypotcowriecowrie activitycowrie honeypotcowrie interactionscredential accesscredential brute-forcingcredential harvestingcredential stuffingcredential_accesscyber securitydata exfiltrationdata exfiltration preventiondata store exposuredatabase attackdatabase intrusion attemptdatabase securityddosddos attackddos mitigationddos probedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedevice managementdionaeadionaea activitydionaea honeypotdionaea interactionsdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackelectronics manufacturingenterprise networkingexploitexploit attemptexploit probingexploitation activityexploitation of vulnerabilityexploited hostfattfatt detectionsfatt signaturesfraud voipftpftp attackftp attacksftp brute forcegovernment technologyhackinghoneytrap activityhoneytrap attackhoneytrap eventshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttpsics securityidentity & access exploitationinbound scanindicatorindustrial automationindustrial control systemsindustrial iotindustrial productioninformation gatheringinformation technologyinitial accessinjection activityinjection attacksintrusion detectioniociot securityiot/ics attackit infrastructurekfsensor honeypotlamplamp attacklamp attackslateral movementmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious domainmalicious ip addressesmalicious ipsmalicious softwaremalicious trafficmalicious_activitymalwaremalware behaviourmalware capturemalware distributionmalware downloadmanualmanufacturing technologymilitary operationsnational securitynetscout_tiisi-benignnetworknetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork_intrusionnextraynorth americaoceaniaopenctip0fp0f passive fingerprintingp0f signaturespassword attackspassword crackingphishingphishing attackphishing trapprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlransomwarerdpreconnaissanceredis honeypotredis honeypot attackredishoneypotredishoneypot activityregulatory agenciesremote accessremote servicesresearchedresource hijackingscams & fraudscanscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer attacksentrypeer botnetsentrypeer eventssentrypeer interactionsservice enumerationservice scansftpsftp access attemptsftp attacksftp attackssipsip attackssip scanningsmtpsmtp brute forcesmtp probingsocial engineeringsocradarsocradar honeypotsoftware developmentsoftware exploitationspamsql injection attemptsshssh attackssh attacksssh monitoringsupply chain attacksupply chain managementsuricata alertst-pott1003t1016t1018t1021t1021.001t1027t1040t1041t1046t1053t1055t1057t1059t1059.003t1059.007t1068t1071t1071.001t1076t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1486t1496t1499.001t1499.002t1499.003t1505t1562t1563t1565t1566t1566.001t1566.002t1566.003t1568t1573t1588t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner eventstanner interactionstargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpottpotceunauthorized accessunited statesunited states of americausverified-benignvoipvoip attackvulnerability scanvulnerability-exploitationweb app attackweb application attackweb attackweb exploitationweb shell attemptweb traffic

Activity Timeline

1 total obs
Jun 1Jun 1

Threat Activity Heatmap

· Peak: 2026-06-01
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
24
Reports
First seenMar 31, 2023
Last seenJun 1, 2026
GeolocationUS
CountryUnited States
LocationDallas, Texas
ASNAS20052
OrgArbor Networks, Inc.
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=conpot; threshold?1; private IPs excluded. geo=US; ports=161 Location=Sydney, Australia.
raw
NetRange: 146.88.240.0 - 146.88.255.255 CIDR: 146.88.240.0/20 NetName: ARBORN NetHandle: NET-146-88-240-0-1 Parent: NET146 (NET-146-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Arbor Networks, Inc. (ARBORN) RegDate: 2016-10-27 Updated: 2023-10-24 Comment: NETSCOUT | Arbor Networks Research Scanner Comment: Comment: https://www.internet-albedo.net/ Ref: https://rdap.arin.net/registry/ip/146.88.240.0 OrgName: Arbor Networks, Inc. OrgId: ARBORN Address: 2727 S. State St. Address: Suite 200 City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2001-01-24 Updated: 2011-09-24 Ref: https://rdap.arin.net/registry/entity/ARBORN OrgTechHandle: HOSTM187-ARIN OrgTechName: hostmaster OrgTechPhone: +1-734-327-0000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/HOSTM187-ARIN OrgAbuseHandle: HOSTM187-ARIN OrgAbuseName: hostmaster OrgAbusePhone: +1-734-327-0000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/HOSTM187-ARIN RAbuseHandle: ASERT-ARIN RAbuseName: ASERT Abuse RAbusePhone: +1-734-327-0000 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/ASERT-ARIN
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 3 years ago · Last seen 10 days ago
Appeared in 24 threat reports