IPMediumSignal 62/100

`146.88.241.72`

Location

United States

Dallas, Texas

ASN

AS20052

Arbor Networks, Inc.

First Seen

Apr 14, 2023

Last Seen

Jun 7, 2026

Apr 14

First Seen

1157d ago

Jun 7

Last Seen

8d ago

Reports

source reports

62%

Confidence

medium

Found in 25 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

62%

Signal Score

62 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

53 techniques

Network Information

Country

United States

RegionDallas, Texas

ASNAS20052

OrganizationArbor Networks, Inc.

Feed Intelligence Summary

25 reports62% confidence

Source reports

62%

Confidence score

Category tags

abuseabuseipdbaccount compromiseack scanactive scanactive scanningaptattackaustraliaauthenticationauto-generated securityautomated attacksbad reputationbad web botbeningbening scannerbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcecloud infrastructurecloud infrastructure attackcloud servicescode executioncommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompromised hostcompromised hostscowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential brute-forcingcredential guessingcredential stuffingcredential-guessingcredential-stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksddos probedecoy systemdenial of servicedigital oceandionaea activitydionaea attacksdionaea honeypotdionaea interactionsdirectory traversal attemptdistributed attacksencryptioneuropeexfiltrationexploit attemptexploit kit activityexploit probingexploitationexploitation activityexploitation of vulnerabilityexploited hostfattfatt analysisfatt signaturesfin scanfranceftpftp attackftp attacksftp brute forcehackinghoneytrap activityhoneytrap eventshoneytrap honeypothoneytrap interactionshttp attackhttp probinghttp scannerhttp scanningidentity & access exploitationinbound scanindicatorinformation gatheringinitial accessinjection activityinjection attacksintrusion detectionipv4kfsensor honeypotlateral movementmailoney activitymailoney attacksmailoney honeypotmailoney interactionsmalicious activitymalicious login attemptsmalicious softwaremalicious trafficmalwaremalware activitymalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware downloadmalware-related botnet activitymanualnetscout_tiisi-benignnetworknetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americaoceaniaopenctip0fp0f fingerprintingp0f passive fingerprintingp0f signaturespassword attackspassword-guessingphishingphishing attackphishing trappossible botnet infectionpotential intrusionprocess injectionprotocol exploitationransomwarereconnaissanceremote accessremote code executionremote servicesresearchedresource hijackingrtbhscanscannerscannersscanning activitysecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer datasentrypeer eventssentrypeer interactionsservice discoveryservice scansftp attacksip attackssip scanningsmtpsmtp attackssmtp brute forcesmtp probingsocradar honeypotsoftware exploitationsql injection attemptsshssh attackssh attacksssh monitoringsuricata alertssyn scansystem accesst1016t1018t1021t1021.001t1021.002t1021.004t1021.006t1027t1040t1041t1046t1055t1059t1059.003t1068t1071t1071.001t1076t1077t1078t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1210t1486t1496t1499.001t1499.002t1499.003t1505t1555t1562t1563t1565t1566t1588t1589t1589.002t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner exploitstanner interactionstargeting databasetelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotudp port scanunauthorized access attemptsunited statesunited states of americausverified-benignvoipvoip attackvoip servicevulnerability scanweb app attackweb application attackweb exploitweb exploitationweb exploitsweb shell attemptweb shell uploadweb trafficxmas scan

Activity Timeline

1 total obs

Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

62%

Confidence

Reports

First seenApr 14, 2023

Last seenJun 7, 2026

GeolocationUS

CountryUnited States

LocationDallas, Texas

ASNAS20052

OrgArbor Networks, Inc.

Coords32.7767, -96.7970

VirusTotal

Not checked

WHOIS

description: Observed making inbound scans on 2026-05-27 18:04:15
raw: NetRange: 146.88.240.0 - 146.88.255.255 CIDR: 146.88.240.0/20 NetName: ARBORN NetHandle: NET-146-88-240-0-1 Parent: NET146 (NET-146-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Arbor Networks, Inc. (ARBORN) RegDate: 2016-10-27 Updated: 2023-10-24 Comment: NETSCOUT | Arbor Networks Research Scanner Comment: Comment: https://www.internet-albedo.net/ Ref: https://rdap.arin.net/registry/ip/146.88.240.0 OrgName: Arbor Networks, Inc. OrgId: ARBORN Address: 2727 S. State St. Address: Suite 200 City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2001-01-24 Updated: 2011-09-24 Ref: https://rdap.arin.net/registry/entity/ARBORN OrgAbuseHandle: HOSTM187-ARIN OrgAbuseName: hostmaster OrgAbusePhone: +1-734-327-0000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/HOSTM187-ARIN OrgTechHandle: HOSTM187-ARIN OrgTechName: hostmaster OrgTechPhone: +1-734-327-0000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/HOSTM187-ARIN RAbuseHandle: ASERT-ARIN RAbuseName: ASERT Abuse RAbusePhone: +1-734-327-0000 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/ASERT-ARIN
references: https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4, https://jamesbrine.com.au/vultrwarsaw-sip-bruteforce-ip-list-2024-04-17/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrparis-snmp-bruteforce-ip-list-2024-01-10/

`146.88.241.72`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy