IOC Radar
IPMediumSignal 74/100

147.124.217.110

Location
United StatesUnited States
Dallas, TX
ASN
AS396073
Majestic Hosting Solutions, LLC
First Seen
Mar 1, 2024
Last Seen
Jun 1, 2026
Mar 1
First Seen
844d ago
Jun 1
Last Seen
23d ago
13
Reports
source reports
74%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

35 techniques

Network Information

CountryUSUnited States
RegionDallas, TX
ASNAS396073
OrganizationMajestic Hosting Solutions, LLC

Feed Intelligence Summary

13 reports74% confidence
13
Source reports
74%
Confidence score
Category tags
accommodation and food servicesaccommodation servicesactive scanactive scanningagent teslaandroidarmaspxshellasyncratattackblacklist hostblankgrabberbotnetbotnet activitybrazilbrute forcebrute force attackbrute_ratel_c4c2cnccobalt-strikecobaltstrikecode injectioncoinminercommand & controlcommand and controlcommand executioncredential accesscredential harvestingcredential stuffingcryptocurrencydata exfiltrationdata store exposuredcratddosddos attacksdeimosdiscorddistributed attacksdomainsdropped-by-smokeloaderelfeuropeeurope/asiaexeexecutable fileexploitation activityfood servicesgermanyguest serviceshajimehasheshavochijackloaderhookbothospitality technologyhotelsidentity & access exploitationindicatorinfostealerinfrastructure acquisitionreconnaissanceinjection activityinternet of thingsiot botnetiot securityiot/ics attackitalyjslinuxmalicious activitymalicious powershell activitymalicious softwaremalwaremalware urlmanualmetasploitminermipsmiraimirai botnetmobilemobile securitymobile threatmoobotmozimozi linkmythicnetsupportratnetworknorth americaopendiroperating systempanamapassword attackspegasusphishingphishing attackpikabotpolcertpowershellprocess injectionquasarratransomwarerarreconnaissanceredlinestealerremcosremcos trojanremote accessremote servicesresearchedrestaurant operationsreverse_sshriseprortfrussiascannerscripting attackssha valuesshellsliversocial engineeringsouth americaspainstealcsupershellt1021t1021.001t1055t1059t1059.001t1059.003t1059.007t1064t1069.001t1071t1071.001t1078t1086t1105t1110.001t1110.002t1110.003t1110.004t1190t1204.001t1204.002t1486t1496t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1573t1587.001t1590.001t1595.001t1595.002t1595.003tbotnetthreat actortor nodetourismua-curlua-wgetukraineunited statesunknown groupurls ftpurls httpurls httpsusvbsweb exploitationweekwindowswsfxwormzip

Activity Timeline

1 total obs
Jun 1Jun 1

Threat Activity Heatmap

· Peak: 2026-06-01
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
13
Reports
First seenMar 1, 2024
Last seenJun 1, 2026
GeolocationUS
CountryUnited States
LocationDallas, TX
ASNAS396073
OrgMajestic Hosting Solutions, LLC
Coords32.7797, -96.8022

VirusTotal

Not checked

WHOIS

raw
NetRange: 147.124.208.0 - 147.124.223.255 CIDR: 147.124.208.0/20 NetName: MHSL-5 NetHandle: NET-147-124-208-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Majestic Hosting Solutions, LLC (MHSL-5) RegDate: 2020-12-23 Updated: 2020-12-23 Ref: https://rdap.arin.net/registry/ip/147.124.208.0 OrgName: Majestic Hosting Solutions, LLC OrgId: MHSL-5 Address: 1900 Surveyor Blvd Suite 100 City: Carrollton StateProv: TX PostalCode: 75006 Country: US RegDate: 2018-08-01 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/MHSL-5 OrgNOCHandle: TECHN1659-ARIN OrgNOCName: Technical OrgNOCPhone: +1-833-774-6778 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/TECHN1659-ARIN OrgAbuseHandle: ABUSE7610-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-833-774-6778 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE7610-ARIN OrgRoutingHandle: TECHN1659-ARIN OrgRoutingName: Technical OrgRoutingPhone: +1-833-774-6778 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/TECHN1659-ARIN OrgDNSHandle: TECHN1659-ARIN OrgDNSName: Technical OrgDNSPhone: +1-833-774-6778 OrgDNSEmail: [email protected] OrgDNSRef: https://rdap.arin.net/registry/entity/TECHN1659-ARIN OrgTechHandle: TECHN1659-ARIN OrgTechName: Technical OrgTechPhone: +1-833-774-6778 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/TECHN1659-ARIN
references
https://threatfox.abuse.ch/export/csv/recent/, https://x.com/drb_ra/status/1896386454034768257, https://x.com/drb_ra/status/1896386473726976391, https://x.com/drb_ra/status/1896452245065273749, https://x.com/drb_ra/status/1896452262010212521, https://x.com/drb_ra/status/1896452280393830905, https://x.com/drb_ra/status/1896452299339522541, https://x.com/drb_ra/status/1896452329974497482, https://x.com/drb_ra/status/1896452465492431246, https://x.com/drb_ra/status/1896452493845872999, https://x.com/drb_ra/status/1896452536925651328, https://x.com/drb_ra/status/1896452558966661226, https://x.com/drb_ra/status/1896452659445477593, https://x.com/drb_ra/status/1896452691175329809, https://x.com/drb_ra/status/1896452701849886952, https://x.com/drb_ra/status/1896452727028293931, https://x.com/drb_ra/status/1896452740294828380, https://x.com/drb_ra/status/1896452817868726385, https://x.com/drb_ra/status/1896452835891712374, https://x.com/drb_ra/status/1896518233521287181, https://x.com/drb_ra/status/1896518282837950595, https://x.com/drb_ra/status/1896518298323374080, https://x.com/drb_ra/status/1896518319701692627, https://x.com/drb_ra/status/1896518368972231064, https://x.com/drb_ra/status/1896593912233341366, https://x.com/drb_ra/status/1896607307368120473, https://x.com/drb_ra/status/1896607556631740525, https://x.com/drb_ra/status/1896633346358485382, https://x.com/drb_ra/status/1896633363903217903, https://x.com/drb_ra/status/1896633381733257591, https://x.com/drb_ra/status/1896633401593245841, https://x.com/drb_ra/status/1896633419616129271, https://x.com/drb_ra/status/1896633438511542577, https://x.com/drb_ra/status/1896633455590682643, https://x.com/drb_ra/status/1896633472875442356, https://x.com/drb_ra/status/1896633491858796900, https://x.com/drb_ra/status/1896634008790012151, https://x.com/drb_ra/status/1896634028373209518, https://x.com/drb_ra/status/1896634044986913019, https://x.com/drb_ra/status/1896634063957688576, https://x.com/drb_ra/status/1896634080986537994, https://x.com/drb_ra/status/1896634098749448454, https://x.com/drb_ra/status/1896634116654981245, https://x.com/drb_ra/status/1896634136645009650, https://x.com/drb_ra/status/1896634156630851638, https://x.com/drb_ra/status/1896634176272756924, https://x.com/drb_ra/status/1896634196682318169, https://x.com/drb_ra/status/1896634216533872831, https://x.com/drb_ra/status/1896634237123809724, https://x.com/drb_ra/status/1896634257482899600, https://x.com/drb_ra/status/1896653046157119746, https://x.com/drb_ra/status/1896655589918543931, https://x.com/drb_ra/status/1896655610361630913, https://x.com/drb_ra/status/1896655628464279731, https://x.com/drb_ra/status/1896671336493363615, https://x.com/drb_ra/status/1896671355460055097, https://x.com/drb_ra/status/1896671872970035340, https://x.com/drb_ra/status/1896671891768877423, https://any.run/malware-trends/, https://myip.ms/browse/blacklist/Blacklist_IP_Blacklist_IP_Addresses_Live_Database_Real-time, https://myip.ms/, https://urlhaus.abuse.ch/, https://twitter.com/banthisguy9349/status/1765313212981870942, https://twitter.com/banthisguy9349/status/1765313410227405115, https://twitter.com/banthisguy9349/status/1765329790993637581, https://twitter.com/banthisguy9349/status/1765346863169900941, https://twitter.com/banthisguy9349/status/1765348861776744943, https://twitter.com/banthisguy9349/status/1765351243830951969, https://twitter.com/banthisguy9349/status/1765358444544995583, https://twitter.com/banthisguy9349/status/1765361402103894197, https://twitter.com/banthisguy9349/status/1765362836065141045, https://twitter.com/banthisguy9349/status/1765365349711581323, https://twitter.com/banthisguy9349/status/1765367587397943555, https://twitter.com/banthisguy9349/status/1765381166733926625, https://twitter.com/banthisguy9349/status/1765390224958292449, https://twitter.com/banthisguy9349/status/1765444273959309644, https://urlhaus.abuse.ch/browse/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 23 days ago
Appeared in 13 threat reports