IPMediumSignal 60/100

`147.185.132.16`

Location

United States

Santa Clara, California

ASN

AS396982

Palo Alto Networks, Inc

First Seen

May 30, 2024

Last Seen

Jun 3, 2026

May 30

First Seen

741d ago

Jun 3

Last Seen

7d ago

Reports

source reports

60%

Confidence

medium

Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

60%

Signal Score

60 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

116 techniques

Network Information

Country

United States

RegionSanta Clara, California

ASNAS396982

OrganizationPalo Alto Networks, Inc

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

33 reports60% confidence

Source reports

60%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningactor listadbadb attacksadb brute forceadb exploitadb scanadb scanningadbhoney activityadbhoney attackadbhoney honeypotadbhoney interactionsadministrative accessagentalertandroid_attackapacheapache attackerapplication layer protocolapplication scanningaptasiaattackattack attemptattacker ipattacker ipsattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication failureauthentication-attemptsautomated activityautomated attackautomated attack attemptsautomated attacksautomated threatautomated threatsautomated-attackbad reputationbad web botblacklist candidateblacklist ipblog spambotnetbotnet activitybotnet_activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute force ftpbrute force sshbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 communicationc2 servercanadacertcins activeciscocisco asacisco attackcisco devicecisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscitrix attack attemptcitrix exploitation attemptcitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised system attemptconnectconnect scanconpotconpot activityconpot attackconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactionscowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie honeypotcowrie honeypot datacowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential exploitationcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_attackcredential_stuffingcvecve exploitationcve exploitation attemptdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase activitydatabase attackdatabase attacksdatabase brute forcedatabase exploitdatabase exploitationdatabase exploitation attemptdatabase exploitation attemptsdatabase intrusion attemptdatabase probingdatabase scandatabase securitydatabase_attackdcomdcom exploitationddosddos attackddos attack indicatorsddos attacksddos attemptddos preparationddos probeddos probingdecoy systemdefense evasiondenial of servicedenial-of-servicedevice managementdictionary attackdictionary_attackdigital oceandigitalocean infrastructuredionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea exploitsdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversaldirectory traversal attemptdistributed attacksdnsdns attackdropperdshield blockdynamic ipelasticpot activityelasticpot attackselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationet dropeu cyber policieseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit scanexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation_attemptexploited hostexport-to-otxexternal access attemptsexternal attackexternal reconnaissanceexternal scanexternal threatexternal_threatfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp_scangithubgroupshackingheralding activityheralding attacksheralding probesheralding protocol activityhoneypot 24h activityhoneypot datahoneytrap activityhoneytrap attackhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshoneytrap logshttp attackhttp brute forcehttp exploitationhttp exploitation attemptshttp probehttp probinghttp scannerhttp scanninghttp/shttp_scanhttpshttps probehttps scanninghydraicmpics securityidentity & access exploitationimapimap attackinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial_accessinitial_access_attemptinjection activityinjection attacksinternet facinginternet facing systemsinternet of thingsinternet wide scaninternet-facinginternet-facing serviceinternet-scanninginternet-wide scaninternet_scannersinternet_wide_scanintrusion detectioniocioc.ipiocsiot attackiot botnetiot device attacksiot device targetingiot exploit attemptsiot exploitationiot securityiot targetediot/ics attackipmi scanipmi scanningipp honeyipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4-scanningipv4_scanningit infrastructurejapanlamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp server targetedlamp server targetinglamp stack attacklamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlateral movementlcialinux malwarelinux serverslinux system exploitationlinux system targetinglinux systemslinux-server-attacklinux-server-attackslinux_server_attackslisted sourceloginlogin attacklogin attemptlogin attemptslogin brute forcelogin_attemptlouisiana networkmail protocol abusemailoney activitymailoney attackmailoney attacksmailoney capturemailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmailoney relatedmailoney trafficmalaysiamalicious activitymalicious activity detectedmalicious adb activitymalicious attachmentmalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious file transfermalicious hostmalicious ipmalicious ip activitymalicious ip listmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payload attemptmalicious payload detectionmalicious scanmalicious script executionmalicious sftp activitymalicious softwaremalicious software targetingmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_trafficmalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware detectionmalware distributionmalware downloadmalware download attemptmalware download attemptsmalware hostingmalware landingmalware payloadmalware propagationmalware_activitymanualmass-scanningmasscanmasscan activitymelbourne regionmicrosoft technologiesmiraimirai botnetmispmisp threatmobilemobile securitymobile threatmssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork device compromisenetwork device probingnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork_activitynetwork_device_attacknetwork_enumerationnetwork_intrusionnetwork_probingnetwork_reconnaissancenetwork_scanningnetworkscanningnmapnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen proxyopen threatopencanaryoperating systemoperating system securityopportunistic attackopportunistic attackeros detectionos fingerprintingosint enrichmentotx pulsenametip0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignparispassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_attackphishingphishing attackphishing trapphp injection attemptspingping of deathpinyinpla unitpoor reputationpop3 attackportport-scanningportscanpossible botnet activitypossible exploit attemptpossible exploit attemptspossible malicious activitypossible malware distributionpossible mirai variantpossible vulnerability exploitationpossible vulnerability probingpotential botnetpotential botnet activitypotential compromisepotential exploit targetingpotential malware deliverypotential malware distributionpotential malware propagationpotential reconnaissancepotential reconnaissance activitypotential threat activitypotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability scanpre-attackprivilege escalationprobingprocess injectionprotoprotocol abuseprotocol exploitationprotocol-abuseproxyproxy protocolpythonransomwareransomware activityraspberry-pirdp attacksrdp scanningrdp_scanreconnaissancereconnaissance activityredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityredishoneypot attackregional securityremote accessremote access attackremote access attacksremote access attemptremote access attemptsremote code executionremote serviceremote service exploitationremote servicesresearchedresource developmentresource hijackingrpcsansscada exploitation attemptsscams & fraudscanscannerscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp intrusion attemptsftp intrusion attemptssftp scanningsftp traffic analysissftp-attackshellsipsip attackssip brute forcesip scanningsip vulnerability exploitationsip vulnerability probingsip vulnerability scanslugsmbsmb attackssmb brute forcesmb exploitationsmb probingsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp scanningsmtp traffic analysissocial engineeringsocradarsocradar honeypotsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh-brute-forcessh_scanstealthstealth scansurface websuricata alertsuricata alertssynsyn port scansyn scansystem discoveryt-pott1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1021.007t1027t1033t1040t1041t1046t1047t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059.008t1064t1068t1069.001t1070.004t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1185t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1213t1486t1496t1497t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.003t1552.001t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstanner web attacktargeted scantargeting databasetcptcp protocoltcp scantcp scanningtcp/23tcp/3306telecommunicationstelnettelnet attackstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_actor_unknownti advisorytor nodetpottpotcetsocttpsudpudp port scanudp scanunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized scanningunauthorized-access-attemptunidentified threat actorunit coverunited kingdomunited statesunited states of americaunknown threat actorususer enumerationvalid accountsverified-benignversion detectionvnc protocolvoipvoip attackvoip systemsvoip_attackvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructure targetedweak password attackweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb attackweb exploitweb exploitationweb exploitsweb scannerweb server attacksweb server exploitationweb serversweb service scanningweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb_attackwebscanwebscannerwindows malwarewindows system targetingwordpress attackwordpress exploit attemptswordpress scanningxmasxmas port scanxmas scan

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

60%

Confidence

Reports

First seenMay 30, 2024

Last seenJun 3, 2026

GeolocationUS

CountryUnited States

LocationSanta Clara, California

ASNAS396982

OrgPalo Alto Networks, Inc

Coords37.7510, -97.8220

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw: NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.136.0/22, 147.185.132.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN
references: https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-26/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-25/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-26/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-26/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-25/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-24/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-23/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-24/, ip_iocs.csv, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-22/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-23/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-21/

`147.185.132.16`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy