IPMediumSignal 60/100
147.185.132.201
Location
United StatesSanta Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
May 30, 2024
Last Seen
Jun 21, 2026
Found in 39 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
39 reports60% confidence
39
Source reports
60%
Confidence score
Category tags
50 ip addresses50_iocsabuseabuse scoreabused ssl certificateabuseipdbaccessaccess attemptaccess attemptsaccess controlaccount compromiseaccount discoveryaccount profilingaccount securityaccount takeoverackack scanactive reconnaissanceactive scanactive scanningadbadb brute forceadb protocoladb scanningadbhoney activityadbhoney attackadbhoney attacksadbhoney honeypotadministrative accessadvanced persistent threatadversarial activityadversarial tacticsadversary infrastructureae ipae ip addressae ipsaegisafricaalibabaalibaba cloudalibaba cloud abusealibaba cloud activityalibaba cloud hostingalibaba cloud infrastructurealibaba cloud ipsalibaba cloud relatedalibaba ispamberandroidandroid devicesanomalous activityanomalous behavioranomalous ip activityanomalous network activityanomalous trafficanomaly detectionapacheapache attackerapplication layer protocolapplication_layer_protocolaptapt activityapt indicatorsapt suspectedargentinaasiaasia regionatif feedattackattack attemptattack campaignattack originattack sourceattack vector: unknownattack vectorsattacker infrastructureattacker-ipaustraliaaustriaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication_bypassauto blockedauto blocked ipauto blocked ipsauto-blockedauto-blocked ipauto-blocked ipsauto-generatedauto-generated securityautomated analysisautomated attackautomated attacksautomated blockingautomated mitigationautomated scanautomated threatautomated threat responseautomated-attackaverage bde 80azerbaijanbad actorsbad ip addressesbad reputationbad web botbadness detection scorebangladeshbanlist feedbbsratbdebde 80bde 80+bde scorebde score 80bde score 80+bde score alertbde score analysisbde score highbde score thresholdbde score: 80bde score: highbde score:80bde: highbde_80beaconing activitybehavioral analysisbehavioral anomaliesbehavioral detectionbelgiumbinary defenseblacklist ipblacklisted ipblacklisted ip addressblacklisted ipsblock listblock rateblockedblocked ipblocked ip addressesblocklist_allblog spambolivarian republic ofbotnetbotnet activitybotnet-activitybr ip addressbr ip addressesbr originbr originating trafficbrazilbrazil based activitybrazil ipbrazil ip activitybrazil ip addressesbrazil ipsbrazil originbrazil originating activitybrazil-based activitybrazil-based ipsbrazilian ipsbritainbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force detectionbrute force potentialbrute-forcebrute_forcebruteforcebulgariac&cc2c2 activityc2 activity detectedc2 beaconingc2 channelc2 communicationc2 communication attemptc2 frameworkc2 infrastructurec2 serverc2 trafficca ipca ipsca origincambodiacanadacanada ipcanadian origincertch ipchilechinachina aptchina based activitychina based attackchina based ipchina based ipschina infrastructurechina ip activitychina ip addresschina ip addresseschina ipschina ispchina mobilechina originchina origin concernschina origin ipchina originatingchina originating activitychina originating ipchina originating ipschina relatedchina threat actorchina threat actorschina-based activitychina-based ipchina-based ipschina-based threat actorchina-based threat actorschina-based threatschina-linked activitychina-originated attackschina-related activitychinese aptchinese ipchinese ipschinese ispchinese origincisco asacisco asa attackcisco asa targetedcisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescitrix brute forcecitrix exploitation attemptscitrix securityclearfake c2client-side exploitationcloud environmentcloud hostingcloud infrastructurecloud infrastructure abusecloud infrastructure attackcloud infrastructure targetcloud provider abusecloud provider targetingcloud servicescn ipcn ip addresscn ip addressescn ipscn origincn originating trafficcn_originating_ipcn_related_ipcnccode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommand-line interfacecommon vulnerabilitiescommunication channelcommunication protocolcommunication protocolscommunication technologiescommunity string brute-forcingcompany limitedcompromise assessmentcompromise assessment requiredcompromise attemptcompromise indicatorscompromised credentialscompromised credentials attemptcompromised hostcompromised host activitycompromised host communicationcompromised host detectioncompromised host indicatorscompromised hostscompromised infrastructurecompromised infrastructure indicatorscompromised ipcompromised systemcompromised system attemptcompromised systemscompromised_infrastructureconnect scanconnected devicesconnection refusalconpotconpot activityconpot attackconpot attacksconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactioncontainer securitycoordinated attackcorazacosta ricacowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detectioncowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential dumpingcredential guessingcredential harvestingcredential stuffingcredential-harvestingcredential-stuffingcredential_accesscredential_attackctacurlcyberattackdata encodingdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata exfiltration potentialdata stagingdata store exposuredata theftdata transferdatabase access attemptdatabase attackdatabase attacksdatabase exploitation attemptsdatabase intrusion attemptdatabase login attemptdatabase scandatabase securitydatabase-serverdcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos mitigationddos preparationddos probeddospotde ipde ip addressde ip addressesde ipsde originde originating trafficdecoy systemdenial of servicedenial-of-servicedenmarkdevice managementdictionary attackdictionary_attackdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea payloadsdirectory traversal attemptdistributed attackdistributed attack origindistributed attack sourcedistributed attacksdnsdns attackdockerdominican republicdropperdropsdugganusa threat inteldugganusa threat intelligencedutch ipselasticpot activityelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailemerging threatemerging threatsencryptionendpoint protectionenterprise networkingenterprise securityenumerationenumeration attemptenv-huntingeu cyber policieseuropeeurope/asiaeuropean nationseuropean originevasionevasion tacticsexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation probesexploitation probingexploited hostexport-to-otxexternal access attemptsexternal attackexternal communicationexternal network scanexternal reconnaissanceexternal remote servicesexternal scanexternal scanningexternal threatexternal threat actorexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfinfin port scanfin scanfinlandfirewall detectionfr ipfr ip addressfr ip addressesfr ipsfr originfr-originated attacksfrancefrance-based activityfrance-based ipfrance-based ipsfrance-based threat actorsfrance-based threatsfraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scanftp_bruteforcefullgalahgeneralized threat vectorgeo-based threatgeo-distributedgeo-distributed activitygeo-distributed attackgeo-distributed attacksgeo-distributed ipsgeo-diverse ipsgeo-located threatgeo-located threatsgeo-locationgeo-threatgeographic anomalygeographic distributiongeographic diversitygeographic origingeographic sourcegeographic source: brazilgeographic source: chinageographic source: degeographic source: francegeographic source: germanygeographic source: netherlandsgeographic source: russiageographic source: singaporegeographic source: swedengeographic spreadgeographic threatgeographic threat sourcegeographical distributiongeographically distributedgeographically distributed ipsgeographically diversegeographically diverse attackgeographically diverse attacksgeographically diverse ipsgeographically diverse originsgeographically diverse sourcesgeographically diverse threatgeographically diverse threatsgeoipgeolocated ipsgeolocated threatgeopolitical threatgeopolitical threat actorsgeopolitical threat vectorsgerman-based ipgermanygermany-based activitygermany-based ipgermany-based ipsgithubglobal activityglobal attackglobal distributionglobal footprintglobal ipsglobal ispglobal network activityglobal threatglobal threat activityglobal threat actorsglobal threat landscapegluttongopotgreat britaingreat britain-based ipgroupshackinghellpotheralding activityheralding attacksheralding probeshigh bdehigh bde activityhigh bde scorehigh confidencehigh confidence detectionhigh confidence indicatorhigh confidence indicatorshigh confidence threathigh riskhigh risk indicatorhigh risk iphigh risk ipshigh risk isphigh risk ispshigh risk regionshigh risk scorehigh severityhigh threat levelhigh threat potentialhigh threat scorehigh-risk countrieshigh-risk isphigh-risk isp: tencenthigh-risk regionshijackloaderhk abusehandlerhk iphk ip addresshk ip addresseshk ipshk originhk-originated attackshoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap attackhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap honeypothoneytrap interactionshong konghong kong ipshong kong originhong kong-based activityhong kong-based ipshong kong-based threatshosting infrastructure abusehosting provider abusehosting provider ipshttp attackhttp brute forcehttp exploitationhttp probinghttp scanhttp scannerhttp scanninghttp/shttp_bruteforcehttpshttps probinghttps scanhttps scanningicelandicmpics securityics/scadaics/scada attackics/scada protocolsidentity & access exploitationimapin ip addressesinbound scaninbound trafficindiaindia based activityindia ipindia ip addressindia ip addressesindia ipsindia originindia originating activityindia originating ipindia originating ipsindia-based activityindia-based ipindia-based ipsindian ip addressesindicatorindicators of compromiseindonesiaindustrial control systemsindustrial iotinformation gatheringinfrastructure abuseinfrastructure acquisitionreconnaissanceinfrastructure scanningingress tool transferinitial accessinitial access activityinitial access attemptsinitial access preparationinitial_accessinitial_access_attemptinjection activityinjection attacksinternal reconnaissanceinternational originsinternational threat actorsinternational trafficinternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-facing servicesinternet-scanninginternet-wide scaninternet_scaninternet_scannersintrusion detectioninvalid loginiocioc.ipiocsiocs - ipsiocs detectediocs: 50 ipsiocs: ip addressiocs: ip addressesiocs:ip addressiocs:ip addressesiot analyticsiot applicationsiot botnetiot device targetingiot platformsiot securityiot targetediot/ics attackip-address-iocip-addressesip-onlyipmi scanningipphoney activityipphoney honeypotipv4ipv4 attacksipv4 scanningipv4-scanningipv4_addressipv6iraqirelandisraelitalyjamaicajapanjarmkenyakibanaknown malicious ipknown malicious ipsknown malicious ispknown threat actorskoreakorea, republic ofkr ipkr ip addresskr ip addresseskr ipskr_originating_ipkyrgyzstanlamplamp attacklamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlateral movementlateral movement attemptlateral movement potentiallateral movement techniqueslcialebanonliechtensteinlinuxlinux serverslinux systemslinux-server-attacklinux-systemlinux_server_attackslithuanialithuanian ipslog4potloginlogin attacklogin attemptlogin attemptslogin brute forcelogin failureslondonlt ipsmail service attackmailoney activitymailoney attacksmailoney detectionmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious activity detectionmalicious actorsmalicious code detectionmalicious code injectionmalicious communicationmalicious domainsmalicious emailmalicious email activitymalicious hostmalicious hostingmalicious hostsmalicious infrastructuremalicious ipmalicious ip activitymalicious ip addressesmalicious ip communicationmalicious ipsmalicious ispmalicious ispsmalicious login attemptsmalicious network activitymalicious network communicationmalicious network trafficmalicious originmalicious payloadmalicious payload attemptmalicious payload detectionmalicious powershell activitymalicious scanmalicious sftp activitymalicious softwaremalicious sourcemalicious ssh activitymalicious sslmalicious trafficmalicious-login-attemptsmalicious-trafficmalicious_activitymalicious_ipmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware c2malware capturemalware cncmalware commandmalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware distribution attemptsmalware downloadmalware droppermalware hostingmalware indicatorsmalware infection attemptmalware propagationmalware stagingmalware trafficmalware_activitymanualmass scanningmass-scanningmasscan activitymassive port scanmd5medpotmelbourne regionmexican ip addressesmexican ipsmexicomexico based activitymexico based attacksmexico ipmexico ip addressmexico ip addressesmexico ipsmexico originmexico originating activitymexico originating ipmexico originating ipsmexico-based activitymexico-based ipmexico-based ipsmicrosoft technologiesmiraimirai botnetmispmobilemobile carriersmobile networksmobile securitymobile threatmongoliamonthlymoroccomssqlmssql brute forcemulti-country activitymulti-country attackmulti-country attack originsmulti-country originmulti-country origin ipsmulti-country originsmulti-country threat activitymulti-national threatmulti-national threat actormulti-regional threatmultiple countriesmultiple countries impactedmultiple countries originmultiple country ipsmultiple geographic locationsmultiple geographic originsmultiple geolocationmultiple geolocation ipsmultiple geolocation originsmultiple geolocation sourcesmultiple origin countriesmultiple origin countrymultiple origin pointsmultiple originating countriesmultiple originsmultiple protocolsmultiple_countriesmysql brute forcenation-state activitynepalnetbiosnetherlandsnetherlands based activitynetherlands based ipnetherlands ipnetherlands ip activitynetherlands ip addressesnetherlands ipsnetherlands originnetherlands originating activitynetherlands originating ipnetherlands-based activitynetherlands-based ipnetherlands-based ipsnetworknetwork activitynetwork activity monitoringnetwork anomaliesnetwork anomalynetwork attacksnetwork behaviornetwork behavior analysisnetwork communicationnetwork connectionnetwork connectionsnetwork devicesnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion activitynetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork protocolsnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service exploitationnetwork service scanningnetwork servicesnetwork share discoverynetwork threatnetwork threat activitynetwork trafficnetwork traffic analysisnetwork vulnerabilitiesnetwork-based attack attemptsnetwork-devicenetwork-intrusionnetwork_intrusionnetwork_probingnetwork_reconnetwork_reconnaissancenetwork_scanningnetwork_service_exploitationnetworkscanningnew zealandnginxnigerianl ip addressnl ip addressesnl originnl origin ipsnl originating ipsnl originating trafficnl_ipnmap scan detectedno known attributionnorth americanorwaynull port scannull scanoceaniaopen port detectionopen port identificationopen proxyopen_port_discoveryopencanaryoperating systemoperating system securityopportunistic attackeroriginating countryoriginating ip addressesos detectionosint enrichmentoutbound trafficp0fp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpanamaparaguaypassword attackpassword attackspassword crackingpassword sprayingpassword_attackpgp signphilippinesphishingphishing attackphishing campaignphishing trapphp exploitping of deathpolandport-scanport-scanningportscanpossible aptpossible apt activitypossible backdoorpossible botnetpossible botnet activitypossible brute forcepossible c2possible c2 activitypossible c2 communicationpossible compromisepossible coordinated attackpossible credential accesspossible credential stuffingpossible cyber espionagepossible data exfiltrationpossible ddos participationpossible exploit activitypossible exploit attemptpossible exploit attemptspossible exploitationpossible exploitation attemptspossible intrusionpossible intrusion attemptpossible lateral movementpossible malwarepossible malware activitypossible malware communicationpossible malware distributionpossible malware dropperpossible malware hostingpossible malware infectionpossible malware payloadpossible malware trafficpossible mirai variantpossible port scanningpossible reconnaissancepossible reconnaissance activitypossible state-sponsored activitypossible threat actorpossible threat actorspossible vulnerability exploitationpossible vulnerability probingpotential adversarial infrastructurepotential aptpotential apt activitypotential attackpotential attack originpotential backdoorpotential botnetpotential botnet activitypotential brute forcepotential c2potential c2 activitypotential compromisepotential coordinated attackpotential credential stuffingpotential data exfiltrationpotential exploitpotential exploit activitypotential exploit attemptspotential exploit targetingpotential exploitationpotential initial accesspotential intrusionpotential intrusion attemptpotential intrusionspotential lateral movementpotential malicious activitypotential malicious hostingpotential malwarepotential malware activitypotential malware deploymentpotential malware distributionpotential malware hostingpotential malware infectionpotential malware sourcepotential malware uploadpotential network exploitationpotential network reconnaissancepotential ratpotential reconnaissancepotential reconnaissance activitypotential reconnaissance phasepotential state-sponsored activitypotential state-sponsored actorpotential threatpotential threat activitypotential threat actorpotential threat actorspotential threat originpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential_intrusionpotential_threatpotentially maliciouspre-attackprivilege escalationprobable scanprobingprocess injectionprotocol exploitationprotocol-abuseprotocol: application layerprotocol: unknownproxyproxy accessproxy protocolpublic-facing application attackpythonqatarransomwareransomware activityraspberry-pircerdp attacksrdp scanningreconnaissancereconnaissance activityredisredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot attackredis honeypot attacksredishoneypot activityregional securityremote accessremote access attacksremote access attemptremote access attemptsremote access toolsremote code executionremote serviceremote service exploitationremote service interactionremote servicesremote services exploitationremote system discoveryremote_accessrepublic ofreputation-based blockingresearchedresource developmentresource hijackingromaniarpcrtbhru ip addressru ip addressesru originru originating ipru originating ipsru_originating_ipru_related_iprussiarussia based activityrussia iprussia ipsrussia originrussia originatingrussia originating activityrussia originating ipsrussia threat actorrussia-based iprussian aptrussian federationrussian federation originrussian iprussian ipsrussian originsansscams & fraudscanscannerscanner ipscannersscanning activityscanning and reconnaissancescanning_activityscriptscripting attacksse ip addressse originse originating ipssecurity eventsecurity incidentsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attacksentrypeer targetingserbiaserver exploitationservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploitation attemptsftp intrusion attemptssftp probingsftp protocolsftp scansftp scanningsftp-attacksg-originated attacksshellshell accessshell access attemptshell access attemptssingaporesingapore ipsingapore ipssingapore originsingapore origin ipsingapore originating ipsingapore originating ipssingapore-based activitysingapore-based ipssingapore-based threat actorssingapore-based threatssip attackssip brute forcesip enumerationsip protocolsip scansip scanningsip vulnerability scansippslugsmart devicessmb attackssmb brute forcesmb exploitationsmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresnmpsocial engineeringsocradarsocradar honeypotsoftware exploitationsouth africasouth americasouth koreasouth korea ipsouth korea originspainspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh brute-force activityssh bruteforcessh monitoringssh protocolssh scanssh-brute-forcessh_bruteforcesslssl certificatessl certificate analysisssl certificate anomaliesssl certificate enrichmentssl certificate validationssl certificate verificationssl enrichmentssl-enrichmentssl/tlsssl_analysisstate-sponsored activitystealthstealth scansurface websuricata alertsuricata alertssuspected activitysuspected apt activitysuspected botnet activitysuspected brute forcesuspected chinese originsuspected compromisesuspected intrusionsuspected malicious activitysuspected malwaresuspected malware distributionsuspected port scanningsuspected reconnaissancesuspected russian originsuspected_attackswedenswitzerland ip addressesswitzerland ipsswitzerland-based ipsynsyn port scansyn scansyrian arab republicsystem discoverysystem disruptiont-pott1003t1003.001t1005t1006t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1033t1040t1041t1043t1046t1047t1048t1048.003t1049t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059_command_and_scripting_interpretert1064t1068t1069t1069.001t1070t1070.004t1071t1071.001t1071.001 web protocolst1071.001_application_layer_protocol_web_protocolst1071.002t1071.004t1071.004 dnst1071_application_layer_protocolt1074t1075t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1078_valid_accountst1082t1083t1086t1087t1087.001t1087.002t1088t1090t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1135t1187t1189t1190t1190_exploit_public-facing_applicationt1199t1203t1204t1204.002t1205t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1539t1547t1550t1550.002t1550.003t1555t1555.003t1556t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1568.002t1569t1570t1571t1572t1573t1573.001t1573.002t1574t1583t1583.001t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1596t1598t1601t1602t1608t1611t1614t1622taiwantannertanner activitytanner attacktanner attackstanner eventstanner exploit kittanner honeypot activitytanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp/23tcp/3306tcp/5900tcp/80tcp/iptcp_scantelecom servicestelecommunicationstelnettelnet attackstelnet scanningtelnet threattelnet-brute-forcetencenttencent hostingtencent infrastructuretencent ipstencent isptencent relatedthreat actorthreat actor activitythreat actor attributionthreat actor infrastructurethreat actorsthreat detectionthreat feedthreat hostingthreat intel feedthreat intelligencethreat intelligence feedthreat preventionthreat sourcethreat-intelthreat-intelligencethreat_intelligencetimeouttlstokyotor nodetorontotpottpotcetraffic analysistraffic anomaliestraffic anomalytraffic monitoringtraffic monitoring recommendedtraffic tunnelingttpsturkeyuaeuae originudp port scanudp scanudp_scanukraineunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized communicationunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized-access-attemptunidentified attackerunidentified threat actorunited arab emiratesunited kingdomunited statesunited states ipunited states ipsunited states of americaunited states originunited states originatingunited states-based activityunited states-based ipsunited states-based threatsunknown threat actorunusual network trafficunusual traffic patternsusus based activityus based attacksus based ipus ip activityus ip addressus ip addressesus noneus originus origin ipsus originating activityus originating ipus originating ipsus originating trafficus source ipus-based activityus-based ipus-based ipsus-originated attacksus_ipusa originuzbekistanvalid accountsvenezuela, bolivarian republic ofverified-benignversion detectionvidarviet namvietnamvnc protocolvoipvoip attackvoip systemsvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructure targetedweak credentialsweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb attackweb attacksweb exploitationweb login attemptweb protocolsweb scannerweb serverweb server attacksweb serversweb shellweb shell attemptweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb-serverweb_attackwebscanwebscannerwgetwordpotwordpress attackxmasxmas port scanxmas scan
Activity Timeline
Jun 21Jun 21
Threat Activity Heatmap
· Peak: 2026-06-21LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
39
Reports
First seenMay 30, 2024
Last seenJun 21, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.136.0/22, 147.185.132.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN
- references
- https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 4 days ago
Appeared in 39 threat reports