IPMediumSignal 59/100
147.185.132.247
Location
United StatesSanta Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
May 31, 2024
Last Seen
Jun 19, 2026
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
59%
Signal Score
59 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
34 reports59% confidence
34
Source reports
59%
Confidence score
Category tags
abuseaccess controlaccount compromiseackack scanactive scanactive scanningadbhoney honeypotapacheapache attackeraptasiaattackattack surface discoveryattacker-ipaustraliaauthentication attemptsauto-generated securityautomated activityautomated attackautomated attacksautomated threatautomated-attackautomated_attackbad reputationbad web botblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationc2 servercanadacertcisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscisco_device_attackcitrix attack attemptcitrix brute forcecitrix securitycloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompromise attemptcompromised hostcompromised hostsconnect scanconpot honeypotcowriecowrie attackscowrie honeypotcowrie interactionscowrie logscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential harvestingcredential stuffingcredential-stuffingcredential_stuffingctadata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase exploitationdatabase securitydatabase_serverddosddos attackddos attack indicatorsddos probedecoy systemdenial of servicedevice managementdictionary attackdictionary_attackdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackencryptionenterprise networkingenterprise securityenumerationeuropeexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploitationexploitation activityexploitation attemptexploitation of vulnerabilityexploitation_attemptexploited hostexternal access attemptsexternal attackexternal network scanexternal scanexternal threatexternal_threatfattfatt analysisfatt detectionsfatt signaturesfinfin scanfrancefraud voipftpftp attackftp attacksftp brute forcehackinghoneytrap activityhoneytrap datahoneytrap eventshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsicmpicmp scanics securityidentity & access exploitationinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access preparationinitial_accessinjection activityinjection attacksinternet facing assetsinternet facing systemsinternet-facinginternet-facing serviceinternet-wide scanintrusion detectioniociocsiot securityiot/ics attackiot_attackip-addressesipv4ipv4 addressesipv4 indicatorsipv4_addressjapanknown malicious iplamplamp attacklamp attack attemptlamp exploitation attemptslamp server attacklamp stacklamp stack attacklamp stack targetinglamp vulnerability scanlamp_stack_attacklateral movementlcialinux malwarelinux serverslinux systemslinux-server-attacklinux_server_attacksmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious network activitymalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware download attemptsmalware_activitymanualmass scanningmasscanmasscan activitymelbourne regionmysql brute forcenetworknetwork attacksnetwork discoverynetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork_reconnaissancenetwork_scanningnmapnmap scan detectednorth americanull scanoceaniaopen port detectionopen portsopen proxyos fingerprintingp0fp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpassword attackpassword attacksphishingphishing attackphishing trapphp injection attemptsping of deathport-scanningportscanpossible exploit attemptpossible exploit attemptspossible malware distributionpossible malware dropperpossible mirai variantpossible vulnerability probingpossible vulnerability scanpotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential vulnerability assessmentpotential vulnerability probingprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyransomwareransomware activityreconnaissancereconnaissance activityremote accessremote access attackremote service exploitationremote servicesremote_access_serviceresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice scanservice scanningsftp access attemptsftp activitysftp attacksftp-attacksip attackssip scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh-brute-forcestealthstealth scanstealth scan techniquessuricata alertssynsyn scant-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.004t1027t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505t1505.002t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1583t1587.001t1589t1589.002t1590t1590.001t1590.004t1590.005t1590.006t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp/80tcp/iptelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetokyotor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized activityunauthorized loginunauthorized scanningunauthorized-access-attemptunited kingdomunited statesunited states of americaunknown threat actorusverified-benignvnc protocolvoipvoip attackvulnerability scanvultrvultr infrastructure targetedweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitationweb scannerweb server exploitationweb shell attemptweb shell uploadsweb spamweb trafficweb-application-attackweb_attackweb_serverwindows malwarexmasxmas scan
Activity Timeline
Jun 19Jun 19
Threat Activity Heatmap
· Peak: 2026-06-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
59
SIGNAL
Signal Score
59%
Confidence
34
Reports
First seenMay 31, 2024
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
Proxy
VirusTotal
Not checked
WHOIS
- description
- Observed authentication attempts via telnet against Cowrie/Heralding honeypots in Australia. Total events observed: 2. Sensors involved: Cowrie. Target ports: 23. Source country: US. ASN(s): 396982. Organisation(s): Google LLC.
- raw
- NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.132.0/22, 147.185.136.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 7 days ago
Appeared in 34 threat reports