IPMediumSignal 73/100
147.185.132.54
Location
United StatesSanta Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
May 30, 2024
Last Seen
Jun 16, 2026
Found in 38 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
73%
Signal Score
73 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
38 reports73% confidence
38
Source reports
73%
Confidence score
Category tags
abuseaccessaccess attemptaccess controlaccount compromiseaccount securityackack scanactive scanactive scanningadbadb protocoladb scanadb scanningadbhoney activityadbhoney honeypotadbhoney interactionsadministrative accessandroid device attacksapacheapache attackerapi servicesapplication layer protocolaptasiaattackattack attemptattack vectorsattacker ipattacker ipsaustraliaauthenticationauthentication abuseauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication-attemptsautomated activityautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated-attackautomated_attackbad reputationbad web botblacklist candidateblacklist ipblacklisted ipblacklisted ip addressblock listblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 communicationc2 servercanadacertchina mobilecisco asacisco attackscisco devicecisco device attackcisco device scanningcisco device targetedcisco device targetingcisco devices targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco protocol attackscisco_device_attackcitrix brute forcecitrix exploitation attemptcitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycommunity string attemptcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnect scanconpot activityconpot emulationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactionconpot interactionscontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie datacowrie emulationcowrie honeypotcowrie interactioncowrie interactionscowrie sshcowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential theftcredential-guessingcredential-stuffingcredential_accesscredential_attackcredential_stuffingctacvecve exploitationcyberattackdata encryptiondata exfiltrationdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase attacksdatabase enumerationdatabase exploitdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptdatabase probingdatabase scandatabase securitydatabase-serverdatabase_serverdcomdcom exploitationddosddos attackddos attack indicatorsddos attacksddos attemptddos probeddos probingdecoy systemdefault credentialsdenial of servicedevice managementdictionary_attackdigital oceandigitalocean environmentdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea emulationdionaea exploitsdionaea honeypotdionaea interactionsdionaea malwaredionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversaldirectory traversal attemptdistributed attacksdnsdns attackdropperelasticpot activityelasticpot attackselasticpot dataelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenumeration attemptenumeration attemptseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit probingexploit: web applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation_attemptexploited hostexternal access attemptsexternal network scanexternal reconnaissanceexternal threatexternal-threatexternal_threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin scanfinlandfirewall detectionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scanftp_scanfull connect scangeckogermanygithubgroupshackinghelloheralding activityheralding attacksheralding probesheralding protocol abusehk abusehandlerhoneynet connecthoneypot datahoneytrap activityhoneytrap datahoneytrap emulationhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp enumerationhttp probehttp probinghttp request anomalieshttp scannerhttp scanninghttp-attackshttp/shttp_scanhttpshttps probeicmpics securityics/scada attackidentity & access exploitationimapimap brute forceinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_accessinitial_access_attemptinjection activityinjection attacksintel macinternet facing assetinternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-scanninginternet-wide scaninternet_scaninternet_wide_scanintrusion detectioniocioc.ipiocsiot attackiot botnetiot device attackiot exploit attemptsiot securityiot targetediot/ics attackiot_attackip-address-iocipmi scanipmi scanningipp honeyipphoney activityipphoney honeypotipv4ipv4 activityipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4-scanningipv4_addressipv4_scanningit infrastructurejapankhtmlkill-chain exploitationkill-chain reconnaissancelamplamp attacklamp attackslamp exploitlamp exploitationlamp exploitation attemptslamp server attacklamp server targetedlamp stacklamp stack attacklamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp-attackslamp_stack_attacklateral movementlink redirectionlinux exploitlinux malwarelinux serverslinux systemslinux x8664linux-server-attacklinux-server-attackslinux-systemlinux_server_attacksloginlogin attemptlogin attemptslogin brute forcelogin enumerationlogin_attemptlondonlow-riskmail protocol attacksmailoney activitymailoney attackmailoney attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious emailmalicious email activitymalicious file transfermalicious hostmalicious ipmalicious ip activitymalicious ip detectedmalicious ip listmalicious ipsmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious payload detectionmalicious scanmalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptsmalware droppermalware hostingmalware payloadmalware propagationmalware scanningmalware_activitymanualmass port scanmass-scanningmasscanmasscan activitymassive port scanmelbourne regionmicrosoft technologiesmiraimirai botnetmobilemobile securitymobile threatmssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-discoverynetwork_activitynetwork_enumerationnetwork_intrusionnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnmapnmap scan detectednorth americanull scanoceaniaopen port detectionopen port enumerationopen proxyopen_port_discoveryopencanaryoperating systemoperating system securityopportunistic attackeros fingerprintingos xosintosint enrichmentp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignparispassword attackpassword attackspassword cracking attemptspassword sprayingpassword-guessingpassword_attackperimeter securitypgp signphishingphishing attackphishing campaign detectedphishing trapphp injection attemptsping of deathpolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible exploit attemptspossible malware distributionpossible mirai variantpossible reconnaissance activitypossible vulnerability probingpotential botnet activitypotential exploit activitypotential exploit targetingpotential intrusion attemptpotential malicious activitypotential malware deploymentpotential malware distributionpotential malware downloadpotential malware hostingpotential reconnaissance activitypotential threatpotential threat activitypotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpre-attackprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolpublic ip addressespythonransomwareransomware activityraspberry-pirdprdp attacksrdp scanningrdp_scanreconnaissancereconnaissance activityredisredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypot activityremote accessremote access attackremote access attemptremote access attemptsremote code executionremote loginremote service exploitationremote service interactionremote servicesremote_access_serviceresearchedresource hijackingrpcsansscams & fraudscanscannerscanner detectionscanner ipscanner ipsscannersscanning activityscriptscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserver exploitationserver securityservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp intrusion attemptsftp intrusion attemptssftp probingsftp scanningsftp-attacksftp-bruteforcesipsip attackssip brute forcesip enumerationsip scansip scanningsip vulnerability scansip vulnerability scanningsip-attacksskypeslugsmb brute forcesmb scanningsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsocial engineeringsocradarsocradar honeypotsoftware developmentsoftware exploitationspamsql brute forcesql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh monitoringssh scanssh-brute-forcessh-bruteforcessh_scanstealth scansurface websuricata alertsuricata alertssynsyn port scansyn scansystem accesssystem discoveryt-pott1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1040t1041t1046t1047t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1199t1203t1204t1204.002t1205t1210t1213t1486t1490t1496t1497t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1534t1552.001t1555t1559t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1589t1589.002t1590t1590.001t1590.003t1590.005t1590.006t1591t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003t1598t1608tannertanner activitytanner attacktanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp scanningtcp/80tcp/iptcp_scantelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_actor_unknownthreat_intelligencetimeouttokyotor nodetpottpotceubuntuudpudp port scanudp scanudp/161udp_scanunauthorised access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized-access-attemptunited kingdomunited statesunited states of americaunknown threat actorunprotected services exploitationunusual network trafficusus abuseus ip addressus noneus source ipvalid accountsverified-benignvnc protocolvoipvoip attackvoip attacksvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr infrastructure targetedvultr-platformvultr_platform_activityweak credentialsweb apisweb app attackweb application attackweb application attacksweb application scanweb application scanningweb applicationsweb attackweb attacksweb crawling detectionweb developmentweb exploitweb exploitationweb hostingweb infrastructureweb scannerweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-application-attacksweb-serverweb_attackweb_serverwindows malwarewindows ntwordpress attackwordpress attackswordpress exploit attemptswordpress targeted attackswordpress targetingwordpress-exploitation-attemptsxmasxmas scan
Activity Timeline
Jun 16Jun 16
Threat Activity Heatmap
· Peak: 2026-06-16LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
73
SIGNAL
Signal Score
73%
Confidence
38
Reports
First seenMay 30, 2024
Last seenJun 16, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.132.0/22, 147.185.136.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 7 days ago
Appeared in 38 threat reports