IPMediumSignal 58/100
147.185.132.57
Location
United StatesSanta Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
May 30, 2024
Last Seen
Jun 21, 2026
Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
35 reports58% confidence
35
Source reports
58%
Confidence score
Category tags
50 ip addresses50_iocsabnormal behaviorabuseabuse scoreabused ssl certificateabuseipdbaccessaccess attemptsaccess controlaccount compromiseaccount discoveryaccount profilingaccount securityaccount takeoverackack scanactionactive reconnaissanceactive scanactive scanningadbadb brute forceadb exploit attemptsadb scanningadbhoney activityadbhoney honeypotadminadministrative accessadversary infrastructureadversary-in-the-middleadvertising campaignadvertising spamae ipae ipsafricaaggressive scanningalibabaalibaba cloudalibaba cloud abusealibaba cloud activityalibaba cloud hostingalibaba cloud ipalibaba cloud ipsalibaba cloud relatedalibaba ispamerican expressamerican express companyandroid devicesanomalous activityanomalous behavioranomalous ip activityanomalous network activityanomalous trafficanomaly detectionapacheapache attackerapiapplication layer protocolapplication_layer_protocolaptapt activityapt groupsapt indicatorsapt suspectedapt targetargentinaasiaattackattack campaignattack originattack sourceattack vector: unknownattack vectorsattacker-ipaustraliaaustriaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauto blockedauto blocked ipauto blocked ipsauto-blockedauto-blocked ipauto-blocked ipsauto-generatedauto-generated securityautomated activityautomated analysisautomated attackautomated attack activityautomated attacksautomated blockingautomated mitigationautomated scanautomated threatautomated threat responseautomated-attackavg bde 80azerbaijanbad actorsbad ip addressesbad reputationbad web botbadness detection scorebangladeshbanner grabbing attemptbde 80bde 80+bde scorebde score 80bde score 80+bde score analysisbde score highbde score thresholdbde score: 80bde score: highbde score:80bde scoringbde: highbde_80be ip addressesbeaconing activitybehavioral anomaliesbehavioral anomalybehavioral detectionbehavioral detection energybelgiumbelgium originblacklist candidateblacklisted ipblacklisted ipsblock listblockedblocked ipblocked ip addressesblog spambolivarian republic ofbotnetbotnet activitybr ip addressesbr originating trafficbr_ipbrazilbrazil based activitybrazil ipbrazil ip activitybrazil ip addressbrazil ip addressesbrazil ipsbrazil originbrazil originating activitybrazil threat actorsbrazil-based activitybrazil-based ipsbrazilian ipsbritainbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force detectionbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcebulgariabulk messagingc2c2 activityc2 activity detectedc2 beaconingc2 channelc2 communicationc2 communication attemptc2 frameworkc2 infrastructurec2 serverca ip addressesca_ipcambodiacanadacanada origincertch ipch ip addressesch_ipchilechinachina aptchina based activitychina based attackchina based ipchina based ipschina based threatschina infrastructurechina ip activitychina ip addresschina ip addresseschina ipschina ispchina mobilechina originchina origin concernschina origin ipchina origin ipschina originatingchina originating activitychina originating ipchina originating ipschina originating trafficchina relatedchina threat actorchina threat actorschina-based activitychina-based attackschina-based ipchina-based ipschina-based threat actorchina-based threat actorschina-based threatschina-linked activitychina-originatedchina-originated attackschina-originating ipschina-related activitychina_originating_ipchinese ip addressciscocisco asacisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco exploitscitrix attackcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securityclient-side exploitationcloud abusecloud infrastructurecloud infrastructure attackcloud infrastructure threatscloud providercloud provider targetingcloud servicescloud-infrastructurecn ipcn ip addresscn ip addressescn ipscn origincn originating trafficcn_ipcnccode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand-line interfacecommentcommunication protocolcommunication protocolscommunication securitycompany limitedcompromise assessmentcompromise assessment neededcompromise attemptcompromise indicatorscompromised credentialscompromised hostcompromised host communicationcompromised host indicatorscompromised hostscompromised infrastructurecompromised ipcompromised systemcompromised system attemptcompromised system detectioncompromised systemscompromised_infrastructureconfigconnectconnect scanconnected devicesconnection attemptsconnection proxy usageconnection refusalconpotconpot activityconpot emulationconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactioncontainer securitycoordinated attack campaigncosta ricacowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie emulationcowrie honeypotcowrie honeypot datacowrie interactioncowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute forcingcredential compromisecredential dumpingcredential guessingcredential harvestingcredential stuffingcredential theftcredential-stuffingcredential_accessctacurlcvecyber threatdata collectiondata encodingdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata exfiltration potentialdata scrapingdata sourcedata stagingdata store exposuredata theftdata transferdatabase attackdatabase attacksdatabase exploitationdatabase exploitation attemptsdatabase login attemptdatabase probingdatabase securitydatabase serversdcerpcdcomdcom exploitationddosddos attackddos attack indicatorsddos attacksddos attemptddos potentialddos preparationddos preventionddos probeddos reflectionddospotde ipde ip addressesde ipsde originating trafficde_ipdecoy systemdelhidenial of servicedenial-of-servicedenmarkdevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea emulationdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdistributed attackdistributed attack origindistributed attack sourcedistributed attacksdnp3dnsdns attackdockerdominican republicdugganusa threat inteldugganusa threat intelligencedutch ipselasticpot activityelasticpot attackselasticpot exploitationelasticpot honeypotelasticsearchelasticsearch monitoringemailemerging threatemerging threatsencryptionenterprise networkingenterprise securityenumerationethernet/ipeu cyber policieseuropeeurope/asiaeuropean countrieseuropean ip addresseseuropean ipseuropean nationseuropean originevasion tacticsexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploit: web applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexternal access attemptsexternal attackexternal communicationexternal network scanexternal reconnaissanceexternal remote servicesexternal scanexternal threatexternal threat actorexternal threat actorsexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinancefinlandfirewall detectionfirewall evasionfr ipfr ip addressfr ip addressesfr ipsfr originfr-originated attacksfrancefrance-based activityfrance-based ipsfrance-based threat actorsfrance-based threatsfraudfraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scanftp scanningftp_brute_forceftp_bruteforceftp_scangalahgeo-distributedgeo-distributed activitygeo-distributed attackgeo-distributed attacksgeo-diverse attackgeo-diverse ipsgeo-located ip addressesgeo-located threatgeo-locationgeographic anomalygeographic distributiongeographic diversitygeographic locationgeographic origingeographic sourcegeographic source analysisgeographic source: brazilgeographic source: chinageographic source: degeographic source: germanygeographic source: netherlandsgeographic spreadgeographic threat sourcegeographical distributiongeographically distributedgeographically distributed activitygeographically diversegeographically diverse attackgeographically diverse attacksgeographically diverse ipsgeographically diverse originsgeographically diverse sourcesgeographically diverse threatgeographically diverse threatsgeoipgeolocated ipsgeopolitical threat vectorsgerman-based ipgermanygermany-based activitygermany-based ipgermany-based ipsgermany-originatedgithubglobal activityglobal attackglobal distributionglobal ipsglobal network activityglobal threatglobal threat activityglobal threat landscapegluttongopotgreat britaingreat britain-based ipgroupshackinghellpotheralding activityheralding attacksheralding behaviorheralding probesheralding probinghigh activityhigh bdehigh bde scorehigh confidencehigh confidence detectionhigh confidence indicatorshigh confidence iocshigh confidence threathigh riskhigh risk indicatorhigh risk indicatorshigh risk iphigh risk ipshigh risk isphigh risk ispshigh risk scorehigh severityhigh suspicionhigh threat levelhigh threat potentialhigh threat scorehigh-risk countryhigh-risk isphigh_bdehigh_bde_scorehighbdehk abusehandlerhk iphk ip addresseshk ipshk-originated attackshoneytrap activityhoneytrap datahoneytrap emulationhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghong kong ipshong kong originhong kong-based activityhong kong-based ipshong kong-based threatshosting provider ipshttphttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttp_bruteforcehttp_scanhttpshttps scanninghuaweihuntericelandicmpics securityics/scadaics/scada attackics/scada systemsidentity & access exploitationids evasionillegal service advertisingimagesimapimap brute forcein ip addressesin_ipinbound scaninbound trafficindiaindia based activityindia based threatsindia destinationindia ipindia ip addressindia ip addressesindia ipsindia originindia origin ipsindia originating activityindia originating ipindia originating ipsindia originating trafficindia phone numbersindia spamindia threat actorsindia-based activityindia-based infrastructureindia-based ipindia-based ipsindia-originatedindian ip addressindian ip addressesindicatorindicators of compromiseindonesiaindustrial control systemsindustrial iotinfoinformation gatheringinformation technologyinfrastructure abuseinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial access activityinitial access attemptsinitial access vectorinitial_accessinjection activityinjection attacksinternal reconnaissanceinternal scaninternational activityinternational threat activityinternational threat actorsinternet facing systemsinternet of thingsinternet wide scaninternet-facinginternet-facing serviceinternet-scanninginternet-wide scaninternet_scaninternet_wide_scanintrusion detectioniocioc.ipiocsiocs detectediocs: 50 ipsiocs: ip addressiocs: ip addressesiocs: ipsiocs:ip addressiocs:ip addressesiosiot analyticsiot applicationsiot botnetiot device targetingiot platformsiot securityiot targetediot/ics attackip-addressesip-onlyipmi scanningipphoney activityipphoney honeypotipsipv4ipv4 addressesipv4 indicatorsipv4 port scanningipv4 scanningipv4-addressesipv4-scanningipv4_scanningipv6iraqirelandisraelit infrastructureitalyjamaicajapanjarmke ip addresseske_ipkenyakenya originkibanaknown bad actorsknown malicious ipsknown threat actorskoreakorea, republic ofkyrgyzstanlajpat nagarlamplamp attacklamp attackslamp exploitlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlateral movementlateral movement attemptlateral movement attemptslateral movement potentiallcialebanonlinuxlinux serverslinux systemslinux-server-attacklinux_server_attackslithuanialog4potloginlogin attemptlogin attemptslogin failureslogin pagemail protocol attacksmailoney activitymailoney attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectionmalicious campaignmalicious code detectionmalicious communicationmalicious emailmalicious file transfermalicious hostmalicious hostingmalicious hostsmalicious infrastructuremalicious ipmalicious ip activitymalicious ip addressesmalicious ip communicationmalicious ip detectedmalicious ip listmalicious ipsmalicious ispmalicious ispsmalicious login attemptsmalicious network activitymalicious network communicationmalicious network trafficmalicious originmalicious payloadmalicious payload detectionmalicious powershell activitymalicious python scriptsmalicious scanmalicious sftpmalicious sftp activitymalicious sip activitymalicious softwaremalicious sshmalicious ssh activitymalicious sslmalicious trafficmalicious-login-attemptsmalicious-trafficmalicious_activitymalicious_ipmaliciousactivitymalwaremalware activitymalware analysismalware behaviourmalware c2malware capturemalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware distribution attemptsmalware downloadmalware download attemptmalware download attemptsmalware hostingmalware indicatorsmalware infectionmalware propagationmalware propagation attemptmalware scanningmalware trafficmalware_activitymanualmass port scanmass scanningmass scanning activitymass-scanningmasscan activitymedpotmexican ip addressmexican ip addressesmexican ipsmexicomexico based activitymexico based attacksmexico based threatsmexico ipmexico ip addressmexico ip addressesmexico ipsmexico originmexico originating activitymexico originating ipmexico originating ipsmexico threat actorsmexico-based activitymexico-based ipmexico-based ipsmexico-originatedmicrosoft technologiesmiraimirai botnetmitre att&ckmobile threatmodbusmongoliamoroccomssqlmulti-country activitymulti-country attackmulti-country originmulti-country originsmulti-country threat activitymulti-national activitymulti-national ipsmulti-national source ipsmulti-national threatmulti-regionalmulti-regional targetingmulti-regional threatmulti-source attackmulti-vector attackmultiple attack vectorsmultiple countriesmultiple countries impactedmultiple countries originmultiple country ipsmultiple geographic locationsmultiple geographic originsmultiple geolocation ipsmultiple geolocation originsmultiple geolocation sourcesmultiple ipsmultiple locationsmultiple origin countriesmultiple origin countrymultiple origin pointsmultiple originating countriesmultiple originsmultiple protocolsmultiple regionsmultiple_countriesmultiplecountriesmysql brute forcenation-state activitynepalnetherlandsnetherlands based activitynetherlands based ipnetherlands ipnetherlands ip activitynetherlands ip addressesnetherlands ipsnetherlands originnetherlands originating activitynetherlands originating ipnetherlands-based activitynetherlands-based ipnetherlands-based ipsnetworknetwork activitynetwork activity analysisnetwork activity monitoringnetwork analysisnetwork anomaliesnetwork anomalynetwork anomaly detectionnetwork attacksnetwork behaviornetwork behavior analysisnetwork behavior anomalynetwork communicationnetwork connectionnetwork connectionsnetwork discoverynetwork enumerationnetwork exploitationnetwork infiltrationnetwork infrastructurenetwork intrusionnetwork intrusion activitynetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork mappingnetwork monitoringnetwork monitoring requirednetwork probenetwork probingnetwork protocolnetwork protocolsnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service scanningnetwork servicesnetwork threatnetwork trafficnetwork traffic analysisnetwork vulnerabilitiesnetwork-based attack attemptsnetwork-intrusionnetwork-reconnaissancenetwork_intrusionnetwork_reconnetwork_reconnaissancenetwork_scannetworkenumerationnetworkscanningnew zealandnigerianjratnl ip addressesnl originnl origin ipsnl originating trafficnl_ipnmap scan detectedno known attributionnorth americanorwaynull port scannull scanoceaniaopen port detectionopen port enumerationopen port identificationopen portsopen proxyopen_port_discoveryoperating systemoperating system securityopportunistic attackeroriginating countries: usoriginating countryos credential dumpingos detectionos fingerprintingoutbound trafficp0fp0f fingerprintingp0f network fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpanamaparaguayparispassword attackpassword attackspassword crackingpassword sprayingperimeter securitypgp signphilippinesphishingphishing attackphishing trapphone number spamphone spampingping of deathpngpolandpop3 brute forceport-scanport-scanningportscanpossible aptpossible apt activitypossible botnetpossible botnet activitypossible brute forcepossible c2 activitypossible compromisepossible coordinated attackpossible credential accesspossible data exfiltrationpossible ddos participationpossible exploit activitypossible exploit attemptpossible exploit attemptspossible exploitationpossible exploitation attemptspossible intrusionpossible intrusion attemptspossible lateral movementpossible malwarepossible malware activitypossible malware communicationpossible malware distributionpossible malware downloadpossible malware hostingpossible malware infectionpossible malware payloadpossible malware probingpossible malware trafficpossible mirai variantpossible reconnaissancepossible state-sponsored activitypossible threat actorpossible vulnerability exploitationpossible vulnerability probingpossible vulnerability scanningpotential adversarial infrastructurepotential aptpotential apt activitypotential attackpotential attack originpotential attack preparationpotential botnetpotential botnet activitypotential brute forcepotential c2potential c2 activitypotential compromisepotential coordinated attackpotential credential accesspotential credential compromisepotential data exfiltrationpotential exfiltrationpotential exploitpotential exploit activitypotential exploit targetingpotential exploitationpotential global targetingpotential initial accesspotential intrusionpotential intrusion attemptpotential lateral movementpotential malicious activitypotential malicious hostingpotential malicious infrastructurepotential malwarepotential malware activitypotential malware deliverypotential malware deploymentpotential malware distributionpotential malware hostingpotential malware infectionpotential malware sourcepotential network exploitationpotential network intrusionpotential network reconnaissancepotential ratpotential reconnaissancepotential reconnaissance activitypotential state-sponsored activitypotential state-sponsored actorpotential state-sponsored threatpotential threatpotential threat activitypotential threat actorpotential threat actorspotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpotential_intrusionpotential_threatpotentially maliciouspre-attackprivilege escalationprobable scanprocess injectionprotocol exploitationprotocol-abuseprotocol: tcpprotocol: udpprotocol: unknownprotocol_enumerationproxyproxy accesspublic-facing application attackpythonqatarransomwareransomware activityrcerdprdp abuserdp attacksrdp protocolrdp scanningrdp_scanreconnaissancereconnaissance activityreconnaissance activity detectedredis brute forceredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypotredishoneypot activityregional securityremote accessremote access abuseremote access activityremote access attackremote access attemptremote access attemptsremote access serviceremote access toolingremote access toolsremote access trojanremote code executionremote file copyremote loginremote serviceremote service exploitationremote servicesremote services exploitationremote system discoveryremote_accessremote_servicerepublic ofreputation analysisreputation-based blockingresearchedresource hijackingromaniarpcru ip addressru originrussiarussia iprussia originatingrussia originating activityrussia threat actorrussian federationsansscada/ics attacksscamscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscanning and reconnaissancescanning toolscanning_activityscriptscripting attacksscriptssecurity eventsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserbiaserverserver exploitationserver securityservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionservice_enumerationsex services advertisementsex worksftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp intrusion attemptsftp probingsftp protocolsftp scanningsftp-attacksg-originated attacksshellshell accessshell access attemptsingaporesingapore ipsingapore ipssingapore originsingapore origin ipsingapore originating ipsingapore-based activitysingapore-based ipssingapore-based threat actorssingapore-based threatssingle ip attacksipsip attackssip brute forcesip heraldingsip probingsip protocolsip scansip scanningsip vulnerability scansip_attacksippskypesliver c2 frameworkslugsmart devicessmb abusesmb attackssmb scanningsmssms spamsms spam campaignsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsocradar honeypotsoftware developmentsoftware exploitationsouth africasouth americasouth koreaspainspamspam advertisementspam campaignsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh monitoringssh protocolssh scanssh-brute-forcessh_brute_forcessh_bruteforcessh_scansslssl certificatessl certificate analysisssl certificate anomaliesssl certificate enrichmentssl certificate validationssl certificate verificationssl enrichmentssl-enrichmentssl/tlsssl_analysisstate-sponsored activitystate-sponsored threatstealthstealth scansurface websuricata alertssuspected botnet activitysuspected brute forcesuspected compromisesuspected data exfiltrationsuspected intrusionsuspected intrusion attemptssuspected malicious activitysuspected malwaresuspected malware activitysuspected malware distributionsuspected port scanningsuspected reconnaissancesuspected_attackswedenswitzerland ip addressesswitzerland ipsswitzerland-based ipsynsyn port scansyn scansyrian arab republicsystem discoverysystem disruptiont1003t1005t1006t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1043t1046t1047t1048t1049t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1059_command_and_scripting_interpretert1065t1068t1069.001t1070t1071t1071.001t1071.001_application_layer_protocol_web_protocolst1071.002t1071.004t1071_application_layer_protocolt1074t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1078_valid_accountst1083t1086t1087t1087.001t1087.002t1088t1090t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1190_exploit_public-facing_applicationt1192t1195t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1535t1539t1550t1550.002t1550.003t1555t1555.003t1556t1557t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1567.001t1568t1568.002t1569t1570t1571t1572t1573t1573.001t1573.002t1583t1583.006t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1591t1592t1592.002t1595t1595.001t1595.002t1595.003t1598t1598.003t1608taiwantaiwan origintannertanner activitytanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp/23tcp/3306tcp/5900tcp/80tcp_scantelecommunicationtelecommunicationstelephone harassmenttelnet attackstelnet attemptstelnet scanningtelnet threattelnet-brute-forcetencenttencent hostingtencent iptencent ipstencent isptencent relatedthreatthreat activitythreat actorthreat actor activitythreat actor attributionthreat actor infrastructurethreat actor regionthreat actorsthreat detectionthreat feedthreat hostingthreat hosting ispthreat intel feedthreat intelligencethreat intelligence feedthreat origin analysisthreat preventionthreat sourcethreat-intelthreat-intelligencethreat_actor_unknownthreat_intelligencetimeouttlstor nodetorontotpottpotcetraffic analysistraffic anomalytraffic monitoringttpsturkeytw ip addressestw_ipuaeuae originudpudp port scanudp scanudp_scanukraineunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized scanningunauthorized-access-attemptunidentified threat actorunited arab emiratesunited kingdomunited statesunited states ipunited states ipsunited states of americaunited states originunited states originatingunited states-based activityunited states-based ipsunited states-based threatsunknown adversaryunknown threat actorunsolicited communicationunsolicited contactunspecified c2 frameworksunusual network activityunusual traffic patternsusus based activityus based attacksus based ipus based threatsus destinationus ip activityus ip addressus ip addressesus noneus originus origin ipsus originating activityus originating ipus originating ipsus originating trafficus sourceus threat actorsus-based activityus-based infrastructureus-based ipus-based ipsus-originatedus-originated attacksus_ipusa originusa originating trafficuzbekistanvalid accountsvalidatorvenezuela, bolivarian republic ofverified-benignversion detectionviet namvietnamvnc protocolvoipvoip attackvoip systemsvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr_platform_activitywebweb app attackweb applicationweb application attackweb application attacksweb application probingweb application scanweb application scanningweb attackweb attacksweb exploit attemptweb exploitationweb exploitsweb login attemptweb protocolsweb scannerweb serverweb server attacksweb server exploitationweb serversweb serviceweb shellweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb_attackwells fargo bankwestpac new zealandwgetwinwindowswordpotxmasxmas port scanxmas scan
Activity Timeline
Jun 21Jun 21
Threat Activity Heatmap
· Peak: 2026-06-21LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
35
Reports
First seenMay 30, 2024
Last seenJun 21, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.132.0/22, 147.185.136.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN
- references
- https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 5 days ago
Appeared in 35 threat reports