IPMediumSignal 74/100
147.185.132.61
Location
United StatesSanta Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
May 30, 2024
Last Seen
Jun 18, 2026
Found in 38 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
38 reports74% confidence
38
Source reports
74%
Confidence score
Category tags
50 ip addresses50_iocsabnormal behaviorabuseabused ssl certificateabuseipdbaccess attemptaccess attemptsaccess controlaccount compromiseaccount discoveryaccount profilingaccount securityaccount takeoverackack scanactive scanactive scanningadbadb attacksadb brute forceadbhoney activityadbhoney attacksadbhoney exploitationadbhoney honeypotadminadministrative accessadversary-in-the-middleae ipsafricaaggressive scanningalibabaalibaba cloudalibaba cloud abusealibaba cloud activityalibaba cloud hostingalibaba cloud ipalibaba cloud ipsalibaba cloud relatedalibaba ispandroid debug bridgeandroid devicesanomalous activityanomalous behavioranomalous ip activityanomalous network activityanomalous trafficanomaly detectionapacheapache attackerapi servicesapkapplication layer protocolapplication scanningapplication_layer_protocolaptapt activityapt groupsapt indicatorsapt suspectedapt targetargentinaasiaatif feedattackattack campaignattack originattack sourceattack surface discoveryattack vector: unknownattacker ipattacker ipsattacker-ipaustraliaaustriaauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication_bypassauto blockedauto blocked ipauto blocked ipsauto-blockedauto-blocked ipauto-blocked ipsauto-generatedauto-generated securityautomated activityautomated analysisautomated attackautomated attacksautomated blockingautomated enumerationautomated mitigationautomated reconnaissance activityautomated scanautomated threatautomated threat responseautomated-attackavg bde 80azerbaijanbackdoor installationbad actorsbad ip addressesbad reputationbad web botbadness detection scorebangladeshbanlist feedbde 80bde 80+bde high scorebde scorebde score 80bde score 80+bde score analysisbde score highbde score thresholdbde score: 80bde score: highbde score:80bde scoringbde: highbde_80be ip addressesbeaconing activitybehavioral anomaliesbehavioral anomalybehavioral detectionbehavioral detection energybelgiumbelgium originbinary defenseblacklist candidateblacklist ipblacklisted ipblacklisted ip addressblacklisted ipsblock listblockedblocked ipblocked ip addressesblog spambolivarian republic ofbotnetbotnet activitybr ip addressesbr originating trafficbr_ipbrazilbrazil based activitybrazil ipbrazil ip activitybrazil ip addressbrazil ip addressesbrazil ipsbrazil originbrazil originating activitybrazil threat actorsbrazil-based activitybrazil-based ipsbrazilian ipsbritainbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force detectionbrute force ftpbrute force sshbrute-forcebrute-force-attackbrute_forcebruteforcebulgariac2c2 activityc2 activity detectedc2 beaconingc2 channelc2 communicationc2 communication attemptc2 frameworkc2 infrastructurec2 serverca ip addressesca_ipcambodiacanadacanada origincertch ipch ip addressesch_ipchilechinachina aptchina based activitychina based attackchina based ipchina based threatschina hosting serviceschina infrastructurechina ip activitychina ip addresschina ip addresseschina ipschina ispchina mobilechina originchina origin concernschina origin ipschina originating activitychina originating ipchina originating ipschina originating trafficchina relatedchina threat actorchina threat actorschina-based activitychina-based attackschina-based ipchina-based ipschina-based threat actorchina-based threat actorschina-based threatschina-linked activitychina-originatedchina-originating ipschina-related activitychina_originating_ipchinese ip addresschinese ipscisco asa targetedcisco attackcisco attackscisco devicecisco device attackcisco device attackscisco device targetingcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securityclient-side exploitationclosecloud abusecloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud infrastructure threatscloud provider abusecloud provider targetingcloud servicescn ipcn ip addresscn ip addressescn ipscn origincn originating trafficcn_ipcnccode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand-line interfacecommand_and_controlcommunication protocolcommunication protocolscommunication securitycompany limitedcompromise assessmentcompromise assessment neededcompromise attemptcompromise indicatorscompromised credentialscompromised credentials attemptcompromised hostcompromised host communicationcompromised host indicatorscompromised hostscompromised infrastructurecompromised ipcompromised systemcompromised system attemptcompromised systemscompromised_infrastructureconnect scanconnected devicesconnection attemptsconnection proxy usageconnection refusalconpotconpot activityconpot attackconpot attacksconpot emulationconpot honeypotconpot ics attackconpot interactioncontainer securitycontent deliverycoordinated attack campaigncosta ricacovert channelcowriecowrie activitycowrie attackcowrie attackscowrie datacowrie emulationcowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential dumpingcredential guessingcredential harvestingcredential stuffingcredential-guessingcredential-stuffingcredential_accesscredential_attackcredentialaccessctacurlcve exploitationcyber threatcyberattackdata breach attemptdata collectiondata encodingdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata exfiltration potentialdata harvesting attemptsdata sourcedata stagingdata store exposuredata theftdata transferdata/local/tmpdatabase attackdatabase attacksdatabase brute forcedatabase exploitationdatabase exploitation attemptdatabase exploitation attemptsdatabase intrusion attemptsdatabase login attemptdatabase securitydatabase serversdcerpcddosddos attackddos attacksddos attemptddos potentialddos preparationddos preventionddos probeddospotde ipde ip addressesde ipsde originating trafficde_ipdecoy systemdefault credentialsdenial of servicedenial-of-servicedenmarkdevice compromise attemptsdevice managementdevice takeoverdictionary attackdictionary_attackdigital oceandigitalocean infrastructuredionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea emulationdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversaldistributed attackdistributed attack origindistributed attack sourcedistributed attacksdnp3dnsdns attackdockerdominican republicdosdropperdropper activitydugganusa threat inteldugganusa threat intelligencedutch ipselasticpot honeypotelasticsearchelasticsearch monitoringemailemerging threatemerging threatsencryptionenterprise networkingenterprise securityenumerationenumeration activityenumeration attemptethernet/ipeu cyber policieseuropeeurope/asiaeuropean countrieseuropean ip addresseseuropean ipseuropean nationseuropean originevasion tacticsexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kitexploit kit activityexploit probingexploit public-facing applicationexploit scanexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexternal access attemptsexternal attackexternal communicationexternal network scanexternal reconnaissanceexternal remote servicesexternal scanexternal threatexternal threat actorexternal threat actorsextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall detectionfr ipfr ip addressfr ip addressesfr ipsfr originfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scanftp_bruteforcefull connect scangalahgeckogeneric intrusiongeo-distributedgeo-distributed activitygeo-distributed attackgeo-distributed attacksgeo-diverse attackgeo-diverse ipsgeo-located ip addressesgeo-located threatgeo-locationgeographic anomalygeographic distributiongeographic diversitygeographic locationgeographic origingeographic sourcegeographic source analysisgeographic source: brazilgeographic source: chinageographic source: degeographic source: germanygeographic source: netherlandsgeographic spreadgeographic threat sourcegeographical distributiongeographically distributedgeographically distributed activitygeographically diversegeographically diverse attackgeographically diverse attacksgeographically diverse ipsgeographically diverse originsgeographically diverse threatgeographically diverse threatsgeoipgeolocated ipsgeolocated threatsgeopolitical threat vectorsgerman-based ipgermanygermany-based activitygermany-based ipgermany-based ipsgermany-originatedgithubglobal activityglobal attackglobal distributionglobal ip distributionglobal ipsglobal threatglobal threat activityglobal threat landscapegluttongopotgreat britaingreat britain-based iphackinghellohellpotheralding activityhigh activityhigh bdehigh bde scorehigh confidencehigh confidence detectionhigh confidence indicatorshigh confidence iocshigh confidence threathigh riskhigh risk indicatorhigh risk indicatorshigh risk iphigh risk ipshigh risk isphigh risk ispshigh risk scorehigh severityhigh suspicionhigh threat levelhigh threat potentialhigh threat scorehigh-risk countryhigh-risk isphigh_bdehigh_bde_scorehighbdehk abusehandlerhoneynet connecthoneypot datahoneytrap activityhoneytrap datahoneytrap emulationhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghostile activityhosting provider abusehosting provider ipshttp attackhttp brute forcehttp exploitationhttp probehttp probinghttp scannerhttp scanninghttp-attackshttp/shttp_bruteforcehttpshttps probehttps scanninghydraicelandicmpics securityics/scadaics/scada attackics/scada attacksics/scada systemsidentity & access exploitationimapimap brute forcein ip addressesin_ipinbound scaninbound trafficindiaindia based activityindia based threatsindia destinationindia ipindia ip addressindia ip addressesindia ipsindia originindia origin ipsindia originating activityindia originating ipindia originating ipsindia originating trafficindia threat actorsindia-based activityindia-based infrastructureindia-based ipindia-based ipsindia-originatedindian ip addressindian ip addressesindian ipsindicatorindicators of compromiseindonesiaindustrial control systemsindustrial iotinformation gatheringinfrastructure abuseinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access attemptsinitial access preparationinitial_accessinjection activityinjection attacksintel macinternal reconnaissanceinternal scaninternational activityinternational threat activityinternational threat actorsinternet facinginternet facing assetsinternet facing systemsinternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceinternet-scanninginternet-wide scaninternet_scannersintrusion detectioniocioc-ipioc.ipiocsiocs detectediocs: 50 ipsiocs: ip addressiocs: ip addressesiocs: ipsiocs:ip addressiocs:ip addressesiot analyticsiot applicationsiot attackiot attacksiot botnetiot exploitationiot platformsiot securityiot targetediot/ics attackiot_attackip-addressesip-onlyippipphoney activityipphoney honeypotipsipv4ipv4 addressesipv4 iocipv4 port scanningipv4 scanningipv4-scanningipv4_addressipv6iraqirelandispisraelitalyjamaicajapanjarmke ip addresseske_ipkenyakenya originkhtmlkibanakill-chain exploitationkill-chain reconnaissanceknown bad actorsknown malicious ipknown malicious ipsknown threat actorknown threat actorskoreakorea, republic ofkyrgyzstanlamplamp attacklamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp-attackslateral movementlateral movement attemptlateral movement attemptslateral movement potentiallateral movement techniqueslcialebanonlinuxlinux malwarelinux serverslinux systemslinux x8664linux-server-attacklinux_server_attackslithuanialog4potlogin attemptlogin attemptslogin failuresloginattacklow-riskmail protocol attacksmailoney activitymailoney attackmailoney attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious activity detectionmalicious communicationmalicious email activitymalicious email detectionmalicious file transfermalicious hostmalicious hostingmalicious hostsmalicious infrastructuremalicious ipmalicious ip activitymalicious ip addressesmalicious ip communicationmalicious ip listmalicious ipsmalicious ipv4malicious ispmalicious ispsmalicious loginmalicious login attemptsmalicious network activitymalicious network communicationmalicious network trafficmalicious originmalicious payloadmalicious payload detectionmalicious powershell activitymalicious scanmalicious script executionmalicious sftp activitymalicious softwaremalicious software detectionmalicious software targetingmalicious ssh activitymalicious sslmalicious trafficmalicious-activitymalicious-login-attemptsmalicious-trafficmalicious_activitymalicious_ipmaliciousactivitymalwaremalware activitymalware analysismalware attemptmalware behaviourmalware c2malware capturemalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware distribution attemptsmalware downloadmalware download attemptsmalware hostingmalware indicatorsmalware infectionmalware propagationmalware scanningmalware trafficmalware_activitymanualmass port scanmass scanningmass-scanningmasscanmassive port scanmedpotmedusamelbourne regionmexican ip addressmexican ip addressesmexican ipsmexicomexico based activitymexico based attacksmexico based threatsmexico ipmexico ip addressmexico ip addressesmexico ipsmexico originmexico originating activitymexico originating ipmexico originating ipsmexico threat actorsmexico-based activitymexico-based ipmexico-based ipsmexico-originatedminermiraimirai botnetmitre att&ckmobilemobile securitymobile threatmodbusmongoliamoroccomssqlmssql brute forcemulti-country activitymulti-country attackmulti-country originmulti-country originsmulti-national activitymulti-national ipsmulti-national source ipsmulti-national threatmulti-regionalmulti-regional targetingmulti-regional threatmulti-source attackmulti-vector attackmultiple attack vectorsmultiple countriesmultiple countries impactedmultiple countries originmultiple country ipsmultiple geographic locationsmultiple geographic originsmultiple geolocation originsmultiple geolocation sourcesmultiple ipsmultiple locationsmultiple origin countriesmultiple origin pointsmultiple originating countriesmultiple originsmultiple protocolsmultiple regionsmultiple_countriesmultiplecountriesmysql brute forcenation-state activitynepalnetherlandsnetherlands based activitynetherlands based ipnetherlands ipnetherlands ip activitynetherlands ip addressesnetherlands ipsnetherlands originnetherlands originating activitynetherlands originating ipnetherlands-based activitynetherlands-based ipnetherlands-based ipsnetworknetwork activitynetwork activity analysisnetwork activity monitoringnetwork analysisnetwork anomaliesnetwork anomalynetwork anomaly detectionnetwork attacksnetwork behaviornetwork behavior analysisnetwork behavior anomalynetwork communicationnetwork connectionnetwork connectionsnetwork discoverynetwork enumerationnetwork exploitationnetwork infiltrationnetwork infrastructurenetwork intrusionnetwork intrusion activitynetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoring requirednetwork port scanningnetwork probenetwork probingnetwork protocolnetwork protocolsnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service scanningnetwork servicesnetwork threatnetwork trafficnetwork traffic analysisnetwork vulnerabilitiesnetwork-based attack attemptsnetwork-devicesnetwork-intrusionnetwork_enumerationnetwork_intrusionnetwork_probingnetwork_reconnetwork_reconnaissancenetwork_service_exploitationnetworkenumerationnew zealandnigerianjratnl ip addressesnl originnl origin ipsnl originating trafficnl_ipnmapnmap scannorth americanorwaynull port scannull scanoceaniaopen port detectionopen port enumerationopen portsopen proxyoperating systemoperating system securityoriginating countries: usoriginating countryos credential dumpingos detectionos fingerprintingos xosintosint enrichmentotx pulseoutbound trafficp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpanamaparaguayparispassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_attackperimeter securitypgp signphilippinesphishingphishing attackphishing trapphp injection attemptsping of deathpolandpop3 brute forceport-scanport-scanningportscanpossible aptpossible apt activitypossible botnetpossible botnet activitypossible brute forcepossible c2possible c2 activitypossible compromisepossible coordinated attackpossible credential accesspossible credential stuffingpossible data exfiltrationpossible ddos participationpossible exploit activitypossible exploit attemptpossible exploit attemptspossible exploitationpossible exploitation attemptspossible intrusionpossible intrusion attemptspossible lateral movementpossible malwarepossible malware activitypossible malware communicationpossible malware distributionpossible malware downloadpossible malware dropperpossible malware hostingpossible malware infectionpossible malware propagationpossible malware trafficpossible mirai variantpossible reconnaissancepossible state-sponsored activitypossible threat actorpossible vulnerability exploitationpossible vulnerability scanningpotential adversarial infrastructurepotential apt activitypotential attackpotential attack originpotential attack preparationpotential botnetpotential botnet activitypotential brute forcepotential c2potential c2 activitypotential compromisepotential coordinated attackpotential credential accesspotential credential theftpotential data exfiltrationpotential exfiltrationpotential exploitpotential exploit activitypotential exploit attemptspotential exploit targetingpotential exploitationpotential global targetingpotential initial accesspotential intrusionpotential intrusion attemptpotential lateral movementpotential malicious activitypotential malicious hostingpotential malicious infrastructurepotential malwarepotential malware activitypotential malware beaconingpotential malware deploymentpotential malware distributionpotential malware hostingpotential malware infectionpotential malware sourcepotential network exploitationpotential network intrusionpotential network reconnaissancepotential ratpotential reconnaissancepotential reconnaissance activitypotential state-sponsored activitypotential state-sponsored actorpotential state-sponsored threatpotential threatpotential threat activitypotential threat actorpotential threat actorspotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential_intrusionpotential_threatpotentially maliciouspre-attackprivilege escalationprobable scanprobingprocess injectionprotocol abuseprotocol exploitationprotocol-abuseprotocol: tcpprotocol: udpprotocol: unknownproxyproxy accessproxy protocolpublic-facing application attackpublicly accessible servicespythonqatarransomwarercerdprdp abuserdp attacksrdp scanningreconnaissancereconnaissance activityreconnaissance activity detectedredis exploitationredis honeypotredishoneypot activityregional securityremote accessremote access activityremote access attackremote access attacksremote access attemptremote access attemptsremote access serviceremote access toolingremote access toolsremote access trojanremote code executionremote file copyremote serviceremote service exploitationremote servicesremote services exploitationremote system discoveryremote_accessrepublic ofreputation analysisreputation-based blockingresearchedresource developmentresource exhaustionresource hijackingromaniaru ip addressru originrussiarussia iprussia originating activityrussia threat actorrussian federationsansscada/ics attacksscams & fraudscanscannerscanner activityscanner detectionscannersscanning activityscanning and reconnaissancescanning toolscanning_activityscripting attackssecurity eventsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserbiaserver exploitationserver securityservice detectionservice discoveryservice enumerationservice exploitationservice probingservice scanservice scanningservice version detectionservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptsftp probingsftp scanningsftp-attacksftp-bruteforceshell accessshell access attemptsingaporesingapore ipsip attackssip brute forcesip enumerationsip scansip scanningsip vulnerability probingsip-attackssippsliver c2 frameworkslugsmart devicessmb abusesmb attackssmb brute forcesmb exploitationsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp scanningsmtp traffic analysissnaresocial engineeringsocradarsocradar honeypotsoftware exploitationsouth africasouth americasouth koreaspainspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh monitoringssh scanssh-brute-forcessh-bruteforcessh_bruteforcesslssl certificatessl certificate analysisssl certificate anomaliesssl certificate enrichmentssl certificate validationssl certificate verificationssl enrichmentssl-enrichmentssl/tlsssl_analysisstate-sponsored activitystate-sponsored threatstealthstealth scansurface websuricata alertsuricata alertssuspected botnet activitysuspected brute forcesuspected compromisesuspected data exfiltrationsuspected intrusionsuspected intrusion attemptssuspected malicious activitysuspected malwaresuspected malware activitysuspected malware distributionsuspected port scanningsuspected reconnaissancesuspected_attackswedenswitzerland ip addressesswitzerland ipsswitzerland-based ipsynsyn port scansyn scansyrian arab republicsystem discoverysystem disruptiont-pott1003t1005t1006t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1040t1041t1043t1046t1047t1048t1049t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059_command_and_scripting_interpretert1064t1065t1068t1069.001t1070t1071t1071 relatedt1071.001t1071.001_application_layer_protocol_web_protocolst1071.004t1071_application_layer_protocolt1074t1076t1077t1078t1078.001t1078.002t1078.004t1078_valid_accountst1083t1086t1087t1087.001t1087.002t1088t1090t1090.003t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1190_exploit_public-facing_applicationt1195t1199t1203t1204t1204.002t1205t1210t1213t1486t1490t1496t1497t1497.001t1499.001t1499.002t1499.003t1505.002t1505.004t1535t1539t1550t1550.002t1550.003t1555t1555.003t1556t1557t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1568.002t1569t1570t1571t1572t1573t1573.001t1573.002t1583t1583.001t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.004t1590.005t1590.006t1591t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003t1598t1608taiwantaiwan origintannertanner activitytanner attacktanner attackstanner eventstanner exploitstanner incidenttanner interactionstanner web attacktargeted scantargeting databasetcptcp protocoltcp scantcp scanningtcp/23tcp/3306tcp/5555tcp/80tcp/iptelecommunicationstelnet attackstelnet attemptstelnet threattelnet-brute-forcetencenttencent hostingtencent iptencent ipstencent isptencent relatedthreat activitythreat actorthreat actor activitythreat actor associationthreat actor attributionthreat actor infrastructurethreat actor regionthreat actorsthreat detectionthreat feedthreat hostingthreat hosting ispthreat intel feedthreat intelligencethreat intelligence feedthreat origin analysisthreat preventionthreat sourcethreat-intelthreat-intelligencetimeouttlstokyotor nodetorontotpottpotcetraffic analysistraffic anomalytraffic monitoringtrinityturkeytw ip addressestw_ipuaeuae originubuntuudp port scanudp scanukraineunattributed threat actorunauthorised access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized probingunauthorized-access-attemptunidentified threat actorunited arab emiratesunited kingdomunited statesunited states ipunited states ipsunited states of americaunited states originunited states-based activityunited states-based ipsunknown adversaryunknown threat actorunspecified c2 frameworksunusual network behaviorunusual network trafficunusual traffic patternsusus based activityus based attacksus based ipus based threatsus destinationus ip activityus ip addressus ip addressesus noneus originus origin ipsus originating activityus originating ipus originating ipsus originating trafficus source ipus threat actorsus-based activityus-based infrastructureus-based ipus-based ipsus-originatedus_ipusa originusa originating trafficuser enumerationuzbekistanvalid accountsvenezuela, bolivarian republic ofverified-benignversion detectionviet namvietnamvnc protocolvoipvoip attackvoip systemsvulnerability scanvulnerability-scanningvultrvultr infrastructure targetedweak credentialswebweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb crawling detectionweb developmentweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb protocolsweb scannerweb serverweb server attacksweb serversweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-application-attacksweb-serversweb_attackwebscanwebscannerwgetwinwindowswindows malwarewindows ntwordpotwordpress attackwordpress attackswordpress exploit attemptswordpress-exploitation-attemptsxmasxmas port scanxmas scan
Activity Timeline
Jun 18Jun 18
Threat Activity Heatmap
· Peak: 2026-06-18LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
38
Reports
First seenMay 30, 2024
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
- raw
- NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.132.0/22, 147.185.136.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN
- references
- https://github.com/telekom-security/tpotce, https://chiraba.com:8443/hourly, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 6 days ago
Appeared in 38 threat reports