IPMediumSignal 79/100
147.185.132.66
Location
United StatesSanta Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
May 30, 2024
Last Seen
Jun 12, 2026
May 30
First Seen
742d ago
Jun 12
Last Seen
today
39
Reports
source reports
79%
Confidence
medium
12/91
VirusTotal
detections
Found in 39 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
79%
Signal Score
79 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
39 reports79% confidence
39
Source reports
79%
Confidence score
Category tags
50 ip addresses50_iocsabnormal behaviorabuseabused ssl certificateabuseipdbaccessaccess attemptsaccess controlaccount compromiseaccount discoveryaccount profilingaccount securityaccount takeoverackack scanactive scanactive scanningactor listadbadb scanningadbhoney activityadbhoney honeypotadbhoney interactionsadminadministrative accessadversary-in-the-middleaegisafricaaggressive scanningalibabaalibaba cloudalibaba cloud abusealibaba cloud activityalibaba cloud hostingalibaba cloud ipalibaba cloud ipsalibaba cloud relatedalibaba ispalibaba relatedallamberanomalous activityanomalous behavioranomalous ip activityanomalous network activityanomalous network connectionsanomalous trafficanomaly detectionapacheapache attackerapplication layer protocolapplication_layer_protocolaptapt activityapt groupsapt indicatorsapt suspectedapt targetargentinaasiaattackattack campaignattack originattack sourceattack surface discoveryattack vector: unknownattack vectorsattacker infrastructureattacker ipattacker-ipaustraliaaustriaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication-attemptsauto blockedauto blocked ipauto blocked ipsauto-blockedauto-blocked ipauto-blocked ipsauto-generatedautomated activityautomated analysisautomated attackautomated attacksautomated blockingautomated mitigationautomated scanautomated scanningautomated threatautomated threat responseautomated-attackautomated_attackaverage bde 80avg bde 80azerbaijanbad actorsbad ip addressesbad reputationbad web botbadness detection scorebangladeshbde 80bde 80+bde high scorebde scorebde score 80bde score 80+bde score analysisbde score highbde score thresholdbde score: 80bde score: highbde score:80bde scoringbde: highbde_80be ip addressesbeaconing activitybehavioral anomalybehavioral detectionbehavioral detection energybelgiumbelgium originblacklist candidateblacklist ipblacklisted ipblacklisted ip addressblacklisted ipsblock listblock rateblock.txtblockedblocked ipblocked ip addressesblocklist_allblog spambolivarian republic ofbotnetbotnet activitybr ip addressesbr originating trafficbr_ipbrazilbrazil based activitybrazil ipbrazil ip activitybrazil ip addressbrazil ip addressesbrazil ipsbrazil originbrazil originating activitybrazil threat actorsbrazil-based activitybrazil-based ipsbrazilian ipsbritainbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force detectionbrute force potentialbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcebulgariac2c2 activityc2 activity detectedc2 beaconingc2 channelc2 communicationc2 communication attemptc2 frameworkc2 infrastructurec2 serverca ip addressesca_ipcambodiacanadacanada origincertch ipch ip addressesch_ipchilechinachina aptchina based activitychina based attackschina based ipchina based threatschina hosting serviceschina infrastructurechina ip activitychina ip addresschina ip addresseschina ipschina ispchina mobilechina originchina origin concernschina origin ipschina originating activitychina originating ipchina originating ipschina originating trafficchina relatedchina threat actorchina threat actorschina unicomchina-based activitychina-based attackschina-based ipchina-based ipschina-based threat actorchina-based threat actorschina-based threatschina-linked activitychina-originatedchina-originating ipschina-related activitychina_originating_ipchinese ip addresschinese ipsciscocisco asacisco asa targetedcisco attackcisco brute forcecisco devicecisco device attackcisco device scanningcisco device targetingcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_device_attackcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securityclassclient-side exploitationcloud abusecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure threatscloud providercloud provider abusecloud provider targetingcloud servicescn ipcn ip addressescn ipscn originating trafficcn_ipcnccode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommand-line interfacecommunication protocolcommunication securitycommunication technologiescompany limitedcompromise assessmentcompromise assessment neededcompromise attemptcompromise indicatorscompromised credentialscompromised credentials attemptcompromised hostcompromised host communicationcompromised host indicatorscompromised hostscompromised infrastructurecompromised ipcompromised systemcompromised system attemptcompromised systemscompromised_infrastructureconnectconnect scanconnected devicesconnection attemptsconnection proxy usageconnection refusalconpotconpot activityconpot attackconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot ics/scada honeypotconpot interactionconpot interactionscontainer securitycoordinated attack campaigncorazacosta ricacountcountrycovert channelcowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detected activitycowrie detectioncowrie honeypotcowrie honeypot detectioncowrie interactioncowrie interactionscowrie logscowrie session detectedcowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute-forcingcredential compromisecredential dumpingcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscredential_stuffingctacurlcvecve exploitationcyber threatdaily_sourcesdata breach attemptdata collectiondata encodingdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata exfiltration potentialdata sourcedata stagingdata store exposuredata theftdata transferdatabase attackdatabase attacksdatabase brute forcedatabase intrusion attemptdatabase login attemptdatabase probingdatabase securitydatabase_serverdcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos potentialddos preparationddos preventionddos probeddos probingddospotde ipde ip addressesde ipsde originating trafficde_ipdecoy systemdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdenmarkdevice compromise attemptsdevice managementdictionary attackdictionary_attackdigital oceandiners club internationaldionaeadionaea activitydionaea attackdionaea capturedionaea detectiondionaea exploitsdionaea honeypotdionaea interactionsdionaea malwaredionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attackdistributed attack origindistributed attacksdnsdns attackdockerdominican republicdosdropperdropsdugganusa threat inteldugganusa threat intelligencedutch ipselasticpot activityelasticpot attackselasticpot dataelasticpot honeypotelasticsearchelasticsearch monitoringemailemerging threatemerging threatsencryptionenterprise networkingenterprise securityentropyenumerationenumeration attempteu cyber policieseuropeeurope/asiaeuropean countrieseuropean ipeuropean ip addresseuropean ip addresseseuropean ipseuropean nationseuropean originevasion tacticseventsexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kitexploit kit activityexploit probingexploit public-facing applicationexploit scanexploit targetingexploit vulnerabilityexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploitation_attemptexploited hostexternal access attemptsexternal attackexternal attackersexternal communicationexternal network scanexternal remote servicesexternal scanexternal scanningexternal threatexternal threat actorexternal threat actorsexternal_threatextortionfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfieldfilefinfin scanfinlandfirewall evasionfirewall eventfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp_bruteforceftp_scanfullgalahgeneric intrusiongeo-distributedgeo-distributed activitygeo-distributed attackgeo-distributed attacksgeo-diversegeo-diverse attackgeo-diverse ipsgeo-located ip addressesgeo-located threatgeo-locationgeographic anomalygeographic distributiongeographic diversitygeographic locationgeographic origingeographic sourcegeographic source analysisgeographic source: brazilgeographic source: chinageographic source: degeographic source: germanygeographic source: netherlandsgeographic spreadgeographic threat sourcegeographical distributiongeographically distributedgeographically distributed activitygeographically diversegeographically diverse attackgeographically diverse attacksgeographically diverse ipsgeographically diverse originsgeographically diverse threatgeographically diverse threatsgeoipgeolocated threatsgeopolitical threat vectorsgerman-based ipgermanygermany-based activitygermany-based ipgermany-based ipsgermany-originatedgithubglobal activityglobal attackglobal distributionglobal ip distributionglobal ipsglobal originsglobal threatglobal threat activityglobal threat landscapegluttongopotgreat britaingreat britain-based ipgroupshackinghellpotheralding activityheralding attacksheralding attemptsheralding probesheralding protocol abusehigh abuse scorehigh activityhigh bdehigh bde scorehigh confidencehigh confidence detectionhigh confidence indicatorshigh confidence iocshigh confidence threathigh riskhigh risk indicatorshigh risk iphigh risk ipshigh risk isphigh risk ispshigh severityhigh suspicionhigh threat levelhigh threat potentialhigh threat scorehigh-risk countryhigh-risk isphigh_bdehigh_bde_scorehighbdehk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghostile activityhosting provider abusehttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/httpshttp/shttp_bruteforcehttp_scanhttpshttps scanninghurricane ushydraicelandicmpics securityics/scadaics/scada attackidentity & access exploitationimapin ip addressesin_ipinbound scaninbound trafficindiaindia based activityindia based attacksindia based threatsindia destinationindia ipindia ip addressindia ip addressesindia ipsindia originindia origin ipsindia originating activityindia originating ipindia originating ipsindia originating trafficindia threat actorsindia-based activityindia-based infrastructureindia-based ipindia-based ipsindia-originatedindian ip addressindian ip addressesindian ipsindicatorindicators of compromiseindonesiaindustrial control systemsindustrial iotinformation gatheringinfrastructure abuseinfrastructure acquisitionreconnaissanceinfrastructure providerinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access activityinitial access attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksinternal reconnaissanceinternal scaninternational activityinternational threat activityinternational threat actorsinternet facinginternet facing assetinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-wide scaninternet_scannersinternet_wide_scanintrusion detectioniocioc-ipiocsiocs detectediocs: 50 ipsiocs: ip addressiocs: ip addressesiocs: ipsiocs:ip addressiocs:ip addressesiot analyticsiot applicationsiot botnetiot device targetingiot exploit attemptsiot exploitationiot platformsiot securityiot targetediot/ics attackiot_attackip-addressesip-onlyipmi scanningipphoney activityipphoney honeypotipsipv4ipv4 addressesipv4 attacksipv4 port scanningipv4_addressipv4_scanningipv6iraqirelandispisraelitalyjamaicajapanjarmke ip addresseske_ipkenyakenya originkibanaknown bad actorsknown threat actorknown threat actorskoreakorea, republic ofkyrgyzstanlamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp_stack_attacklateral movementlateral movement attemptlateral movement attemptslateral movement potentiallcialebanonlinuxlinux malwarelinux serverslinux system targetinglinux systemslinux-server-attacklinux-server-attackslinux_server_attackslithuanialog4potloginlogin attacklogin attemptlogin attemptslogin brute forcelogin failurelogin failureslogin_attemptmailoney activitymailoney attackmailoney detectionmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious activity detectionmalicious communicationmalicious email detectionmalicious file transfermalicious file uploadsmalicious hostmalicious hostingmalicious hostsmalicious infrastructuremalicious ipmalicious ip activitymalicious ip addressesmalicious ip communicationmalicious ip detectedmalicious ip listmalicious ipsmalicious ipv4malicious ispmalicious ispsmalicious loginmalicious login attemptsmalicious network activitymalicious network communicationmalicious network trafficmalicious originmalicious payloadmalicious payload attemptsmalicious payload detectionmalicious powershell activitymalicious scanmalicious script executionmalicious sftp activitymalicious softwaremalicious ssh activitymalicious sslmalicious trafficmalicious-activitymalicious-login-attemptsmalicious-trafficmalicious_ipmaliciousactivitymalwaremalware activitymalware analysismalware attemptmalware behaviourmalware c2malware capturemalware communicationmalware deliverymalware delivery attemptmalware delivery attemptsmalware detectionmalware distributionmalware distribution attemptmalware distribution attemptsmalware downloadmalware download attemptsmalware hostingmalware hosting infrastructuremalware indicatorsmalware infectionmalware propagationmalware scanningmalware trafficmalware_activitymanualmass scanningmasscanmasscan activitymassive port scanmedpotmelbourne regionmexican ip addressmexican ip addressesmexican ipsmexicomexico based activitymexico based attacksmexico based threatsmexico ipmexico ip addressmexico ip addressesmexico ipsmexico originmexico originating activitymexico originating ipmexico originating ipsmexico threat actorsmexico-based activitymexico-based ipmexico-based ipsmexico-originatedmicrosoft technologiesmiraimirai botnetmisp threatmitre att&ckmobilemobile carriersmobile networksmobile securitymongoliamonthlymoroccomssqlmssql brute forcemulti-country activitymulti-country attackmulti-country originmulti-country originsmulti-national activitymulti-national ipsmulti-national source ipsmulti-national threatmulti-regionalmulti-regional targetingmulti-regional threatmulti-source attackmulti-vector attackmultiple attack vectorsmultiple countriesmultiple countries impactedmultiple countries originmultiple country ipsmultiple geographic locationsmultiple geographic originsmultiple geolocation originsmultiple geolocation sourcesmultiple ipsmultiple locationsmultiple origin countriesmultiple origin pointsmultiple originating countriesmultiple originsmultiple protocolsmultiple regionsmultiple_countriesmultiplecountriesmysql brute forcenation-state activitynepalnetherlandsnetherlands based activitynetherlands based ipnetherlands ipnetherlands ip activitynetherlands ip addressesnetherlands ipsnetherlands originnetherlands originating activitynetherlands originating ipnetherlands-based activitynetherlands-based ipnetherlands-based ipsnetworknetwork activitynetwork activity analysisnetwork activity monitoringnetwork analysisnetwork anomaliesnetwork anomalynetwork anomaly detectionnetwork attacksnetwork behaviornetwork behavior analysisnetwork behavior anomalynetwork communicationnetwork connectionnetwork connectionsnetwork device exploitationnetwork discoverynetwork enumerationnetwork exploitationnetwork infiltrationnetwork infrastructurenetwork intrusionnetwork intrusion activitynetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork mappingnetwork monitoring requirednetwork port scanningnetwork probenetwork probingnetwork protocolnetwork protocolsnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service scanningnetwork servicesnetwork threatnetwork trafficnetwork traffic analysisnetwork vulnerabilitiesnetwork-based attack attemptsnetwork-intrusionnetwork_activitynetwork_intrusionnetwork_reconnetwork_reconnaissancenetwork_scannetwork_scanningnetworkenumerationnew zealandnigerianjratnl ip addressesnl originnl origin ipsnl originating trafficnl_ipnmapnmap scan detectednorth americanorwaynull scanoceaniaopen port detectionopen port enumerationopen port identificationopen portsopen proxyopen threatoperating systemoperating system securityopportunistic attackeroriginating countries: usoriginating countryos credential dumpingos detectionotx pulseotx pulsenametioutbound trafficp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpanamaparaguaypassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpathperimeter securitypgp signphilippinesphishingphishing attackphishing trapphp exploitphp exploitation attemptsphp injection attemptsping of deathpinyinpla unitpolandport-scanport-scanningportscanpossible aptpossible apt activitypossible botnetpossible botnet activitypossible brute forcepossible c2possible c2 activitypossible compromisepossible coordinated attackpossible credential accesspossible credential reusepossible credential stuffingpossible data exfiltrationpossible ddos participationpossible exploit activitypossible exploit attemptpossible exploit attemptspossible exploitationpossible exploitation attemptspossible initial accesspossible intrusionpossible intrusion attemptspossible lateral movementpossible malwarepossible malware activitypossible malware communicationpossible malware distributionpossible malware downloadpossible malware hostingpossible malware infectionpossible malware probingpossible malware propagationpossible malware trafficpossible mirai variantpossible reconnaissancepossible reconnaissance activitypossible state-sponsored activitypossible state-sponsored actorpossible threat actorpossible vulnerability exploitationpossible vulnerability probingpossible vulnerability scanningpotential apt activitypotential attackpotential attack originpotential attack preparationpotential botnetpotential botnet activitypotential brute forcepotential c2potential c2 activitypotential compromisepotential coordinated attackpotential credential accesspotential data exfiltrationpotential exfiltrationpotential exploitpotential exploit activitypotential exploit targetingpotential exploitationpotential global targetingpotential initial accesspotential intrusionpotential intrusion attemptpotential lateral movementpotential malicious activitypotential malicious infrastructurepotential malwarepotential malware activitypotential malware beaconingpotential malware deploymentpotential malware distributionpotential malware downloadpotential malware hostingpotential malware infectionpotential malware sourcepotential network exploitationpotential network intrusionpotential network reconnaissancepotential ratpotential reconnaissancepotential reconnaissance activitypotential state-sponsored activitypotential state-sponsored actorpotential state-sponsored threatpotential threatpotential threat activitypotential threat actorpotential threat actorspotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpotential_intrusionpotential_threatpotentially maliciousprivilege escalationprobable scanprocess injectionprotocol abuseprotocol exploitationprotocol-abuseprotocol: tcpprotocol: udpprotocol: unknownproxyproxy accessproxy protocolpublic ip addresspublic-facing application attackpublicly accessible infrastructurepythonqatarransomwareransomware activityrcerdprdp abuserdp attacksrdp scanningrdp_scanreconnaissancereconnaissance activityreconnaissance activity detectedredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredis securityredishoneypot activityregional securityremote accessremote access activityremote access attemptsremote access toolingremote access trojanremote code executionremote file copyremote service exploitationremote service interactionremote servicesremote system discoveryremote_access_servicerepublic ofreputation analysisreputation-based blockingresearchedresource developmentresource hijackingromaniarpcrtbhrussiarussia iprussia originating activityrussian federationsansscams & fraudscanscannerscanner ipscannersscanning activityscanning and reconnaissancescanning toolscanning_activityscorescriptscripting attackssecurity eventsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserbiaserver exploitationserver securityserviceservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionseveresftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitation attemptsftp exploitation attemptssftp intrusion attemptsftp intrusion attemptssftp probingsftp protocolsftp scanningsftp-attackshell accessshell access attemptshellshocksingaporesipsip attackssip brute forcesip heraldingsip protocolsip scansip scanningsip vulnerability scansippsliver c2 frameworkslugsmart devicessmb abusesmb attackssmb brute forcesmb scanningsmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresnmpsocial engineeringsocradarsocradar honeypotsoftware exploitationsouth africasouth americasouth koreaspainspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh monitoringssh protocolssh-brute-forcessh_bruteforcessh_scansslssl certificatessl certificate analysisssl certificate anomaliesssl certificate enrichmentssl certificate validationssl certificate verificationssl enrichmentssl-enrichmentssl/tlsssl_analysisstate-sponsored activitystate-sponsored threatstealthstealth scansurface websuricata alertsuricata alertssuspected botnet activitysuspected compromisesuspected data exfiltrationsuspected intrusionsuspected intrusion attemptssuspected malicious activitysuspected malwaresuspected malware activitysuspected malware distributionsuspected reconnaissancesuspected_attackswedenswitzerland ip addressesswitzerland ipsswitzerland-based ipsynsyn scansyrian arab republicsystem discoverysystem disruptiont-pott1003t1005t1006t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1043t1046t1047t1048t1049t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059_command_and_scripting_interpretert1064t1065t1068t1069.001t1070t1071t1071 relatedt1071.001t1071.001_application_layer_protocol_web_protocolst1071.004t1071_application_layer_protocolt1074t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1078_valid_accountst1083t1086t1087t1087.001t1087.002t1088t1090t1090.003t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1190_exploit_public-facing_applicationt1195t1199t1202t1203t1204.002t1210t1486t1490t1496t1497t1497.001t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1535t1550t1550.002t1550.003t1552.001t1555t1555.003t1556t1557t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1568.002t1569t1570t1571t1572t1573t1573.001t1573.002t1583t1583.001t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1598taiwantaiwan origintannertanner activitytanner detected activitytanner eventstanner exploit kittanner honeypot activitytanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp scanningtcp/23tcp/3306telecom servicestelecommunicationtelecommunicationstelnettelnet attackstelnet attemptstelnet threattelnet-brute-forcetencenttencent hostingtencent iptencent ipstencent isptencent relatedtftp brute forcethreat activitythreat actorthreat actor activitythreat actor associationthreat actor attributionthreat actor infrastructurethreat actor regionthreat actorsthreat detectionthreat feedthreat hostingthreat hosting ispthreat intel feedthreat intelligencethreat intelligence feedthreat origin analysisthreat preventionthreat sourcethreat-intelthreat-intelligencethreat_actor_unknownthreat_intelligenceti advisorytimeouttlstokyotop10.txttopips.txttor nodetorontotpottpotcetraffic analysistraffic anomalytraffic monitoringtsocturkeytw ip addressestw_iptypeuaeuae originudp port scanudp scanukraineunattributed activityunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized-access-attemptunidentified threat actorunit coverunited arab emiratesunited kingdomunited statesunited states ipunited states ipsunited states of americaunited states originunited states-based activityunited states-based ipsunknown adversaryunknown threat actorunspecified c2 frameworksunusual network behaviorunusual traffic patternsusus abuseus based activityus based attacksus based ipus based threatsus destinationus ip activityus ip addressus ip addressesus noneus originus origin ipsus originating activityus originating ipus originating ipsus originating trafficus source ipus threat actorsus-based activityus-based infrastructureus-based ipus-based ipsus-originatedus_ipusa originusa originating trafficuzbekistanvalid accountsvaluevenezuela, bolivarian republic ofverified-benignversion detectionviet namvietnamvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvultrvultr infrastructure targetedvultr_platform_activityweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb attackweb attacksweb exploit attemptsweb exploitationweb exploitsweb login attemptweb protocolsweb scannerweb serverweb server attacksweb serversweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb_attackweb_serverwgetwinwindowswindows malwarewordpotwordpress attackwordpress targeted attacksxmasxmas scan
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
79
SIGNAL
Signal Score
79%
Confidence
39
Reports
First seenMay 30, 2024
Last seenJun 12, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
ProxyVPN
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.132.0/22, 147.185.136.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN
- references
- https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen today
Appeared in 39 threat reports