IPMediumSignal 64/100

`147.185.132.67`

Location

United States

Santa Clara, California

ASN

AS396982

Palo Alto Networks, Inc

First Seen

May 30, 2024

Last Seen

Jun 19, 2026

May 30

First Seen

753d ago

Jun 19

Last Seen

4d ago

Reports

source reports

64%

Confidence

medium

Found in 37 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

64%

Signal Score

64 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

110 techniques

Network Information

Country

United States

RegionSanta Clara, California

ASNAS396982

OrganizationPalo Alto Networks, Inc

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

37 reports64% confidence

Source reports

64%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseaccount securityackack scanactionactive reconnaissanceactive scanactive scanningadbadb attacksadb scanningadbhoney activityadbhoney attackadbhoney attacksadbhoney honeypotadminadministrative accessanomalous network connectionsapacheapache attackerapplication layer protocolaptasaasiaattackattack sourceattack vectorsattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication attemptsauthentication brute forceauthentication failureauthentication_bypassautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botblacklist ipblacklisted ip addressblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 communicationc2 servercanadacertchina mobilecisco asacisco asa attackcisco asa targetedcisco attackcisco devicecisco device attackcisco device scanningcisco device targetedcisco device targetingcisco devices targetingcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescloud-infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host indicatorscompromised hostscompromised systemcompromised system attemptcompromised systemsconfigconfig manipulationconnectconnect scanconpotconpot activityconpot attackconpot attacksconpot exploitation attemptconpot honeypotconpot ics attackconpot ics attackscowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie honeypotcowrie honeypot detectioncowrie interactionscowrie login attemptscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential compromisecredential guessingcredential harvestingcredential stuffingcredential-harvestingcredential-stuffingcredential_accesscron injectioncsscvecyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attack attemptsdatabase attacksdatabase brute forcedatabase exploitation attemptsdatabase intrusion attemptdatabase probingdatabase securitydcom exploitationddosddos attackddos attack indicatorsddos attacksddos attemptddos probedecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean environmentdionaeadionaea activitydionaea attackdionaea attack signaturesdionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware sampledionaea malware samplesdionaea payloadsdionaea signaturesdistributed attacksdnsdns attackdropperdynamic ipelasticpot activityelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenv-huntingeuropeexecutable fileexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexternal access attemptsexternal attackexternal scanexternal threatexternal-threatexternal_threatfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall probingfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scanftp_scangermanygithubgroupshackingheralding activityheralding attacksheralding attemptsheralding protocol activityheralding scanhk abusehandlerhoneytrap activityhoneytrap attackhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttp_scanhttpshttps probehttps scanninghurricane usicmpicmp scanics securityics/scada attackics/scada attacksidentity & access exploitationimapimap attackimap brute forceinbound scanindicatorindicators of compromiseindustrial control systemsinfoinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access activityinitial access preparationinitial access vectorinitial_accessinjection activityinjection attacksinternal scaninternet facinginternet facing assetinternet facing assetsinternet facing systemsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-scanninginternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion detectioniociocsiot attackiot attacksiot botnetiot device targetingiot securityiot targetediot/ics attackipmi scanningipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressesipv4 attacksipv4 indicatorsipv4 scanningipv4 threatsipv4-addressesipv4-scanningipv4_addressipv4_scanningit infrastructurejapankill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp attacklamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetedlamp server targetinglamp stack attacklamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability scanlateral movementlateral movement techniqueslcialinuxlinux malwarelinux serverslinux systemslinux-server-attacklinux_server_attacksloginlogin attacklogin attemptlogin failurelogin_attemptlow-riskmail protocol abusemailoney activitymailoney attackmailoney email spoofingmailoney eventsmailoney honeypotmailoney indicatorsmailoney interactionsmailoney relatedmalaysiamalicious activitymalicious activity detectedmalicious attachmentmalicious code detectionmalicious communication blockingmalicious emailmalicious email activitymalicious email detectionmalicious file transfermalicious file uploadsmalicious ipmalicious ip activitymalicious ip addressesmalicious ipsmalicious login attemptsmalicious network activitymalicious payload attemptmalicious payload detectionmalicious scanmalicious softwaremalicious trafficmalicious-login-attemptsmalicious_activitymalicious_trafficmalwaremalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware download attemptmalware download attemptsmalware landingmalware propagationmalware scanningmalware-delivery-attemptmalware_activitymanualmass scanningmass-scanningmasscanmelbourne regionmicrosoft technologiesmiraimirai botnetmobilemobile securitymodule loadingmonthlymssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-reconnaissancenetwork_activitynetwork_intrusionnetwork_reconnaissancenetwork_service_exploitationnetwork_traffic_analysisnginxnmapnorth americanull port scannull scanobjectoceaniaopen port detectionopen portsopen proxyopen_port_discoveryopencanaryoperating systemoperating system securityos detectionosintosint enrichmentp0fp0f network fingerprintingp0f os fingerprintingp0f signaturespaloaltonetwors_com-benignparispassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpgp signphishingphishing attackphishing trapphp exploitphp injection attemptspingping of deathpolandpop3 attackpop3 brute forceport-scanningportscanpossible botnet activitypossible credential stuffingpossible exploit attemptpossible malicious activitypossible malware distributionpossible malware dropperpossible malware probingpossible malware propagationpossible mirai variantpossible reconnaissancepossible vulnerability exploitationpotential attack vectorpotential botnet activitypotential credential compromisepotential exploitpotential exploit activitypotential exploit attemptspotential intrusionpotential intrusion attemptpotential lateral movementpotential malwarepotential malware deliverypotential malware deploymentpotential malware distributionpotential malware uploadpotential reconnaissance activitypotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpre-attackprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolpublicly accessible infrastructurepythonransomwareransomware activityraspberry-pircerdprdp attacksrdp scanningrdp_scanreconnaissancereconnaissance activityredisredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredis honeypot attackredishoneypotredishoneypot activityremote accessremote access attackremote access attemptremote access attemptsremote service exploitationremote servicesremote_accessresearchedresource hijackingrpcsansscams & fraudscanscannerscanner ipsscannersscanning activityscriptscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer attacksentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserverserver exploitationservice discoveryservice enumerationservice exploitationservice probingservice scanservice scanningservice_enumerationsftpsftp abusesftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitation attemptsftp intrusion attemptssftp probingsftp scanningsftp-attackshellsipsip attackssip brute forcesip enumerationsip probingsip scansip scanningslaveofslugsmb brute forcesmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsocradar honeypotsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh key injectionssh monitoringssh scanssh-brute-forcessh_scanstealthstealth scanstealth scan techniquessurface websuricata alertsuricata alertssynsyn port scansyn scansystem accesssystem discoveryt-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.004t1021.006t1027t1029t1040t1041t1046t1047t1048t1053t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1136.001t1187t1189t1190t1195t1199t1202t1203t1204t1204.002t1210t1486t1490t1496t1497.001t1499.001t1499.002t1499.003t1505.002t1505.004t1539t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1574.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.002t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner attack patternstanner attackstanner eventstanner exploit kittanner exploitationtanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp/3306tcp/5900tcp/iptcp_scantelecommunicationstelnettelnet attackstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_actor_unknowntimeouttokyotop10.txttopips.txttor nodetorontotpottpotceudp port scanudp scanudp_scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunauthorized probingunauthorized scanningunauthorized-access-attemptunited kingdomunited statesunited states of americaunknown threat actorusus ip addressus noneverified-benignvnc protocolvoipvoip attackvulnerabilityvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructure targetedwebweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb attackweb attacksweb exploitweb exploitationweb exploitsweb scannerweb shellweb shell attemptweb shell detectionweb shell uploadsweb spamweb trafficweb-application-attackweb_attackwinwindowswindows malwarewordpress attackwordpress scanningwordpress targeted attacksxmasxmas port scanxmas scan

Activity Timeline

1 total obs

Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

64%

Confidence

Reports

First seenMay 30, 2024

Last seenJun 19, 2026

GeolocationUS

CountryUnited States

LocationSanta Clara, California

ASNAS396982

OrgPalo Alto Networks, Inc

Coords37.3833, -121.9830

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw: NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.132.0/22, 147.185.136.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

`147.185.132.67`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey