IPMediumSignal 72/100

`147.185.132.75`

Location

United States

Santa Clara, California

ASN

AS396982

Palo Alto Networks, Inc

First Seen

May 30, 2024

Last Seen

Jun 18, 2026

May 30

First Seen

753d ago

Jun 18

Last Seen

5d ago

Reports

source reports

72%

Confidence

medium

Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

72%

Signal Score

72 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

116 techniques

Network Information

Country

United States

RegionSanta Clara, California

ASNAS396982

OrganizationPalo Alto Networks, Inc

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

35 reports72% confidence

Source reports

72%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseaccount securityackack scanactionactive reconnaissanceactive scanactive scanningadb attacksadb scanningadbhoney activityadbhoney attackadbhoney detectionadbhoney exploitationadbhoney honeypotadbhoney interactionsadministrative accessapacheapache attackerapi servicesapplication layer protocolaptasiaattackattack vectorsattacker ipattacker-ipattacker_ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication brute forceauthentication-attemptsauthentication_bypassauthentication_failuresautomated attackautomated attacksautomated threatautomated threatsautomated-attackautomated_attackbad reputationbad web botblacklist candidateblacklist ipblacklisted ipblock listblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2 communicationc2 servercanadachina mobileciscocisco asa targetedcisco attackcisco devicecisco device attackcisco device targetingcisco exploitcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco ios attackscisco vulnerability scanningcisco_device_attackcitrix exploitation attemptcitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised host detectioncompromised hostscompromised system attemptcompromised systemsconfigconnectconnect scanconpotconpot activityconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactionconpot interactionscontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie datacowrie detectioncowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-guessingcredential-stuffingcredential_accesscredential_attackcredential_stuffingcssctacurlcyberattackdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attack attemptsdatabase attacksdatabase exploitationdatabase exploitation attemptsdatabase login attemptdatabase probingdatabase scandatabase securitydatabase servicesdatabase_serverdcerpcdcomdcom exploitationddosddos attackddos attacksddos attemptddos preparationddos probeddospotdecoy systemdefault credentialsdenial of servicedenial-of-servicedevice managementdictionary attackdictionary_attackdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot activityelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeu cyber policieseuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilitiesexploitation of vulnerabilityexploitation_attemptexploited hostexternal access attemptsexternal attackexternal ipexternal scanexternal scanningexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall detectionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scanfull connect scangalahgermanygithubgluttongopotgroupshackinghellpotheralding activityheralding attacksheralding probeshk abusehandlerhoneytrap activityhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp-attackshttp/shttpshttps scanninghydraicmpics securityics/scada attackics/scada attacksidentity & access exploitationids evasionimapimap attackimap brute forceinbound scanindicatorindicators of compromiseindustrial control systemsinfoinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial access preparationinitial_accessinjection activityinjection attacksinternal scaninternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-facing serviceinternet-wide scaninternet_scannersintrusion detectioniocioc.ipiocsiot attackiot botnetiot exploit attemptsiot securityiot targetediot/ics attackiot_attackipmi scanningipphoney activityipphoney honeypotipv4ipv4 indicatorsipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_addressit infrastructurejapankibanalamplamp attacklamp attackslamp exploitlamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp-attackslamp_stack_attacklateral movementlateral movement techniqueslcialinuxlinux malwarelinux serverslinux system targetinglinux systemslinux-server-attacklinux-server-attackslinux_server_attackslog4potloginlogin attacklogin attemptlogin attemptslogin failurelondonmail protocol abusemailoney activitymailoney attackmailoney detectionmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious attachmentmalicious emailmalicious email activitymalicious file transfermalicious ipmalicious ip activitymalicious ip listmalicious ipsmalicious network activitymalicious payloadmalicious payload attemptsmalicious payload detectionmalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware deploymentmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptsmalware propagationmalware scanningmalware_activitymanualmasscanmedpotmicrosoft technologiesmiraimirai botnetmobile threatmssqlmultiple port scanmysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_probingnetwork_reconnaissancenetwork_scannetwork_service_exploitationnetworkscanningnmapnmap scannorth americanull port scannull scanoceaniaopen port detectionopen proxyoperating systemoperating system securityos detectionos fingerprintingosint enrichmentp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignparispassword attackpassword attackspassword crackingpassword sprayingpassword-guessingpassword_attackpassword_guessingperimeter securitypgp signphishingphishing attackphishing trapphp injection attemptspingping of deathpolandport-scanningportscanpossible botnet activitypossible credential compromisepossible credential reusepossible credential stuffingpossible exploit attemptpossible exploit attemptspossible malware activitypossible malware distributionpossible malware propagationpossible mirai variantpossible reconnaissance activitypotential botnetpotential botnet activitypotential exploit activitypotential exploit attemptspotential intrusionpotential intrusion attemptpotential lateral movementpotential malware deliverypotential malware deploymentpotential malware distributionpotential malware infectionpotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential_compromiseprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpublicly accessible infrastructurepythonransomwarercerdp attacksrdp scanningreconnaissancereconnaissance activityredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityregional securityremote accessremote access attemptsremote code executionremote loginremote service exploitationremote servicesremote_accessremote_access_serviceresearchedresource hijackingrpcsansscams & fraudscanscannerscanner ipscannersscanning activityscriptscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attacksentrypeer targetingserverserver exploitationserver securityservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionservice_enumerationsftpsftp abusesftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitation attemptsftp probingsftp scanningsftp-attacksftp-brute-forcesftp-bruteforceshell accessshell access attemptsipsip attackssip brute forcesip probingsip scansip scanningsip vulnerability scansip-attackssippslugsmb scanningsmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradar honeypotsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh-brute-forcessh-bruteforcestealthstealth scansurface websuricata alertsuricata alertssynsyn port scansyn scansystem discoverysystem disruptiont-pott1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1033t1040t1041t1046t1047t1053t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1070.004t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1087.001t1087.002t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1199t1203t1204t1204.002t1205t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1550t1550.002t1550.003t1552.001t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1573.001t1583t1584t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.004t1590.006t1591t1592t1592.002t1593t1595t1595.001t1595.002t1595.003ta0043 - reconnaissancetannertanner activitytanner attacktanner detectiontanner eventstanner exploit kittanner honeypot activitytanner incidenttanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp/5900tcp/iptelecommunicationstelnettelnet attackstelnet attemptstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligencetimeouttokyotor nodetorontotpottpotcettpsudpudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized network activityunauthorized probingunauthorized-access-attemptunidentified threat actorunited kingdomunited statesunited states of americaunknown threat actorunsolicited emailusus abuseus ip addressus nonevalid accountsverified-benignvnc protocolvoipvoip attackvoip servicevoip systemsvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr-platformvultr_platform_activityweak credentialswebweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb scannerweb server exploitationweb serversweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-application-attacksweb_attackweb_serverwgetwindows malwarewindows system targetingwordpotwordpress scanningwordpress-exploitation-attemptsxmasxmas port scanxmas scan

Activity Timeline

1 total obs

Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

72%

Confidence

Reports

First seenMay 30, 2024

Last seenJun 18, 2026

GeolocationUS

CountryUnited States

LocationSanta Clara, California

ASNAS396982

OrgPalo Alto Networks, Inc

Coords37.7510, -97.8220

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected performing web attacks against Cloudflare honeypot edge
raw: NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.132.0/22, 147.185.136.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt

`147.185.132.75`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey