IPMediumSignal 62/100
147.185.132.93
Location
United StatesSanta Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
May 31, 2024
Last Seen
Jun 18, 2026
Found in 36 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
36 reports62% confidence
36
Source reports
62%
Confidence score
Category tags
50 ip addresses50+ distinct ips50_ioc50_iocsabnormal behaviorabuseabused ssl certificateabuseipdbaccessaccess attemptaccess attemptsaccess controlaccount brute forceaccount compromiseaccount discoveryaccount profilingaccount securityaccount takeoverackack scanactive reconnaissanceactive scanactive scanningactor listadbadb scanadb scanningadbhoney activityadbhoney honeypotadminadministrative accessadversary-in-the-middleafricaagentaggressive scanningalertalibabaalibaba cloudalibaba cloud abusealibaba cloud activityalibaba cloud hostingalibaba cloud ipalibaba cloud ipsalibaba cloud relatedalibaba ipalibaba ipsalibaba ispalibaba network activityalibaba relatedamerican express companyanomalous activityanomalous behavioranomalous ip activityanomalous network activityanomalous network connectionsanomaly detectionapacheapache attackerapiapi servicesapplication layer protocolapplication scanningapplication_layer_protocolaptapt activityapt candidatesapt groupsapt indicatorsapt possibleapt suspectedapt targetargentinaasiaattackattack campaignattack detectionattack originattack sourceattack vector: unknownattack vectorsattacker infrastructureattacker ipattacker ipsattacker-ipaustraliaaustriaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauto blockedauto blocked ipauto blocked ipsauto-blockedauto-blocked ipauto-blocked ipsauto-generatedautomated activityautomated analysisautomated attackautomated attacksautomated blockingautomated mitigationautomated scanautomated scanningautomated threatautomated threat responseautomated-attackaverage bde 80avg bde 80azerbaijanbad bdebad ip addressesbad reputationbad web botbangladeshbanner grabbing attemptbde 80bde 80+bde high scorebde scorebde score 80bde score 80+bde score analysisbde score highbde score thresholdbde score: 80bde score: highbde score:80bde scoringbde: highbde:80bde_80bde_score_80be ip addressesbe-based activitybeaconing activitybehavioral anomalybehavioral detectionbehavioral detection energybelgiumbelgium originblacklist candidateblacklisted ipsblock listblock.txtblockedblocked ipblocked ip addressesblog spambolivarian republic ofbotnetbotnet activitybotnet-activitybr ip addressesbr-based activitybr_ipbrazilbrazil based ipbrazil ipbrazil ip addressbrazil ipsbrazil originbrazil threat actorsbrazil-based activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force detectionbrute force potentialbrute-forcebrute-force attackbrute_forcebrute_force_attackbulgariac2c2 activityc2 activity detectedc2 beaconingc2 channelc2 communicationc2 communication attemptc2 frameworkc2 infrastructurec2 serverca ip addressesca-based activityca_ipcambodiacanadacanada origincertch ipch ip addressesch originch-based activitych_ipchilechinachina aptchina based activitychina based attackschina based ipchina based threatschina hosting serviceschina infrastructurechina ip addresschina ip addresseschina ipschina ispchina mobilechina originchina origin ipchina origin ipschina originating activitychina originating ipchina originating ipschina originating trafficchina threat actorchina threat actorschina unicomchina-based activitychina-based attackschina-based ipchina-based ipschina-based threat actorchina-based threat actorschina-based threatschina-linked activitychina-originatedchina-originated activitychina-originating ipschina_originating_ipchinese ip addresschinese ipscins activeciscocisco asacisco asa targetingcisco attackcisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescitrix attack attemptcitrix securityclient-side exploitationcloud abusecloud infrastructurecloud infrastructure attackcloud infrastructure threatscloud provider abusecloud servicescloud-infrastructurecn ipcn ip addressescn ipscn origincn-based activitycn_ipcnccode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommand_and_controlcommentcommon vulnerabilitiescommunication protocolcommunication securitycommunication technologiescompany limitedcompromise assessmentcompromise assessment neededcompromise attemptcompromise indicatorscompromised credentialscompromised hostcompromised host communicationcompromised host detectioncompromised host indicatorscompromised hostscompromised infrastructurecompromised ipcompromised ip addressescompromised systemcompromised system attemptcompromised systemscompromised_infrastructureconnectconnect scanconnection attemptsconnection proxy usageconpotconpot activityconpot attacksconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot ics exploitationconpot interactioncontent deliverycoordinated attack campaigncosta ricacovert channelcowriecowrie activitycowrie attackcowrie attackscowrie datacowrie honeypotcowrie interactioncowrie interactionscowrie login attemptscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute-forcingcredential dumpingcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscross-border activityctacvecyber threatcyber threat actorcyber threat intelligencecyberattackdaily_sourcesdata breach attemptdata collectiondata encodingdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata exfiltration potentialdata harvestingdata obfuscationdata sourcedata stagingdata store exposuredata theftdata transferdatabase activitydatabase attackdatabase attacksdatabase brute forcedatabase enumerationdatabase exploitationdatabase exploitation attemptsdatabase probingdatabase scandatabase securitydatabase targeteddatabase-serverdcom exploitationddosddos activityddos attackddos attacksddos attemptddos potentialddos preparationddos preventionddos probede ipde ip addressesde-based activityde_ipdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea exploitsdionaea honeypotdionaea interactionsdionaea malwaredionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdionaea signaturesdirectory traversal attemptdistributed activitydistributed attackdistributed attack origindistributed attacksdnsdns attackdominican republicdosdshield blockdugganusa threat inteldugganusa threat intelligenceelasticpot activityelasticpot attackselasticpot dataelasticpot honeypotelasticsearch monitoringemailemerging threatemerging threatsencryptionenterprise networkingenterprise securityenumerationet dropeu cyber policieseuropeeurope/asiaeuropean countrieseuropean ipeuropean ip addresseuropean ip addresseseuropean ipseuropean nationseuropean origineuropean originating ipsevasion tacticsevasive techniquesexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kitexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploit vulnerabilityexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexport-to-otxexternal access attemptsexternal attackexternal communicationexternal network scanexternal remote servicesexternal scanexternal threatexternal threat actorexternal threat actorsexternal-threatexternal_threatfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall detectionfirewall evasionfrancefraud voipftpftp activityftp attackftp attacksftp brute forceftp brute-forceftp protocolftp scanningftp_brute_forceftp_bruteforceftp_scangeneric intrusiongeo-distributedgeo-distributed activitygeo-distributed attackgeo-distributed attacksgeo-diversegeo-diverse attackgeo-diverse ipsgeo-located ip addressesgeo-located threatgeo-locationgeographic anomalygeographic distributiongeographic diversitygeographic locationgeographic origingeographic sourcegeographic source analysisgeographic source investigationgeographic source: degeographic source: usgeographic spreadgeographic targetinggeographic threat sourcegeographical distributiongeographical source: chinageographical source: indiageographical source: usgeographical spreadgeographically distributedgeographically distributed activitygeographically diversegeographically diverse attackgeographically diverse attacksgeographically diverse ipsgeographically diverse originsgeographically diverse threatgeographically diverse threatsgeoipgeolocated attacksgeolocated threatsgermanygermany-based activitygermany-based ipgermany-based trafficgermany-originatedgithubglobal activityglobal attackglobal distributionglobal ip distributionglobal ipsglobal originsglobal threatglobal threat activityglobal threat actorsglobal threat landscapegroupshackingheralding activityheralding attacksheralding probesheralding protocol abusehigh abuse scorehigh activityhigh bdehigh bde scorehigh confidencehigh confidence detectionhigh confidence indicatorshigh confidence iocshigh confidence threathigh riskhigh risk indicatorshigh risk iphigh risk ipshigh risk isphigh risk scorehigh severityhigh suspicionhigh threat levelhigh threat potentialhigh threat scorehigh-risk countryhigh-risk isphigh_bdehigh_bde_scorehighbdehk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghostile activityhosting provider abusehttp attackhttp brute forcehttp exploitationhttp probehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttp_bruteforcehttp_scanhttpshttps probehttps scanninghuaweihunterhurricane usicelandicmpics securityics/scada attackidentity & access exploitationimagesimapimap attackimap brute forcein ip addressesin targetin-based activityin_ipinbound scanindiaindia based activityindia based attacksindia based ipindia based threatsindia destinationindia ipindia ip addressindia ip addressesindia ipsindia originindia origin ipsindia originating activityindia originating ipindia originating ipsindia originating trafficindia threat actorsindia-based activityindia-based infrastructureindia-based ipindia-based ipsindia-based trafficindia-originatedindian ip addressindian ip addressesindian ipsindicatorindicators of compromiseindonesiaindustrial control systemsinformation gatheringinformation technologyinfrastructure abuseinfrastructure acquisitionreconnaissanceinfrastructure providerinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial access attemptinitial access attemptsinitial access vectorinitial_accessinitial_access_attemptinjection activityinjection attacksinternal reconnaissanceinternational activityinternational threat activityinternational threat actorsinternet facinginternet facing systemsinternet of thingsinternet-facinginternet-facing serviceinternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion detectioniocioc-ipiocsiocs detectediocs: 50 ipsiocs: ip addressiocs: ip addressesiocs: ipsiocs:ip addressiocs:ip addressesiosiot attackiot botnetiot device targetingiot securityiot targetediot/ics attackip-address-iocip-addressesip-onlyipmi scanipmi scanningipphoney activityipphoney honeypotipsipv4ipv4 addressesipv4 attacksipv4 indicatorsipv4 scanningipv4 threatsipv4-addressesipv4-iocipv4_scanningipv6iraqirelandispisraelitalyjamaicajapanjarmke ip addresseske-based activityke_ipkenyakenya originknown bad actorsknown bad ispknown bad ispsknown threat actorknown threat actorskoreakorea, republic ofkyrgyzstanlamplamp attacklamp attack attemptlamp attackslamp exploit attemptlamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlateral movementlateral movement attemptlateral movement attemptslateral movement concernslateral movement potentiallateral movement techniqueslcialebanonlinux serverslinux system targetinglinux systemslinux-systemlinux_server_attackslisted sourcelithuanialog analysisloginlogin attacklogin attemptlogin attemptslogin failurelondonmailoney activitymailoney attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalaysiamalicious activitymalicious activity detectedmalicious activity detectionmalicious code detectionmalicious communicationmalicious emailmalicious file transfermalicious hostingmalicious hostsmalicious infrastructuremalicious ipmalicious ip activitymalicious ip addressesmalicious ip detectedmalicious ipsmalicious ispmalicious ispsmalicious login attemptsmalicious networkmalicious network activitymalicious network communicationmalicious network scanningmalicious network trafficmalicious originmalicious payloadmalicious payload attemptmalicious payload attemptsmalicious payload detectionmalicious powershell activitymalicious scanmalicious sftp activitymalicious softwaremalicious sourcemalicious ssh activitymalicious sslmalicious trafficmalicious-trafficmalicious_activitymalicious_ipmaliciousactivitymalwaremalware activitymalware analysismalware attemptmalware behaviourmalware c2malware capturemalware communicationmalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware distribution attemptsmalware downloadmalware hostingmalware hosting infrastructuremalware indicatorsmalware infectionmalware landingmalware payloadmalware propagationmalware scanningmalware trafficmalware_activitymalwarehostingmanualmass port scanningmass scanningmass scanning activitymasscanmasscan activitymexican ip addressmexican ip addressesmexican ipsmexicomexico based activitymexico based attacksmexico based ipmexico based threatsmexico ipmexico ip addressmexico ip addressesmexico ipsmexico originmexico originating activitymexico originating ipmexico originating ipsmexico threat actorsmexico-based activitymexico-based ipmexico-based ipsmexico-based trafficmexico-originatedmicrosoft technologiesmiraimirai botnetmispmisp threatmitre att&ckmobile carriersmobile networksmobile threatmongoliamoroccomssqlmssql brute forcemulti-country activitymulti-country attackmulti-country originmulti-country originsmulti-national activitymulti-national ipsmulti-national source ipsmulti-national threatmulti-regionalmulti-regional targetingmulti-regional threatmulti-source attackmulti-vector attackmultiple attack vectorsmultiple countriesmultiple countries impactedmultiple countries originmultiple country ipsmultiple geographic locationsmultiple geographic originsmultiple geolocationmultiple geolocation originsmultiple geolocation sourcesmultiple ipsmultiple locationsmultiple origin countriesmultiple origin pointsmultiple originating countriesmultiple originsmultiple protocolsmultiple regionsmultiple_countriesmultiplecountriesmx-based activitymysql brute forcenation-state activitynepalnetherlandsnetherlands ipnetherlands ip addressesnetherlands ipsnetherlands originnetherlands originating ipnetherlands-based activitynetherlands-based ipnetworknetwork activitynetwork activity analysisnetwork activity monitoringnetwork analysisnetwork anomaliesnetwork anomalynetwork anomaly detectionnetwork attacksnetwork behaviornetwork behavior analysisnetwork behavior anomalynetwork communicationnetwork connectionnetwork device attacksnetwork discoverynetwork enumerationnetwork exploitationnetwork infiltrationnetwork infrastructurenetwork intrusionnetwork intrusion activitynetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork mappingnetwork monitoringnetwork monitoring requirednetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service discoverynetwork service scanningnetwork servicesnetwork sniffingnetwork threatnetwork trafficnetwork traffic analysisnetwork vulnerabilitiesnetwork-based attack attemptsnetwork-devicenetwork-discoverynetwork-intrusionnetwork-reconnaissancenetwork_enumerationnetwork_intrusionnetwork_reconnetwork_reconnaissancenetwork_scannetwork_scanningnetworkenumerationnetworkscanningnew zealandnigerianjratnl ip addressesnl originnl origin ipsnl originating trafficnl-based activitynl_ipnmapnmap scan detectednorth americanorwaynull port scannull scanoceaniaopen port detectionopen portsopen proxyopen threatopen threat exchangeopen_port_discoveryoperating systemoperating system securityopportunistic attackeroriginating countries: usoriginating countryos credential dumpingos fingerprintingotxotx pulseotx pulsenametioutbound trafficp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpanamaparaguaypassword attackpassword attackspassword crackingperimeter securitypgp signphilippinesphishingphishing attackphishing trapphp exploitpingping of deathpinyinpla unitpngpolandpoor reputationpop3 attackpop3 brute forceportport-scanport-scanningportscanpossible aptpossible apt activitypossible botnetpossible botnet activitypossible brute forcepossible c2possible c2 activitypossible c2 communicationpossible compromisepossible coordinated attackpossible credential accesspossible credential reusepossible data exfiltrationpossible ddos participationpossible exploit activitypossible exploit attemptspossible exploitationpossible exploitation attemptspossible initial accesspossible intrusionpossible intrusion attemptspossible lateral movementpossible malicious activitypossible malwarepossible malware activitypossible malware communicationpossible malware distributionpossible malware downloadpossible malware infectionpossible malware propagationpossible mirai variantpossible phishingpossible reconnaissancepossible scanning activitypossible state-sponsored activitypossible state-sponsored actorpossible threat actorpossible vulnerability exploitationpossible vulnerability probingpotential aptpotential apt activitypotential attackpotential attack originpotential attack preparationpotential botnetpotential botnet activitypotential brute forcepotential c2potential c2 activitypotential c2 communicationpotential compromisepotential coordinated activitypotential coordinated attackpotential credential accesspotential data exfiltrationpotential executionpotential exfiltrationpotential exploitpotential exploit attemptspotential exploit targetingpotential exploitationpotential global targetingpotential initial accesspotential intrusionpotential intrusion attemptpotential lateral movementpotential malicious activitypotential malicious infrastructurepotential malwarepotential malware activitypotential malware beaconingpotential malware deliverypotential malware deploymentpotential malware distributionpotential malware downloadpotential malware hostingpotential malware infectionpotential malware sourcepotential network intrusionpotential network reconnaissancepotential ratpotential reconnaissancepotential reconnaissance activitypotential state-sponsored activitypotential state-sponsored actorpotential state-sponsored threatpotential threatpotential threat activitypotential threat actorpotential threat actorspotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential_intrusionpotential_threatprivilege escalationprobable scanprocess injectionprotoprotocol exploitationprotocol: tcpprotocol: udpprotocol: unknownprotocol_enumerationproxypublic-facing application attackpythonqatarransomwarerdprdp abuserdp attacksrdp protocolrdp scanningrdp_scanreconnaissancereconnaissance activityreconnaissance activity detectedreconnaissance indicationsredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypotredishoneypot activityregional securityremote accessremote access activityremote access attackremote access attacksremote access attemptremote access attemptsremote access toolingremote access trojanremote code executionremote file copyremote loginremote serviceremote service exploitationremote service interactionremote servicesremote system discoveryremote_accessrepublic ofreputation analysisreputation-based blockingresearchedresource hijackingromaniarpcrtbhrussiarussia iprussia originating activityrussian federationsansscada/icsscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscanning and reconnaissancescanning toolscanning_activityscriptscripting attacksscriptssecurity eventsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserbiaserver exploitationserver securityservice detectionservice discoveryservice enumerationservice exploitation attemptsservice scanservice scanningservice version detectionservice_enumerationsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp credential attacksftp exploitation attemptsftp exploitation attemptssftp intrusion attemptsftp intrusion attemptssftp scanningsingaporesipsip attackssip brute forcesip probingsip scansip scanningsip vulnerability scansip_attacksliver c2 frameworkslugsmb abusesmb brute forcesmb exploitationsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsocradar honeypotsoftware exploitationsouth africasouth americasouth koreaspainspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh protocolssh_brute_forcessh_bruteforcessh_scansslssl certificatessl certificate analysisssl certificate anomaliesssl certificate enrichmentssl certificate validationssl certificate verificationssl enrichmentssl-enrichmentssl/tlsssl_analysisstate-sponsored threatstealthstealth scanstealth scan techniquessurface websuricata alertsuricata alertssuspected backdoorsuspected botnetsuspected botnet activitysuspected compromisesuspected data exfiltrationsuspected intrusionsuspected intrusion attemptssuspected malwaresuspected malware activitysuspected malware distributionsuspected reconnaissancesuspected_attackswedensweep scanswitzerland ip addressesswitzerland ipsswitzerland-based ipsynsyn port scansyn scansyrian arab republicsystem discoveryt-pott1003t1003.001t1005t1006t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1043t1046t1047t1048t1049t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059_command_and_scripting_interpretert1060t1065t1068t1069.001t1070t1071t1071 relatedt1071.001t1071.001_application_layer_protocol_web_protocolst1071.004t1071_application_layer_protocolt1074t1075t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1078_valid_accountst1083t1086t1087t1087.001t1087.002t1087.003t1088t1090t1090.003t1095t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1190_exploit_public-facing_applicationt1195t1199t1203t1204t1204.002t1210t1213t1219t1486t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1535t1539t1550t1550.003t1555t1555.003t1556t1557t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1567t1568t1568.002t1569t1570t1571t1572t1573t1573.001t1573.002t1583t1583.001t1584t1587.001t1588t1588.002t1588.004t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003t1598taiwantaiwan origintannertanner activitytanner eventstanner exploit kittanner exploitationtanner exploitstanner honeypot activitytanner interactionstanner web attacktargeted scantargeting databasetcptcp protocoltcp scantcp/23tcp_scantelecom servicestelecommunicationtelecommunicationstelnet attackstelnet scanningtelnet threattencenttencent iptencent ipstencent isptencent network activitytencent relatedthreatthreat activitythreat actorthreat actor activitythreat actor associationthreat actor attributionthreat actor regionthreat detectionthreat hostingthreat hosting ispthreat infrastructurethreat intel feedthreat intelligencethreat intelligence feedthreat origin analysisthreat preventionthreat sourcethreat-intelthreat-intelligencethreat_actor_unknownthreat_intelligenceti advisorytimeouttlstokyotop10.txttopips.txttor nodetorontotpottpotcetraffic analysistraffic anomalytraffic anomaly detectiontraffic monitoringtsocturkeytw ip addressestw-based activitytw_ipudp port scanudp scanudp_scanukraineunattributed threat actorunauthorised access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized network accessunauthorized network activityunauthorized scanningunidentified threat actorunit coverunited arab emiratesunited kingdomunited statesunited states ipunited states ipsunited states of americaunited states originunited states-based activityunknown adversaryunknown threat actorunsecured protocolunspecified c2 frameworkunspecified c2 frameworksunusual network activityunusual network behaviorunusual traffic patternsuploadusus based activityus based attacksus based ipus based threatsus destinationus ip addressus ip addressesus noneus originus origin ipus origin ipsus originating activityus originating ipus originating ipsus originating trafficus targetus threat actorsus-based activityus-based infrastructureus-based ipus-based ipsus-based trafficus-originatedus_ipusa originating trafficuser enumerationuzbekistanvalid accountsvalidatorvenezuela, bolivarian republic ofverified-benignviet namvietnamvnc protocolvoipvoip attackvpnvulnerability scanvultrvultr cloud infrastructurevultr-platformvultr_platform_activityweak credentialsweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb applicationsweb attackweb attacksweb brute forceweb developmentweb exploitationweb exploitsweb hostingweb infrastructureweb protocolsweb scannerweb server targetedweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-serverweb_attackwells fargo bankwinwindow scanwindowswindows system targetingwordpress attackxmasxmas port scanxmas scan
Activity Timeline
Jun 18Jun 18
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
36
Reports
First seenMay 31, 2024
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
- raw
- NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.136.0/22, 147.185.132.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN
- references
- https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 3 days ago
Appeared in 36 threat reports