IOC Radar
IPMediumSignal 65/100

147.185.132.96

Location
United StatesUnited States
Santa Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
May 31, 2024
Last Seen
Jun 3, 2026
May 31
First Seen
741d ago
Jun 3
Last Seen
7d ago
34
Reports
source reports
65%
Confidence
medium
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

110 techniques

Network Information

CountryUSUnited States
RegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

34 reports65% confidence
34
Source reports
65%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive scanactive scanningadbhoney activityadbhoney attackadbhoney honeypotadministrative accessanomalous network connectionsapacheapache attackerapplication layer protocolaptasiaattackaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsbad reputationbad web botbanner grabbing attemptblacklist candidateblacklist ipblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec2c2 communicationc2 servercertchina mobilecisco attackcisco devicecisco device attackcisco device attackscisco device targetedcisco device targetingcisco exploitation attemptcisco exploitation attemptscitrix exploitation attemptcitrix securitycode executioncolumnscommand & controlcommand and controlcommand executioncommand injection attemptcommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostsconnect scanconpot activityconpot attackconpot honeypotconpot ics attacksconpot ics exploitationconpot ics/scada honeypotconpot interactioncontainer securitycowriecowrie activitycowrie attackcowrie capturecowrie honeypotcowrie interactioncowrie interactionscowrie sshcowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential brute-forcingcredential harvestingcredential stuffingcredentialaccesscurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase activitydatabase attackdatabase attacksdatabase exploitdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptsdatabase login attemptdatabase probingdatabase securitydcerpcddosddos attackddos attacksddos attemptddos probeddospotdecoy systemdefense evasiondenial of servicedenial-of-service attemptdevice managementdictionary attackdionaeadionaea activitydionaea attackdionaea capturedionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea signaturesdirectory traversal attemptdistributed attackdistributed attacksdnsdns attackdockerelasticpot activityelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailemailattackencryptionenterprise networkingenterprise securityenumerationenumeration activityeuropeexecutable fileexfiltrationexim exploit attemptexploitexploit attemptexploit attemptsexploit probingexploit scanexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexternal scanextortionfailed loginfailed login attemptsfattfatt signaturesfilefinfin scanfinlandfirewall evasionfranceftpftp attackftp brute forceftp brute-forcegalahgermanygluttongopothackinghellpotheralding activityheralding probeshk abusehandlerhoneynet connecthoneytrap activityhoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitation attemptshttp probehttp probinghttp request anomalieshttp scannerhttp scanninghttpshttps probehttps scanninghurricane usicmpics securityidentity & access exploitationimapimap brute forceinbound scanindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternal scaninternet of thingsintrusion detectioninvalid credentialsiociot botnetiot securityiot targetediot/ics attackipphoney activityipphoney honeypotkibanalamplamp attacklamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetinglamp vulnerability exploitationlateral movementlateral movement techniqueslog4potlogin attacklogin attemptlogin attemptslogin brute forcemailoney activitymailoney attackmailoney honeypotmailoney interactionsmaimon scanmalaysiamalicious activitymalicious email activitymalicious file transfermalicious ip detectedmalicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious scanmalicious softwaremalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware downloadmalware download attemptmalware propagationmalware scanningmanualmass scanning activitymasscanmasscan activitymedpotmirai botnetmssqlmultiple port scanmysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnmapnmap scan detectednorth americanull scanoceaniaopen port detectionopen port identificationoperating systemoperating system securityos detectionos fingerprintingp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapping of deathpolandpop3 brute forceportscanpossible botnet activitypossible malware distributionpossible malware propagationpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanningpotential compromisepotential exploit attemptspotential exploit targetingpotential intrusionpotential malicious activitypotential malwarepotential malware deploymentpotential malware distributionpotential reconnaissance activitypotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprocess injectionprotocol abuseprotocol exploitationproxyproxy accessproxy protocolransomwarercereconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypot activityremote accessremote access attemptsremote code executionremote serviceremote servicesresearchedresource developmentresource hijackingrtbhsansscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp intrusion attemptsftp probingsftp scanningshell accessshell access attemptshellshock attemptsip brute forcesip probingsip scanningsip vulnerability exploitationsippsmb brute forcesmb scanningsmtpsmtp attackersmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh monitoringstealthstealth scansurface websuricata alertsuricata alertssuspected malicious activitysynsyn scansystem disruptiont1003t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1036t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059.008t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1539t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1592t1593t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner exploit kittanner honeypot activitytanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp/23telecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized login attemptsunauthorized scanningunited kingdomunited statesunited states of americausus abuseus nonevalid accountsverified-benignvnc protocolvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application attacksweb application scanweb attackweb exploitweb exploitationweb login attemptweb scannerweb server exploitationweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficwgetwindow scanwordpotxmasxmas scan

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
34
Reports
First seenMay 31, 2024
Last seenJun 3, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
NetRange: 147.185.132.0 - 147.185.139.255 CIDR: 147.185.136.0/22, 147.185.132.0/22 NetName: PAN-22 NetHandle: NET-147-185-132-0-1 Parent: NET147 (NET-147-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2023-09-07 Updated: 2023-09-07 Ref: https://rdap.arin.net/registry/ip/147.185.132.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 7 days ago
Appeared in 34 threat reports