IOC Radar
IPMediumSignal 70/100

185.223.152.42

Location
United StatesUnited States
Los Angeles, CA
ASN
AS396356
IPXO
First Seen
Apr 30, 2024
Last Seen
May 28, 2026
Apr 30
First Seen
775d ago
May 28
Last Seen
17d ago
22
Reports
source reports
70%
Confidence
medium
Found in 22 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

39 techniques

Network Information

CountryUSUnited States
RegionLos Angeles, CA
ASNAS396356
OrganizationIPXO

IP Category

Proxy
Proxy server

Feed Intelligence Summary

22 reports70% confidence
22
Source reports
70%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapacheapache attackeraptattackbad reputationbad web botblocklist_allblog spambotnet activitybrute forcebrute force attackbrute force attacksbrute-forcec2 communicationciscocisco devicecommand & controlcompromised hostscowriecowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposureddosddos attackddos attacksdecoy systemdenial of servicedevice managemententerprise networkingeuropeexploitation activityexploited hostfinlandfranceftp brute forceftp brute-forcegermanyhackinghoneynet connecthoneytrap honeypothttp brute forceidentity & access exploitationlamplateral movementlogin attemptmalicious activitymalicious ip addressesmalicious trafficmalwaremalware distributionmalware-related botnet activitynetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork scanningnetwork securitynorth americaopenctipassword attackpassword attacksphishingphishing attackping of deathpolandpossible botnet infectionprotocol exploitationproxyreconnaissanceremote accessremote servicesresearchedscannerscanning activitysecurity operationssecurity policysftpsftp attacksmb brute forcesmtp brute forcesocial engineeringspamsshssh attackssh monitoringsuspected botnett1003t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1053t1059t1059.001t1059.003t1059.004t1068t1071t1076t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1497t1499.001t1563t1566.001t1566.002t1566.003t1592t1595t1595.001t1595.002t1595.003tcp scantelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeudp scanunauthorized access attemptunited statesusweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
May 28May 28

Threat Activity Heatmap

· Peak: 2026-05-28
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
70
SIGNAL
Signal Score
70%
Confidence
22
Reports
First seenApr 30, 2024
Last seenMay 28, 2026
GeolocationUS
CountryUnited States
LocationLos Angeles, CA
ASNAS396356
OrgIPXO
Coords34.0544, -118.2440
Proxy

VirusTotal

Not checked

WHOIS

raw
NetRange: 185.0.0.0 - 185.255.255.255 CIDR: 185.0.0.0/8 NetName: RIPE-185 NetHandle: NET-185-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2011-01-04 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/185.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 17 days ago
Appeared in 22 threat reports