IPMediumSignal 53/100
185.223.152.45
Location
United StatesLos Angeles, CA
ASN
AS396356
IPXO
First Seen
Oct 21, 2023
Last Seen
Jun 5, 2026
Found in 21 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
53%
Signal Score
53 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionLos Angeles, CA
ASNAS396356
OrganizationIPXO
Feed Intelligence Summary
21 reports53% confidence
21
Source reports
53%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningapacheapache attackeraptattackbad reputationbad web botblocklist_allblog spambotnet activitybrute forcebrute force attackbrute-forcecommand & controlcompromised hostscredential accesscredential harvestingcredential stuffingddosddos attackddos preparationdenial of serviceeuropeexploitation activityexploited hostfinlandfranceftp brute forceftp brute-forcegermanyhackinghoneynet connecthttp brute forceidentity & access exploitationlateral movementlogin attemptmalicious activitymalwaremalware c2networknetwork enumerationnetwork intrusionnetwork scanningnetwork securitynorth americaopenctipassword attackpassword attacksphishingphishing attackping of deathpolandprotocol exploitationproxyreconnaissanceremote accessremote servicesresearchedscannerscanning activitysecurity policysmb brute forcesmtp brute forcesocial engineeringspamsshssh attacksuspected botnett1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1059t1059.001t1059.003t1059.004t1065t1068t1071t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1499.001t1563t1566.001t1566.002t1566.003t1592t1595t1595.001t1595.002t1595.003tcp scantelnet threatthreat actorthreat preventiontor nodeudp scanunauthorized access attemptunited statesusweb app attackweb application attackweb exploitationweb spam
Activity Timeline
Jun 5Jun 5
Threat Activity Heatmap
· Peak: 2026-06-05LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
53
SIGNAL
Signal Score
53%
Confidence
21
Reports
First seenOct 21, 2023
Last seenJun 5, 2026
GeolocationUS
CountryUnited States
LocationLos Angeles, CA
ASNAS396356
OrgIPXO
Coords34.0544, -118.2440
VirusTotal
Not checked
WHOIS
- raw
- NetRange: 185.0.0.0 - 185.255.255.255 CIDR: 185.0.0.0/8 NetName: RIPE-185 NetHandle: NET-185-0-0-0-1 Parent: () NetType: Allocated to RIPE NCC OriginAS: Organization: RIPE Network Coordination Centre (RIPE) RegDate: 2011-01-04 Updated: 2025-02-10 Comment: These addresses have been further assigned to users in the RIPE NCC region. Please note that the organization and point of contact details listed below are those of the RIPE NCC not the current address holder. ** You can find user contact information for the current address holder in the RIPE database at http://www.ripe.net/whois. Ref: https://rdap.arin.net/registry/ip/185.0.0.0 ResourceLink: https://apps.db.ripe.net/db-web-ui/query ResourceLink: whois.ripe.net OrgName: RIPE Network Coordination Centre OrgId: RIPE Address: P.O. Box 10096 City: Amsterdam StateProv: PostalCode: 1001EB Country: NL RegDate: Updated: 2013-07-29 Ref: https://rdap.arin.net/registry/entity/RIPE ReferralServer: whois.ripe.net ResourceLink: https://apps.db.ripe.net/db-web-ui/query OrgAbuseHandle: ABUSE3850-ARIN OrgAbuseName: Abuse Contact OrgAbusePhone: +31205354444 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN OrgTechHandle: RNO29-ARIN OrgTechName: RIPE NCC Operations OrgTechPhone: +31 20 535 4444 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
- references
- https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 8 days ago
Appeared in 21 threat reports