IPMediumSignal 80/100
198.235.24.192
Location
United StatesSanta Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
Apr 17, 2023
Last Seen
Jun 17, 2026
Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
35 reports80% confidence
35
Source reports
80%
Confidence score
Category tags
abuseaccessaccess attemptaccess controlaccount compromiseaccount discoveryaccount securityack scanactive scanactive scanningadbadb attacksadb protocoladb-attacksadbhoney activityadbhoney honeypotadbhoney interactionsadministrative accessandroid devicesapacheapache attackerapplication layer protocolapplication scanningaptasiaattackattack attemptattack preparatoryattack surface discoveryattack vectorsattacker ipattacker-ipattacker_ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureautomated attackautomated attack activityautomated attacksautomated threatautomated threatsautomated-attackbad reputationbad web botbbcbbc newsbebelgiumblacklist candidateblacklist ipblock listblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute-force-attackbrute_forcebruteforcec2 communicationc2 servercanadachina mobilecisco attackcisco devicecisco device attackcisco device attackscisco device scanningcisco device targetedcisco device targetingcisco devices targetingcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommon vulnerabilitiescommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised system attemptcompromised systemsconnectconnect scanconnected devicesconpotconpot activityconpot attackconpot honeypotconpot ics attackconpot ics exploitationconpot interactionconpot interactionscontainer securitycowriecowrie activitycowrie attackcowrie attackscowrie datacowrie emulationcowrie honeypotcowrie interactioncowrie interactionscowrie login attemptscowrie logscowrie sshcowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential attackcredential attackscredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-accesscredential-stuffingcredential_accesscredentialaccesscredentialscross-site scripting attemptctacurldata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase login attemptdatabase probingdatabase reconnaissancedatabase securitydatabase-serverdcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos attemptddos preparationddos probeddospotdecoy systemdefense evasiondenial of servicedenial-of-servicedevice managementdictionary attackdigital oceandigitalocean ipdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversaldirectory traversal probedistributed attacksdnp3dnsdns attackdockerdropperelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailemailattackencryptionenterprise networkingenterprise securityenumerationeu cyber policieseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit scanexploit targetingexploit-attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexport-to-otxexposed servicesexternal access attemptsexternal ipexternal scanexternal scanningexternal threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall detectionfrancefraud voipftogftpftp attackftp attacksftp brute forceftp brute-forceftp bruteforcegalahgermanygithubgluttongopotgroupshackinghellpotheralding activityheralding attemptsheralding probesheralding protocol activityhk abusehandlerhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probehttp probinghttp scannerhttp scanninghttp/shttpshttps probehttps scanningicmpicmp scanics securityics-scada-attacksics/scadaics/scada attackics/scada attacksidentity & access exploitationids evasionimapimap brute forceinbound scanindicatorindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial-access-attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksinput validationinternet background noiseinternet facing systemsinternet of thingsinternet-facinginternet-facing serviceinternet-wide monitoringinternet-wide scaninternet_scanintrusion attemptintrusion detectioniociocsiot analyticsiot applicationsiot attacksiot botnetiot exploit attemptsiot platformsiot securityiot targetediot/ics attackip-address-iocippipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 port scanningipv4 threatsjapankibanakill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp attacklamp exploitlamp exploit attemptlamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp vulnerability scanninglateral movementlateral movement techniqueslcialinuxlinux malwarelinux serverslinux systemslinux-server-attacklinux-systemlinux_server_attacksload balancerlog4potloginlogin attacklogin attemptlogin attemptslogin failurelogin_attemptlow-riskmail service probingmailoney activitymailoney attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious email activitymalicious file transfermalicious file uploadsmalicious ipmalicious ip activitymalicious ip listmalicious ipsmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious payload detectionmalicious scanmalicious sftp activitymalicious softwaremalicious sshmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_ipmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptsmalware droppermalware hostingmalware infectionmalware landingmalware propagationmalware_activitymanualmass scanningmasscanmedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmispmobilemobile securitymobile threatmodbusmssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork device probingnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork-devicesnetwork-reconnaissancenetwork_activitynetwork_enumerationnetwork_reconnaissancenetwork_scanningnmapnorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port enumerationopen proxyopen_port_discoveryoperating systemoperating system securityopportunistic attackopportunistic attackeros detectionos fingerprintingosintosint enrichmentp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f signaturespaloaltonetwors_com-benignpassword attackpassword attackspassword crackingpassword sprayingpassword-guessingperimeter securitypgp signphishingphishing attackphishing trapphp exploitphp injection attemptsping of deathpolandpop3 brute forceport-scanningportscanpossible botnet activitypossible credential reusepossible exploit attemptpossible malware distributionpossible malware dropperpossible malware probingpossible malware propagationpossible mirai variantpossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpossible vulnerability scanningpotential botnetpotential botnet activitypotential compromisepotential exploit activitypotential exploit attemptspotential intrusionpotential intrusion attemptpotential malicious activitypotential malwarepotential malware deliverypotential malware deploymentpotential malware distributionpotential malware infectionpotential malware uploadpotential reconnaissance activitypotential threat activitypotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpotential_compromiseprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpythonransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypot activityregional securityremote accessremote access attackremote access attemptremote access attemptsremote code executionremote service exploitationremote servicesresearchedresource developmentresource hijackingrpcsansscams & fraudscanscannerscanner activityscanner ipscannersscanning activityscriptscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer intrusion attemptssentrypeer p2p attacksentrypeer targetingserver exploitationserver securityservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionservice_enumerationsftpsftp abusesftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp bruteforcesftp exploitationsftp exploitation attemptsftp intrusion attemptssftp probingsftp protocolsftp scanningsftp-attacksftp-attacksshell accessshell access attemptshell access attemptssipsip attackssip brute forcesip probingsip protocolsip scanningsip vulnerability exploitationsip-attackssippslugsmart devicessmb attackssmb brute forcesmb scanningsmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql injection probesshssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh protocolssh-attacksssh-brute-forcestealthstealth scanstealth scan techniquessurface websuricata alertsuricata alertssynsyn port scansyn scansystem accesssystem discoverysystem disruptiont-pott1003t1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1090t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1202t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1539t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1593t1595t1595.001t1595.002t1595.003t1598t1608tannertanner activitytanner eventstanner exploit attemptstanner exploit kittanner exploitationtanner exploitstanner honeypot activitytanner interactionstanner web attacktargeting databasetcptcp port 3306tcp protocoltcp scantcp scanningtcp/23tcp/3306tcp/80tcp_scantelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttokyotor nodetorontotpottpotcetsecttpsudp port scanudp scanudp_scanunattributed activityunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized scanningunauthorized-access-attemptunauthorized_accessunauthorized_access_attemptunited kingdomunited statesunknown threat actorunsolicited network probeusus abuseus noneus source ipuser enumerationvalid accountsverified-benignversion detectionvnc protocolvoipvoip attackvoip systemsvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr infrastructure targetedvultr parisvultr tokyowafweak credentialswebweb app attackweb application attackweb application attacksweb application probingweb application scanningweb attackweb attacksweb exploitweb exploit attemptweb exploitationweb exploitsweb login attemptweb scannerweb serverweb server attacksweb serversweb service probingweb service scanningweb shellweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb-serverweb-serversweb_attackwgetwindows malwarewordpotwordpress scanningwordpress targeted attacksxmasxmas port scanxmas scanxss
Activity Timeline
Jun 17Jun 17
Threat Activity Heatmap
· Peak: 2026-06-17LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
35
Reports
First seenApr 17, 2023
Last seenJun 17, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
- raw
- NetRange: 198.235.24.0 - 198.235.24.255 CIDR: 198.235.24.0/24 NetName: PAN-22 NetHandle: NET-198-235-24-0-1 Parent: NET198 (NET-198-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2021-12-20 Updated: 2021-12-20 Ref: https://rdap.arin.net/registry/ip/198.235.24.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 9 days ago
Appeared in 35 threat reports