IPMediumSignal 55/100
198.235.24.204
Location
United StatesSanta Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
Apr 18, 2023
Last Seen
Jun 12, 2026
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
32 reports55% confidence
32
Source reports
55%
Confidence score
Category tags
abuseaccessaccess attemptaccess controlaccount compromiseaccount securityack scanactive reconnaissanceactive scanactive scanningadbhoney activityadbhoney attackadbhoney detectionadbhoney honeypotadbhoney interactionsadministrative accessanomalous network connectionsapacheapache attackerapplication layer protocolaptasiaattackattack attemptattack preparatoryattack vectorsaustraliaauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication_bypassauthentication_failuresautomated activityautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated-attackbad reputationbad web botbebelgiumblacklist candidateblacklist ipblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebrute-force attackbrute_forcebrute_force_attemptbruteforcec2c2 communicationcanadachina mobilecisco activitycisco asacisco attackcisco brute forcecisco devicecisco device attackcisco device attackscisco device targetingcisco exploitcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco vulnerability scancisco-device-targetingcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycitrix vulnerability scanclassclosecloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised host detectioncompromised system attemptcompromised systemsconnectconnect scanconpotconpot activityconpot exploitationconpot honeypotconpot ics attacksconpot ics exploitationconpot interactionscontainer securitycountcountrycowriecowrie activitycowrie attackcowrie attackscowrie datacowrie detected activitycowrie detectioncowrie honeypotcowrie honeypot datacowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcingcredential harvestingcredential stuffingcredential-guessingcredential-stuffingcredential_accesscredential_stuffingctacurlcvedaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvesting attemptsdata store exposuredatabase access attemptdatabase activitydatabase attackdatabase attack attemptsdatabase attacksdatabase brute forcedatabase exploitdatabase exploitationdatabase exploitation attemptsdatabase intrusion attemptdatabase intrusion attemptsdatabase login attemptdatabase probingdatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos attemptddos participationddos preparationddos probeddos reflectionddospotdecoy systemdefault credentialsdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean environmentdionaeadionaea activitydionaea attackdionaea attacksdionaea detectiondionaea exploitsdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversaldirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot activityelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeu cyber policieseuropeeventsexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit scanexploit targetingexploit: web applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal scanningexternal threatexternal-scanningexternal-threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfieldfilefinfin port scanfin scanfinlandfirewall detectionfirewall probingfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scangalahgeckogermanygithubgluttongopotgroupshackinghellohellpotheralding activityheralding probesherolding attackshk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp exploitation attemptshttp probehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp-attackshttp/shttpshttps probehttps scanninghurricane usicmpicmp scanics securityics/scadaidentity & access exploitationimapimap attackimap brute forceinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access vectorinitial_access_attemptinjection activityinjection attacksintel macinternet facing systemsinternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceinternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scaninternet_scannersintrusion detectioniociocsiot botnetiot device targetingiot exploit attemptsiot securityiot targetediot/ics attackipphoney activityipphoney honeypotipv4ipv4 addressesipv4 scanningipv4 threatsipv4-iocipv4_addressit infrastructureitalyjapankhtmlkibanaknown malicious iplamplamp activitylamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability scanlamp-attackslateral movementlateral movement attemptlateral movement techniqueslinux malwarelinux serverslinux systemslinux x8664linux-server-attacklinux-server-targetinglinux_server_attackslog4potloginlogin attacklogin attemptlogin failuremailoney activitymailoney attackmailoney attacksmailoney detectionmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious domainmalicious emailmalicious email activitymalicious file transfermalicious infrastructuremalicious ipmalicious ip activitymalicious ip detectedmalicious ipsmalicious ipv4malicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious scanmalicious sftp activitymalicious softwaremalicious sshmalicious ssh activitymalicious trafficmalicious-login-attemptsmalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware download attemptsmalware probingmalware propagationmalware scanningmalware_activitymanualmass scanningmasscanmedpotmicrosoft technologiesmiraimirai botnetmobilemobile securitymssqlmssql brute forcemultiple port scanmysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service enumerationnetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_discoverynetwork_reconnaissancenetwork_scanningnetwork_service_exploitationnmapnmap scannorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen proxyopen_port_discoveryoperating systemoperating system securityopportunistic attackeropportunistic attacksos detectionos fingerprintingos xosint enrichmentp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpassword attackpassword attackspassword crackingpassword sprayingpassword_guessingpathpgp signphishingphishing attackphishing attemptphishing trapphp exploitation attemptsphp injection attemptsping of deathpolandpop3 brute forceport-scanningportscanpossible botnet activitypossible exploit attemptpossible exploit attemptspossible malware distributionpossible malware dropperpossible malware propagationpossible mirai variantpotential attack vectorpotential botnetpotential botnet activitypotential compromisepotential data exfiltrationpotential exploit activitypotential exploit attemptspotential intrusionpotential malware deliverypotential malware distributionpotential reconnaissance activitypotential vulnerability assessmentpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpotential_botnet_activityprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpublic cloud targetingpublicly accessible infrastructurepythonransomwareransomware activityrcerdp attacksrdp scanrdp scanningreconnaissancereconnaissance activityreconnaissance-activitiesredisredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypot activityregional securityremote accessremote access attacksremote access attemptremote access attemptsremote code executionremote loginremote service exploitationremote servicesremote_accessresearchedresource developmentresource hijackingrpcsansscada/icsscams & fraudscanscannerscanner detectionscanner ipsscannersscanning activityscanning_activityscorescriptscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationserviceservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionservice_enumerationseveresftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploit attemptsftp exploitation attemptsftp intrusion attemptsftp scanningsftp-attacksftp-brute-forceshell accessshell access attemptshell access attemptssingle source ipsipsip activitysip attackssip brute forcesip scansip scanningsip vulnerability scansip-attackssip-scanningsippslugsmb brute forcesmb exploitationsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsoftware developmentsoftware exploitationspamsql brute forcesql injectionsql injection attemptsql injection attemptssshssh activityssh attackssh attacksssh brute-forcessh monitoringssh scanssh-brute-forcestealthstealth scanstealth scan techniquessurface websuricata alertsuricata alertssynsyn port scansyn scansystem accesssystem discoverysystem disruptiont-pott-pot derived intelligencet1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1059.008t1064t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1539t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner detected activitytanner detectiontanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstargeting databasetcptcp protocoltcp scantcp-scanningtcp/23tcp/3306tcp/5900tcp_scantelecommunicationstelnettelnet attackstelnet scantelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttokyotop10.txttopips.txttor nodetorontototal eventstpottpotcetypeubuntuudp port scanudp scanudp-scanningudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized probingunauthorized scanningunauthorized-access-attemptunauthorized_access_attemptunited kingdomunited statesunknown actorunknown threat actorunusual network trafficusus abuseus nonevalid accountsvalueverified-benignversion detectionvnc protocolvnc_authenticationvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr tokyovultr-platformweak credentialsweb app attackweb applicationweb application attackweb application attacksweb application probingweb application scanningweb attackweb attacksweb crawling detectionweb exploitweb exploit attemptweb exploitationweb login attemptweb scannerweb server attacksweb server exploitationweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb-application-attacksweb_attackwgetwindows malwarewindows ntwordpotwordpress-exploitation-attemptsxmasxmas port scanxmas scan
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
· Peak: 2026-06-12LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
32
Reports
First seenApr 18, 2023
Last seenJun 12, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
- raw
- NetRange: 198.235.24.0 - 198.235.24.255 CIDR: 198.235.24.0/24 NetName: PAN-22 NetHandle: NET-198-235-24-0-1 Parent: NET198 (NET-198-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2021-12-20 Updated: 2021-12-20 Ref: https://rdap.arin.net/registry/ip/198.235.24.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 4 days ago
Appeared in 32 threat reports