IPMediumSignal 61/100
198.235.24.64
Location
United StatesSanta Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
Apr 16, 2023
Last Seen
Jun 22, 2026
Found in 34 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
34 reports61% confidence
34
Source reports
61%
Confidence score
Category tags
abuseaccessaccess attemptaccess controlaccount compromiseaccount discoveryaccount securityackack scanactive reconnaissanceactive scanactive scanningadbadb brute forceadb honeypot activityadbhoney activityadbhoney attackadbhoney honeypotadbhoney interactionsadminadministrative accessamerican expressandroid devicesapacheapache attackerapplication layer protocolaptasiaattackattack attemptattack surface discoveryattacker ipattacker ipsattacker-ipaustraliaauthentication abuseauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication_bypassauthentication_failuresautomated activityautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated-attackautomated_attackbad reputationbad web botbanner grabbing attemptblacklist candidateblacklist ipblacklisted ip addressblock listblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 communicationc2 servercanadacertchina mobilecisco asacisco attackcisco devicecisco device attackcisco device targetedcisco device targetingcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco ios attackcisco network devicescitrix attack attemptcitrix exploitation attemptcitrix exploitation attemptscitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon vulnerabilitiescommunication protocolcommunication securitycompany limitedcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnectconnect scanconpotconpot activityconpot attackconpot emulationconpot honeypotconpot ics/scada honeypotconpot interactionconpot interactionscontainer securitycowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie detected activitycowrie emulationcowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie sshcowrie ssh activitycowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential brute-forcingcredential compromisecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscredential_stuffingctacurlcvecve exploitation attemptdata encryptiondata exfiltrationdata exfiltration attemptdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase attacksdatabase enumerationdatabase exploitation attemptdatabase exploitation attemptsdatabase login attemptdatabase probingdatabase securitydatabase serversdcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos attemptddos preparationddos probeddospotdecoy systemdenial of servicedenial-of-servicedevice compromise attemptsdevice managementdictionary attackdigital oceandigitalocean ipdigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea exploitsdionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdiscovery phasedistributed attacksdnp3dnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationethernet/ipeu cyber policieseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploit: web applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexposed servicesexternal access attemptsexternal scanexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall detectionfirewall evasionfrancefraud voipftpftp attackftp attacksftp attemptftp brute forceftp brute-forceftp scangalahgeckogermanygithubgluttongopotgroupshackinghellohellpotheralding activityheralding attackhk abusehandlerhoneynet connecthoneytrap activityhoneytrap attackhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp/shttpshttps probehttps scanninghuaweiicmpics securityics/scada systemsidentity & access exploitationids evasionimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure targetinginitial accessinitial_access_attemptinjection activityinjection attacksintel macinternal scaninternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceinternet-wide scanintrusion detectioniociocsiot attackiot botnetiot exploit attemptsiot securityiot targetediot/ics attackipp honeyipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 port scanningipv4 scanningipv4-iocipv4_addressit infrastructurejapankhtmlkibanaknown malicious iplamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlateral movementlateral movement attemptlateral movement techniqueslcialinux serverslinux systemslinux x8664linux-server-attacklinux_server_attackslog4potloginlogin attacklogin attemptlogin failuremailoney activitymailoney attackmailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmailoney trapmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious file transfermalicious ipmalicious ip activitymalicious ip blockedmalicious ip listmalicious ipsmalicious ipv4malicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious payload distributionmalicious scanmalicious script executionmalicious sftp activitymalicious sip activitymalicious softwaremalicious software detectionmalicious ssh activitymalicious trafficmalicious-login-attemptsmalicious_trafficmalwaremalware activitymalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware download attemptmalware propagationmalware propagation attemptmalware_activitymanualmass port scanmass scanningmass scanning activitymasscanmedpotmicrosoft technologiesmiraimirai botnetmobilemobile securitymobile threatmodbusmonthlymssqlmssql brute forcemysql brute forcenation-state activitynetbiosnetworknetwork activitynetwork attacksnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork layer protocolnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_intrusionnetwork_reconnaissancenetwork_scanningnetwork_service_exploitationnetwork_services_attacknetworkscanningnmapnorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port identificationopen proxyoperating systemoperating system securityos detectionos fingerprintingos xosint enrichmentoutbound communication blockingp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpassword attackpassword attackspassword crackingpassword sprayingpassword_guessingperimeter securitypgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible botnet communicationpossible exploit attemptpossible exploit attemptspossible malware distributionpossible malware dropperpossible mirai variantpossible vulnerability probingpotential botnetpotential botnet activitypotential credential compromisepotential credential theftpotential exploit activitypotential exploit attemptspotential intrusionpotential intrusion attemptpotential malware activitypotential malware deploymentpotential malware distributionpotential malware hostingpotential malware infectionpotential malware uploadpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpythonransomwareransomware activityrdprdp abuserdp attacksrdp exploitationrdp scanrdp scanningreconnaissancereconnaissance activityredis exploitation attemptredis honeypotredis honeypot attackredishoneypot activityredishoneypot attackregional securityremote accessremote access attackremote access attemptremote access attemptsremote access serviceremote code executionremote service exploitationremote servicesremote_accessresearchedresource hijackingrpcsansscada/ics attacksscams & fraudscanscannerscanner detectionscanner ipscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationserver securityservice detectionservice discoveryservice enumerationservice probingservice scanservice scanningservice version detectionsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploitationsftp exploitation attemptsftp exploitation attemptssftp scanningsftp-attacksftp_protocolshell accessshell access attemptsingaporesipsip attackssip brute forcesip scansip scanningsip vulnerability scansip_protocolsippskypeslugsmb brute forcesmb probingsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsocradarsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh scanssh-brute-forcessh_protocolstealth scansurface websuricata alertsuricata alertssynsyn port scansyn scansystem accesssystem discoverysystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021: remote servicest1027t1040t1040: network sniffingt1041t1046t1047t1053t1053.005t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1059.008t1064t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1078: valid accountst1082t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1110: brute forcet1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1583.001t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1595: active scanningtaiwantaiwan, province of chinatannertanner activitytanner attacktanner detected activitytanner eventstanner exploitstanner http honeypottanner interactionstargeted scantargeting databasetcptcp port 23tcp port scanningtcp protocoltcp scantcp/23tcp/3306tcp/5900tcp/80telecommunicationtelecommunicationstelnet attackstelnet scantelnet scanningtelnet threattelnet-brute-forcetelnet_protocolthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetimeouttor nodetorontotpottpotcetsectwubuntuudp port scanudp port scanningudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized-access-attemptunited kingdomunited statesunknown actorunknown threat actorunsolicited emailunsolicited network probeunusual network trafficusus abuseus nonevalid accountsverified-benignvnc protocolvoipvoip attackvoip systemsvpnvpn ipvulnerability scanvultrvultr cloud infrastructurevultr tokyovultr-platformweak credentialswebweb app attackweb application attackweb application attacksweb application probingweb application scanningweb attackweb attack attemptsweb attacksweb crawling detectionweb exploitweb exploitationweb login attemptweb scannerweb serversweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb_attackwestpac new zealandwgetwinwindowswindows ntwordpotwordpress attackxmasxmas port scanxmas scan
Activity Timeline
Jun 22Jun 22
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
34
Reports
First seenApr 16, 2023
Last seenJun 22, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3833, -121.9830
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- NetRange: 198.235.24.0 - 198.235.24.255 CIDR: 198.235.24.0/24 NetName: PAN-22 NetHandle: NET-198-235-24-0-1 Parent: NET198 (NET-198-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2021-12-20 Updated: 2021-12-20 Ref: https://rdap.arin.net/registry/ip/198.235.24.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 6 days ago
Appeared in 34 threat reports