IPMediumSignal 57/100

`198.235.24.71`

Location

United States

Santa Clara, California

ASN

AS396982

Palo Alto Networks, Inc

First Seen

Apr 18, 2023

Last Seen

Jun 18, 2026

Apr 18

First Seen

1164d ago

Jun 18

Last Seen

7d ago

Reports

source reports

56%

Confidence

medium

Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

56%

Signal Score

57 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

113 techniques

Network Information

Country

United States

RegionSanta Clara, California

ASNAS396982

OrganizationPalo Alto Networks, Inc

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

32 reports56% confidence

Source reports

56%

Confidence score

Category tags

abuseaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningadbadb attacksadbhoney activityadbhoney attackadbhoney honeypotadministrative accessanomalous network connectionsapacheapache attackerapplication layer protocolasiaatif feedattackattack attemptattack preparatoryattack sourceattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication failureauthentication_bypassauto-generated securityautomated activityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbanlist feedbinary defenseblacklist candidateblacklist ipblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force authenticationbrute-forcebrute-force attackbrute-force-attackbrute_forcebruteforcec2c2 communicationc2 servercanadachina mobilecisco attackcisco brute forcecisco devicecisco device attackcisco device attackscisco device scanningcisco device targetingcisco exploitcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco-device-targetingcitrix attack attemptcitrix brute forcecitrix exploitation attemptcitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised host indicatorscompromised hostsconfiguration modificationconpotconpot activityconpot attackconpot attacksconpot honeypotconpot ics attacksconpot ics exploitationconpot interactionsconpot scanscontainer securitycowriecowrie activitycowrie attackcowrie attackscowrie emulationcowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscredentialaccesscron injectionctacurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase exploitationdatabase exploitation attemptdatabase exploitation attemptsdatabase login attemptdatabase probingdatabase scandatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos preparationddos probeddospotdecoy systemdefense evasiondenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean ipdigitalocean ipsdionaeadionaea activitydionaea attackdionaea attack signaturesdionaea attacksdionaea capturedionaea exploitsdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversaldistributed attacksdnsdns attackdockerelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailemailattackencryptionenterprise networkingenterprise securityenumerationeu cyber policieseuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit scanexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexposed servicesexternal access attemptsexternal network scanexternal scanexternal threatexternal-scanningexternal-threatexternal_threatextortionfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall detectionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scanfull connect scangalahgermanygithubgluttongopothackinghellpotheralding activityheralding probeshk abusehandlerhoneynet connecthoneypot attackhoneytrap activityhoneytrap attackhoneytrap attackshoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttpshttps probehurricane usicmpicsics securityics/scada attacksidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial access activityinitial access attemptsinitial access vectorinjection activityinjection attacksinput validationinternet facing systemsinternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceinternet-scanninginternet-wide monitoringinternet-wide scanintrusion attemptintrusion detectioniociocsiot attackiot attacksiot botnetiot device targetingiot securityiot targetediot/ics attackipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4-scanningipv4_activityipv4_addressit infrastructurejapankibanaknown malicious iplamplamp attacklamp attack attemptlamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server attackslamp server targetinglamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability scanlateral movementlateral movement techniqueslcialinux serverslinux system targetinglinux systemslinux-server-attacklinux-server-targetinglinux_server_attacksload balancerlog4potloginlogin attacklogin attemptlogin attemptsmailmailoney activitymailoney attackmailoney attacksmailoney eventsmailoney honeypotmailoney indicatorsmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious email activitymalicious email detectionmalicious file transfermalicious ip detectedmalicious ip listmalicious ipsmalicious loginmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious payload detectionmalicious scanmalicious script executionmalicious sftp activitymalicious softwaremalicious software detectionmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalwaremalware analysismalware attemptmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmalware detectionmalware distributionmalware distribution attemptsmalware downloadmalware download attemptmalware download attemptsmalware installationmalware propagationmalware propagation attemptsmalware_activitymanualmass port scanmass-scanningmasscanmassive scanningmedpotmicrosoft technologiesmirai botnetmod securitymssqlmssql brute forcemysql brute forcenetworknetwork accessnetwork activitynetwork attacksnetwork device exploitationnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicesnetwork-discoverynetwork-reconnaissancenetwork_discoverynetwork_intrusionnetwork_scanningnetwork_service_exploitationnetworkscanningnmapnorth americanull port scannull scanoceaniaopen port detectionopen proxyoperating systemoperating system detectionoperating system securityopportunistic attackeros fingerprintingp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpassword attackpassword attackspassword crackingpassword sprayingpassword-guessingperimeter securitypgp signphishingphishing attackphishing trapphp exploitping of deathpolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible malware distributionpossible malware dropperpossible malware payloadpossible malware propagationpossible mirai variantpossible reconnaissance activitypotential botnetpotential botnet activitypotential compromisepotential credential theftpotential exploit attemptspotential exploit targetingpotential intrusionpotential intrusion attemptpotential malicious activitypotential malware deliverypotential malware deploymentpotential malware distributionpotential malware hostingpotential malware uploadpotential reconnaissancepotential threatpotential vulnerability assessmentpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpre-attackprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpythonransomwareransomware activityrcerdp attacksrdp scanningreconnaissancereconnaissance activityreconnaissance-activitiesredis attacksredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredis honeypot attackredishoneypot activityredishoneypot attackregional securityremote accessremote access attackremote access attemptsremote loginremote serviceremote service exploitationremote servicesremote_accessresearchedresource developmentresource hijackingrpcsansscadascams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationserver securityservice detectionservice discoveryservice enumerationservice exploitationservice probingservice scanservice scanningservice version detectionsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp brute-forcesftp exploitationsftp exploitation attemptsftp intrusion attemptsftp scanningsftp-attacksftp-bruteforceshellshell accessshell access attemptshell access attemptssip attackssip brute forcesip brute-forcesip probingsip scansip scanningsip vulnerability exploitationsip-scanningsippslaveofslugsmb attackssmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh key injectionssh monitoringssh scanningssh-brute-forcestealthstealth scansurface websuricata alertsuricata alertssweep scansynsyn port scansyn scansystem accesssystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1069.001t1071t1071.001t1071.002t1071.004t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1205t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1505.003t1505.004t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003t1608taiwantaiwan, province of chinatannertanner activitytanner attacktanner attack patternstanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstargeting databasetcp port 3306tcp protocoltcp scantcp scanningtcp-scanningtcp/23tcp/3306tcp/5900tcp/80telecommunicationstelnettelnet attackstelnet attemptstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetimeouttop10.txttopips.txttor nodetorontotpottpotcettpstwudp port scanudp scanudp-scanningudp/161unattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized probingunauthorized scanningunauthorized-access-attemptunidentified threat actorunited kingdomunited statesunknown threat actorunprotected services exploitationunsolicited network probeusus abuseus noneus source ipverified-benignvnc protocolvoipvoip attackvoip attacksvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr parisvultr-platformwafweb app attackweb application attackweb application attacksweb application scanweb application scanningweb attackweb attacksweb exploitweb exploitationweb login attemptweb scannerweb server attacksweb server exploitationweb shellweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb-application-attacksweb-serversweb_attackwgetwindows system targetingwordpotwordpress attackwordpress targeted attacksxmasxmas port scanxmas scanxss

Activity Timeline

1 total obs

Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

56%

Confidence

Reports

First seenApr 18, 2023

Last seenJun 18, 2026

GeolocationUS

CountryUnited States

LocationSanta Clara, California

ASNAS396982

OrgPalo Alto Networks, Inc

Coords37.3833, -121.9830

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
raw: NetRange: 198.235.24.0 - 198.235.24.255 CIDR: 198.235.24.0/24 NetName: PAN-22 NetHandle: NET-198-235-24-0-1 Parent: NET198 (NET-198-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2021-12-20 Updated: 2021-12-20 Ref: https://rdap.arin.net/registry/ip/198.235.24.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN
references: https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

`198.235.24.71`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey