IPLowSignal 41/100
205.169.39.252
Location
United StatesSanta Clara, California
ASN
AS3356
Palo Alto Networks, Inc
First Seen
Jan 12, 2021
Last Seen
May 27, 2026
Jan 12
First Seen
1984d ago
May 27
Last Seen
24d ago
11
Reports
source reports
41%
Confidence
low
0/91
VirusTotal
detections
Found in 11 reports. Confidence: low. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSanta Clara, California
ASNAS3356
OrganizationPalo Alto Networks, Inc
Feed Intelligence Summary
11 reports41% confidence
11
Source reports
41%
Confidence score
Category tags
abuseactive scanactive scanningattackauto-generated securitybad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcecanadacommand and controlcommunication protocolcowrie activitycowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposureddosdecoy systemdenial of servicedionaea activitydionaea honeypotdistributed attacksexploitation activityftp brute forcehackingheralding activityidentity & access exploitationindicatorinitial accessinjection activitylateral movementmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork scanningnetwork securitynorth americapassword attacksprocess injectionreconnaissanceresearchedresource hijackingscannersentrypeer activitysentrypeer botnetsftp activitysftp attacksip brute forcespamssh attackssh monitoringt1021t1021.001t1040t1041t1046t1055t1059t1059.004t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003tannertelecommunicationsthreat actorthreat intelligencetor nodeunited statesusvoipvoip attackweb app attackweb application attackweb exploitation
Activity Timeline
May 27May 27
Threat Activity Heatmap
· Peak: 2026-05-27LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
11
Reports
First seenJan 12, 2021
Last seenMay 27, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS3356
OrgPalo Alto Networks, Inc
Coords37.3834, -121.9830
WHOIS
- description
- 2025-04-22T07:03:50.145Z Honeypot : Tanner : Source: 205.169.39.252 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': 'c3e0ca55-b392-42fb-9184-f4b4c51eb0f3'}}}
- raw
- NetRange: 205.168.0.0 - 205.171.255.255 CIDR: 205.168.0.0/14 NetName: CENTURYLINK-LEGACY-QWEST-INET-35 NetHandle: NET-205-168-0-0-1 Parent: NET205 (NET-205-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: CenturyLink Communications, LLC (CCL-534) RegDate: 1995-03-17 Updated: 2018-02-21 Ref: https://rdap.arin.net/registry/ip/205.168.0.0 OrgName: CenturyLink Communications, LLC OrgId: CCL-534 Address: 100 CENTURYLINK DR City: Monroe StateProv: LA PostalCode: 71201 Country: US RegDate: 2018-07-12 Updated: 2024-06-17 Comment: USAGE OF IP SPACE MUST COMPLY WITH OUR ACCEPTABLE USE POLICY: Comment: https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html Comment: Comment: ADDRESSES COVERED BY THIS ORG-ID ARE NON-PORTABLE ANY ISP ANNOUNCING OR TRANSITING PORTIONS WITHIN OUR RANGES SHOULD NOT RELY ON PRESENTED LOA'S OR OLD WHOIS UNLESS THOSE RANGES ARE ALSO ACTIVELY DIRECTLY ANNOUNCED TO A LUMEN ASN. WITH ALL LOA'S THESE CONDITIONS APPLY: Comment: Comment: 1. You are permitted to route the Lumen IP prefixes listed via Public BGP to your alternate ISP from the designated ASN. Any other ASN originating the prefix listed is forbidden. Comment: 2. The Lumen IP prefixes listed can be routed via Public BGP to your alternate ISP as long as you remain an active customer with Lumen and continue to route the prefixes over at least one Lumen Internet circuit without significant traffic engineering. Comment: 3. Should your Internet services with Lumen be discontinued, Lumen reserves the right to have your alternate ISP terminate the routing of the Lumen IP prefixes without advanced notification, should you fail to do so. Comment: 4. All IP Addresses assigned or allocated by Lumen to an end-user (customer or ISP) shall be considered non-portable and will be reclaimed by Lumen upon service termination. Comment: 5. Lumen reserves the right to conduct audits to ensure the LOA conditions are being met. Comment: 6. Usage of IP space must comply with our AUP https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html Comment: Comment: Our looking glass is located at: https://lookingglass.centurylink.com/ Comment: Comment: For subpoena or court order please fax 844.254.5800 or refer to our Trust & Safety page: Comment: https://www.lumen.com/en-us/about/legal/trust-center/trust-and-safety.html Comment: Comment: For abuse issues, please email [email protected] Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Comment: Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/CCL-534 OrgTechHandle: QIA-ARIN OrgTechName: Centurylink IP Admin OrgTechPhone: +1-877-886-6515 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/QIA-ARIN OrgAbuseHandle: CAD54-ARIN OrgAbuseName: Centurylink Abuse Desk OrgAbusePhone: +1-877-886-6515 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAD54-ARIN OrgRoutingHandle: RPKIR-ARIN OrgRoutingName: RPKI-ROA OrgRoutingPhone: +1-877-886-6515 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/RPKIR-ARIN
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
lowFirst detected 5 years ago · Last seen 24 days ago
Appeared in 11 threat reports