IOC Radar
IPMediumSignal 71/100

205.169.39.52

Location
United StatesUnited States
Santa Clara, Texas
ASN
AS3356
Palo Alto Networks, Inc
First Seen
Dec 14, 2020
Last Seen
Jun 9, 2026
Dec 14
First Seen
2016d ago
Jun 9
Last Seen
12d ago
12
Reports
source reports
71%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

100 techniques

Network Information

CountryUSUnited States
RegionSanta Clara, Texas
ASNAS3356
OrganizationPalo Alto Networks, Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

12 reports71% confidence
12
Source reports
71%
Confidence score
Category tags
50 ip addresses50+ unique ipsabuse scoreabused ssl certificateabuseipdbaccess attemptaccess controlactive scanactive scanningadbhoney honeypotafricaaggressive scanningalibabaalibaba cloudalibaba cloud ipsalibaba ispanomalous activityanomalous behavioranomalous connectionsanomalous network behavioranomalous trafficanomalyanomaly detectionanomaly scoreapplication layer attackapplication layer protocolapplication_layer_protocolaptargentinaasiaasyncrat c2attackattack campaignattack originattack origin: brazilattack origin: usattack sourceattack source: brazilattack source: usattacks from taiwanaustraliaaustriaauthentication attacksauthentication attemptsauto blockedauto blocked ipauto blocked ipsauto-blockedauto-blocked ipauto-blocked ipsauto-generatedautomated analysisautomated attackautomated blockingautomated collectionautomated mitigationautomated scanautomated scanningautomated threatautomated threat responseautomated-attackaverage bde 80average bde: 80avg bde 80azerbaijanbad reputationbad web botbangladeshbdebde 80bde 80+bde analysisbde scorebde score 80bde score 80+bde score alertbde score analysisbde score highbde score: 80bde score: highbde_score_80bde_score_80+bde_score_highbehavioral analysisbehavioral detectionbehavioral detection energybelgiumbig data analyticsblacklisted ipblacklisted ip addressesblacklisted ipsblockedbolivarian republic ofbotnetbotnet activitybr ip addressbr ip addressesbr originbr originating ipsbrazilbrazil based activitybrazil based ipbrazil based ipsbrazil ipbrazil ip addressbrazil ip addressesbrazil ipsbrazil originbrazil origin ipbrazil origin ipsbrazil originating activitybrazil originating ipbrazil originating ipsbrazil originating trafficbrazil sourcebrazil source ipbrazil trafficbrazil-based activitybrazil-originbrazil_based_ipbrazilian ipbrazilian ip addressesbrazilian ipsbrazilian originating trafficbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute force detectionbrute force potentialbrute-forcebrute_forcebulgariac2c2 activityc2 channelc2 communicationc2 communication detectedc2 frameworkc2 frameworksc2 infrastructurec2 protocolc2 trafficcambodiacanadachilechinacisco devicecisco device targetingcisco exploitation attemptscode executioncommand & controlcommand and controlcommand executioncommand_and_controlcommunication attemptscommunication controlcommunication protocolcommunication protocolscompromise assessmentcompromise attemptcompromise indicatorcompromise indicatorscompromised credentialscompromised hostcompromised host activitycompromised host communicationcompromised host detectioncompromised host indicatorscompromised hostscompromised infrastructurecompromised systemcompromised system indicatorscompromised systemscompromised_infrastructureconnection attemptsconnection proxyconnection proxy usageconpot honeypotcosta ricacovert channelcowrie honeypotcowrie ssh honeypotcredential accesscredential dumpingcredential harvestingcredential stuffingcredential-stuffingcredential_accessdata analyticsdata breachdata encodingdata encryptiondata exfiltrationdata exfiltration attemptdata exfiltration attemptsdata exfiltration potentialdata obfuscationdata store exposuredata theftdata transferdatabase securityddosddos attackddos potentialdecentralized attackdecoy systemdefense evasiondenial of servicedenial-of-servicedevice managementdionaea honeypotdionaea malware collectiondiscovery phasedistributed attacksdominican republicdrive-by compromisedugganusa threat inteldugganusa threat intelligenceegress trafficemerging threatemerging threatsencryptionendpoint detectionendpoint monitoringenterprise networkingenumerationeuropeeurope/asiaexcessive requestsexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal attackexternal communicationexternal networkexternal remote servicesexternal scanexternal threatfattfinlandfranceftpftp brute forceftp brute-forceftp_bruteforcegeo-locationgeographic attackgeographic distributiongeographic locationgeographic origingeographic sourcegeographic source: brazilgeographic source: taiwangeographic source: usageographic threatgeoipgeolocated threatgermanyhackinghigh abuse confidencehigh abuse scorehigh bdehigh bde scorehigh confidencehigh confidence iocshigh confidence threathigh energy scorehigh reputation scorehigh riskhigh risk iphigh risk ipshigh risk scorehigh suspicious activityhigh threat levelhigh threat potentialhigh threat scorehigh-risk ip activityhigh_bdehoneytrap honeypothong konghttp brute forcehttp scannerhttp_bruteforcehttpsicelandics securityidentity & access exploitationimapindiaindicatorindicators of compromiseindonesiaindustrial control systemsinfostealerinfrastructure acquisitionreconnaissanceinitial accessinitial access activityinitial access attemptinitial access attemptsinitial access vectorsinitial_accessinjection activityinjection attacksinternal network scanintrusion detectioniociocsiocs: 50iocs: 50 ipsiocs: ip addressiocs: ip addressesiocs:ip addressesiot securityiot targetediot/ics attackip-addressesip-onlyipv4ipv6iraqirelandisraelitalyjamaicajapanjarm fingerprintingkenyaknown malicious ipskoreakorea, republic ofkyrgyzstanlamplamp exploitation attemptslamp vulnerability scanninglateral movementlateral movement detectionlateral movement indicatorslateral movement potentiallateral movement signalslateral_movementlebanonlithuanialog analysislow bde scorelumma stealermailoney honeypotmalaysiamalicious activitymalicious activity detectionmalicious behaviormalicious communicationmalicious communication activitymalicious frameworkmalicious frameworksmalicious hostmalicious hostsmalicious infrastructuremalicious ip activitymalicious ip addressesmalicious ip communicationmalicious ip indicatorsmalicious ipsmalicious network activitymalicious network communicationmalicious network trafficmalicious powershell activitymalicious softwaremalicious sourcemalicious sslmalicious trafficmalicious-trafficmalicious_ipmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware c2malware capturemalware communicationmalware detectionmalware distributionmalware familymalware hostingmalware indicatorsmalware propagationmalware trafficmass scanningmexicomitre att&ckmongoliamoroccomulti-regional activitymultiple ipsmultiple threat actorsnepalnetherlandsnetworknetwork abusenetwork activitynetwork activity monitoringnetwork analysisnetwork anomaliesnetwork anomalynetwork anomaly detectionnetwork attacksnetwork beaconingnetwork behaviornetwork behavior analysisnetwork communicationnetwork configuration discoverynetwork discoverynetwork enumerationnetwork exploitationnetwork exploitation attemptnetwork exploitation attemptsnetwork infrastructurenetwork intrusionnetwork intrusion activitynetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork monitoring requirednetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning detectednetwork securitynetwork security monitoringnetwork service exploitationnetwork service scanningnetwork sniffingnetwork threatnetwork trafficnetwork traffic analysisnetwork traffic monitoringnetwork vulnerabilitynetwork-intrusionnetwork_intrusionnetwork_reconnetwork_reconnaissancenetwork_scanningnew zealandnigeriano attributionno c2 reportedno known adversaryno known c2north americanorwaynumeric indicatoroceaniaongoing attacksongoing campaignongoing monitoring recommendedoriginating ipsos credential dumpingoutbound connectionsoutbound trafficp0fpanamaparaguaypassword attackspersistence mechanismsphilippinesphishingphishing attackphishing for credentialsphishing relatedphishing trapping of deathpolandport-scanport-scanningpossible adversarial activitypossible aptpossible bot activitypossible botnet activitypossible brute forcepossible c2 activitypossible c2 communicationpossible compromisepossible credential accesspossible data exfiltrationpossible exfiltrationpossible exploit attemptspossible exploitationpossible initial accesspossible intrusion attemptpossible lateral movementpossible malwarepossible malware activitypossible malware distributionpossible malware infectionpossible reconnaissancepossible scanning activitypossible threat actorpossible vulnerability scanningpost exploitationpost-exploitation activitypotential apt activitypotential attackpotential botnet activitypotential brute forcepotential c2potential c2 communicationpotential c2 infrastructurepotential compromisepotential coordinated attackpotential credential accesspotential data exfiltrationpotential emerging threatpotential evasionpotential exploitpotential exploitationpotential initial accesspotential intrusionpotential intrusion attemptpotential intrusion attemptspotential iocspotential lateral movementpotential malicious activitypotential malwarepotential malware activitypotential malware beaconingpotential malware distributionpotential malware infectionpotential malware sourcepotential network intrusionpotential network reconnaissancepotential phishingpotential phishing campaignpotential port scanningpotential reconnaissancepotential reconnaissance activitypotential threatpotential threat activitypotential threat actorpotential threat actorspotential threat originpotential threat sourcepotential vulnerability exploitationpotential_intrusionpotential_malwarepotentially malicious ipspowershell abusepowershell activitypowershell executionprivilege escalationprobable scanprocess injectionprotocol exploitationprotocol: tcpproxypublic ipqatarquasar ratransomwarereconreconnaissancereconnaissance activityreconnaissance activity detectedreconnaissance toolregistry run keysremote accessremote access attemptsremote service exploitationremote servicesrepublic ofreputation-based blockingresearchedresource developmentresource hijackingromaniarussiarussian federationscannerscanning activityscanning and reconnaissancescanning ipsscanning_activityscheduled task/jobscripting attackssecurity investigationsecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer botnetserbiaservice scanservice scanningsftp attacksiemsingaporesip scanningsmb brute forcesmtpsocial engineeringsoftware exploitationsouth africasouth americaspainspamsql injectionsshssh attackssh monitoringssh_bruteforcesslssl certificatessl certificate analysisssl certificate enrichmentssl certificate validationssl certificate verificationssl enrichmentssl-enrichmentssl/tlsssl_analysisstartup folderstealc c2stealth techniquesstealthy approachsuspected activitysuspected attacksuspected botnetsuspected reconnaissancesuspected_attackswedensyrian arab republicsystem discoverysystem information discoveryt1003t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1027t1040t1041t1043t1046t1047t1049t1053t1053 scheduled task/jobt1053.005t1055t1056t1057t1059t1059.001t1059.003t1059.004t1060t1068t1071t1071.001t1071.002t1071.004t1071.005t1075t1076t1077t1078t1078 valid accountst1078.001 default accountst1078.002t1083t1086t1087t1090t1095t1105t1110t1110.001t1110.001 password guessingt1110.002t1110.003t1110.004t1133t1135t1187t1189t1190t1203t1204.002t1210t1219t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1555t1563t1565t1566t1566.001t1566.002t1566.003t1567t1568t1568.002t1569t1569.002t1570t1571t1572t1573t1573.001t1573.002t1583t1583.001t1587.001t1588t1588.004t1589t1589.002t1590t1590.001t1590.002t1590.005t1592t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003t1598taiwantaiwan iptaiwan ip addressestaiwan ipstaiwan origintaiwan originating iptaiwan originating ipstannertanner http honeypottargeting databasetcp protocoltelecommunicationstelnet threattencenttencent cloud computingtencent ipsthreat activitythreat actorthreat actor activitythreat actor infrastructurethreat actorsthreat analysisthreat deliverythreat detectionthreat detection enhancementthreat feedthreat feed integrationthreat indicatorsthreat intel feedthreat intelligencethreat intelligence feedthreat monitoringthreat preventionthreat-intelthreat-intelligencetlstor nodetpottraffic analysistraffic analysis requiredtraffic anomaliestraffic anomalytraffic blockingtraffic monitoringtraffic pattern analysistsecttpsturkeytw ip addresstw ip addressestw origintw originating ipstw sourcetw_origintw_us_threatsukraineunassociated adversaryunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified adversaryunidentified threat actorunited arab emiratesunited kingdomunited statesunited states ipunited states ipsunited states originunited states sourceunited states trafficunited_statesunknown adversaryunknown c2 frameworkurlsusus based activityus based attackus based ipsus ip addressus ip addressesus originus origin ipus origin ipsus originating activityus originating ipsus originating trafficus sourceus source ipus trafficus-based activityus-based attackus-originus_based_ipus_originusa ip addressesusa originusa originating activityusa originating ipusa originating trafficusa sourceusa trafficuzbekistanvalid accountsvenezuela, bolivarian republic ofvidar c2viet namvietnamvoipvoip attackvulnerability scanweb app attackweb application attackweb application attacksweb exploitationweb protocolsweb traffic

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
12
Reports
First seenDec 14, 2020
Last seenJun 9, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, Texas
ASNAS3356
OrgPalo Alto Networks, Inc
Coords32.7767, -96.7970
Proxy

VirusTotal

Not checked

WHOIS

description
AbuseIPDB 0% | US | CenturyLink Communications, LLC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 12 days ago
Appeared in 12 threat reports