IOC Radar
IPMediumSignal 84/100

205.210.31.14

Location
United StatesUnited States
Santa Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
Apr 12, 2022
Last Seen
Jun 3, 2026
Apr 12
First Seen
1521d ago
Jun 3
Last Seen
8d ago
35
Reports
source reports
84%
Confidence
medium
Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
84%
Signal Score
84 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

96 techniques

Network Information

CountryUSUnited States
RegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

35 reports84% confidence
35
Source reports
84%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseack scanactive scanactive scanningadbadb attacksadb brute forceadb scanningadbhoney activityadbhoney exploitationadbhoney honeypotamerican express companyandroid devicesaptasiaattackattacker-ipaustraliaauthenticationauthentication abuseauthentication attacksauthentication attemptsautomated attackautomated attacksautomated threatautomated threatsautomated-attackbad reputationbad web botbankingblacklist candidateblacklist ipblacklisted ipblock listblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force-attackbrute_forcebruteforcec&cc2canadachina mobileciscocisco asacisco attackcisco devicecisco device attackscisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscitrix exploitation attemptcitrix securitycloud infrastructurecloud infrastructure attackcloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommon port scancommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised system attemptcompromised systemsconnectconpot activityconpot honeypotconpot ics attacksconpot ics exploitationcowriecowrie activitycowrie attackscowrie detectioncowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute forcingcredential harvestingcredential stuffingcredential-stuffingcredit card servicescvedata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase exploitationdatabase exploitation attemptsdatabase reconnaissancedatabase securitydatabase serversdcom exploitationddosddos attackddos attacksddos attemptddos reflectiondecoy systemdefault credentialsdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversaldistributed attacksdnp3dnsdns attackelasticpot activityelasticpot attackselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationethernet/ipeuropeexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostexternal access attemptsexternal network scanexternal scanexternal threatexternal-scanningfailed login attemptsfattfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcegermanygithubgroupshackingheralding activityheralding attacksheralding probeshk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanninghuaweiicmpics securityics/scada attacksics/scada systemsidentity & access exploitationimapimap brute forceindicatorindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinput validationinternal scaninternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceintrusion attemptintrusion detectioniociocsiosiot attackiot attacksiot botnetiot device targetingiot exploitationiot securityiot targetediot/ics attackipmi scanningipphoney activityipphoney honeypotipv4kill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack exploitationlamp stack targetinglamp vulnerability scanlateral movementlcialinux serverslinux systemslinux-server-attacklinux_server_attacksload balancerloginlogin attacklogin attemptlogin attemptslow-riskmailoney activitymailoney detectionmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious emailmalicious file transfermalicious ipmalicious ip activitymalicious ip detectedmalicious ipsmalicious loginmalicious network activitymalicious payloadmalicious payload attemptmalicious scanmalicious script executionmalicious softwaremalicious trafficmalicious-activitymalicious-login-attemptsmalwaremalware activitymalware analysismalware behaviourmalware capturemalware delivery attemptmalware detectionmalware distributionmalware distribution attemptsmalware download attemptsmalware propagationmalware propagation attemptmalware scanningmalware_activitymanualmasscan activitymicrosoft technologiesmiraimirai botnetmobile threatmodbusmssqlmssql brute forcemysql brute forcenation-state activitynetbiosnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork-devicesnetwork-reconnaissancenmap scan detectednorth americanull scanoceaniaopen port detectionopen port enumerationopen proxyopencanaryopportunistic attackerosintp0fp0f network fingerprintingp0f passive fingerprintingp0f signaturespaloaltonetwors_com-benignpassword attackpassword attackspassword-guessingpayment processingpgp signphishingphishing attackphishing trapping of deathpolandpop3 brute forceport-scanningportscanpossible botnet activitypossible credential reusepossible malware activitypossible malware distributionpossible mirai variantpossible vulnerability probingpotential botnet activitypotential exploit targetingpotential intrusion attemptpotential malwarepotential malware downloadpotential reconnaissance activitypotential vulnerability exploitationpotential vulnerability probingprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolpythonransomwareraspberry-pirdpreconnaissancereconnaissance activityredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityremote accessremote access attackremote access attemptsremote access serviceremote loginremote service exploitationremote servicesresearchedresource hijackingrpcscada/ics attacksscams & fraudscanscannerscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer targetingserver exploitationservice discoveryservice enumerationservice probingservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp intrusion attemptsftp probingsftp scanningsftp-attackshellshell upload attemptsipsip attackssip brute forcesip scanningslugsmb attackssmb brute forcesmtpsmtp attacksmtp attackersmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware exploitationspamsql injectionsql injection attemptsshssh attackssh monitoringssh-brute-forcestealth scansurface websuricata alertssynsyn scansystem accesst-pott1003t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1048.003t1053t1053.005t1055t1056t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1539t1550t1550.002t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1583t1587.001t1588t1589t1590t1590.001t1590.003t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner eventstanner exploit kittanner honeypot activitytanner incidenttanner interactionstargeting databasetcptcp port 3306tcp protocoltcp scantcp-scanningtcp/3306tcp/3306 activitytcp/80telecommunicationtelecommunicationstelnettelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat preventiontimeouttor nodetorontotpottpot cetpotcetsecudp port scanudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized probingunauthorized-access-attemptunidentified threat actorunited statesunited states of americaunknown threat actoruploadusus abuseus noneverified-benignvnc protocolvoipvoip attackvoip systemsvulnerability scanvulnerability-scanningvultrvultr pariswafwealth managementweb app attackweb application attackweb application attacksweb application probingweb application scanweb application scanningweb attackweb attacksweb exploitweb exploitationweb scannerweb server attackweb server exploitationweb serversweb shell detectionweb spamweb trafficweb-application-attackweb-serversweb_attackwells fargo bankxmas scanxss

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
84
SIGNAL
Signal Score
84%
Confidence
35
Reports
First seenApr 12, 2022
Last seenJun 3, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3835, -121.9830
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
NetRange: 205.210.31.0 - 205.210.31.255 CIDR: 205.210.31.0/24 NetName: PAN-22 NetHandle: NET-205-210-31-0-1 Parent: NET205 (NET-205-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Palo Alto Networks, Inc (PAN-22) RegDate: 2022-01-11 Updated: 2022-01-11 Ref: https://rdap.arin.net/registry/ip/205.210.31.0 OrgName: Palo Alto Networks, Inc OrgId: PAN-22 Address: Palo Alto Networks Address: 3000 Tannery Way Address: Santa Clara, CA 95054 City: Santa Clara StateProv: CA PostalCode: 95054 Country: US RegDate: 2017-11-22 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/PAN-22 OrgAbuseHandle: IPABU42-ARIN OrgAbuseName: IP Abuse OrgAbusePhone: +1-408-753-4000 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/IPABU42-ARIN OrgTechHandle: GNS20-ARIN OrgTechName: Global Network Services OrgTechPhone: +1-408-753-4000 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/GNS20-ARIN

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 8 days ago
Appeared in 35 threat reports