IOC Radar
IPMediumSignal 44/100

205.210.31.19

Location
United StatesUnited States
Santa Clara, California
ASN
AS396982
Palo Alto Networks, Inc
First Seen
Apr 12, 2022
Last Seen
Jun 22, 2026
Apr 12
First Seen
1536d ago
Jun 22
Last Seen
4d ago
29
Reports
source reports
44%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
44%
Signal Score
44 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

103 techniques

Network Information

CountryUSUnited States
RegionSanta Clara, California
ASNAS396982
OrganizationPalo Alto Networks, Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

29 reports44% confidence
29
Source reports
44%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount securityactive scanactive scanningadbadbhoney attacksadbhoney honeypotadministrative accessagentalertamerican expressandroid devicesapacheapache attackerapplication layer protocolasiaattackattack sourceattacking-ipsaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptsauthentication_bypassautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated-attackbad reputationbad web botbankingblacklist candidateblacklist ipbotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attemptc2 communicationc2 servercanadacins activeciscocisco devicecisco device attackcisco device targetedcisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscitrix brute forcecitrix exploitation attemptcitrix securityclosecloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromise attemptcompromised credentialscompromised hostcompromised hostsconnectconpotconpot activityconpot attacksconpot exploitationconpot honeypotcontainer securitycowriecowrie activitycowrie attackcowrie attackscowrie honeypotcowrie interactionscowrie sshcowrie ssh attackcowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingcredit card servicescurlcvedata encryptiondata exfiltrationdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase attacksdatabase enumerationdatabase exploitationdatabase login attemptdatabase probingdatabase securitydatabase serversdcerpcdcom exploitationddosddos attackddos attacksddos attemptddos preventionddos probeddospotdecoy systemdefense evasiondenial of servicedevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdionaea interactionsdirectory traversaldistributed attacksdnp3dnsdns attackdockerdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationet dropethernet/ipeuropeexfiltrationexploitexploit attemptexploit attemptsexploit probingexploit scanexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexport-to-otxexternal access attemptsexternal_threatextortionfailed login attemptsfattfatt analysisfatt signaturesfin scanfinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcegalahgeckogermanygithubgluttongopotgroupshackinghellohellpotheralding activityhoneynet connecthoneypot 24h activityhoneytrap activityhoneytrap datahoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp exploitationhttp probinghttp scannerhttp scanninghttp/shttpshttps scanninghuaweiicmpics securityics/scada attackics/scada systemsidentity & access exploitationimapimap brute forceinbound scanindicatorindicators-of-compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinput validationintel macinternet of thingsinternet-facinginternet-facing serviceinternet-scanningintrusion detectioniociocsiot botnetiot device targetingiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4-scanningipv4_activityipv4_addressjapankhtmlkibanalamplamp attacklamp exploitationlamp exploitation attemptslamp server attacklamp server targetlamp stack attacklamp stack exploitationlamp stack targetinglateral movementlateral movement techniqueslinux serverslinux systemslinux x8664linux-server-attacklinux_server_attackslisted sourceload balancerlog4potloginlogin attemptlogin attemptslogin failuremail protocol abusemailoney activitymailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious attachmentmalicious email activitymalicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware distribution attemptmalware downloadmalware propagationmalware scanningmalware_activitymanualmass-scanningmedpotmicrosoft technologiesmirai botnetmispmobilemobile securitymobile threatmodbusmssqlmysql brute forcenation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork exploitationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork_discoverynetwork_scanningnetwork_service_exploitationnorth americanull scanoceaniaopen port detectionopen port identificationopen proxyoperating systemoperating system securityopportunistic attackeropportunistic-attackos fingerprintingos xp0fp0f os fingerprintingp0f signaturespaloaltonetwors_com-benignpassword attackpassword attackspassword sprayingpayment processingphishingphishing attackphishing trapphp exploitpingping of deathpolandpoor reputationpop3 brute forceportport-scanningportscanpossible botnet activitypossible malware distributionpossible malware propagationpossible mirai variantpotential botnet activitypotential credential compromisepotential exploit activitypotential exploit attemptspotential intrusionpotential threat actorpotential vulnerability scanpre-attackprivilege escalationprocess injectionprotoprotocol exploitationprotocol-abuseproxyproxy accessproxy protocolpythonransomwarereconnaissancereconnaissance activityredis honeypotremote accessremote access attacksremote access serviceremote serviceremote service exploitationremote servicesremote_accessresearchedresource hijackingrpcscada/ics attacksscams & fraudscanscannerscanner detectionscannersscanning activityscanning_activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp intrusion attemptssftp probingsftp-attackshell accessshell access attemptsipsip attackssip brute forcesip enumerationsip scanningsip vulnerability scansippslugsmb brute forcesmb exploitationsmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh bruteforcessh monitoringssh-brute-forcesurface websuricata alertsuricata alertssynsyn scansystem accesssystem discoverysystem disruptiont-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056.001t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1064t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1539t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.003t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner attackstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp/23tcp/3306tcp/80telecommunicationtelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_discoverytor nodetorontotpottsecubuntuudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized network activityunauthorized scanningunauthorized-access-attemptunited kingdomunited statesunited states of americaunknown threat actorunusual network trafficusverified-benignvnc protocolvoipvoip attackvoip systemsvulnerability scanvulnerability-scanningvultrwafwealth managementwebweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb crawling detectionweb exploitweb exploitationweb login attemptweb scannerweb server exploitationweb serversweb shellweb shell attemptweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb_attackwestpac new zealandwgetwindows ntwordpotwordpress scanningxmas scanxss

Activity Timeline

1 total obs
Jun 22Jun 22

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
44
SIGNAL
Signal Score
44%
Confidence
29
Reports
First seenApr 12, 2022
Last seenJun 22, 2026
GeolocationUS
CountryUnited States
LocationSanta Clara, California
ASNAS396982
OrgPalo Alto Networks, Inc
Coords37.3835, -121.9830
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
Socket not responding: [Errno 111] Connection refused

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 4 days ago
Appeared in 29 threat reports