IOC Radar
IPMediumSignal 100/100

104.156.155.13

Location
United StatesUnited States
New York, New York
ASN
AS400161
Academy Internet Research Limited Liability Company
First Seen
Jan 26, 2022
Last Seen
Nov 26, 2025
Jan 26
First Seen
1610d ago
Nov 26
Last Seen
209d ago
23
Reports
source reports
99%
Confidence
medium
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryUSUnited States
RegionNew York, New York
ASNAS400161
OrganizationAcademy Internet Research Limited Liability Company

Feed Intelligence Summary

23 reports99% confidence
23
Source reports
99%
Confidence score
Category tags
abuseabuseipdbacademy_for_internet_research-benignaccess controlaccount compromiseaccount securityactive scanningadministrative accessaerospace & defenseattackaustraliaauto-generated securityautomotive manufacturingbeningbening scannerblacklist candidatebotnetbotnet activitybrute forcebrute force attackc2c2 communicationcertcivil servicescommand and controlcommunication protocolconnect scancredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdcom exploitationddosddos attacksddos participationdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedirectory traversal probedistributed attackselectronics manufacturingenumerationexploit activityexploited hostexternal threat actorfin scanftpftp brute forcegovernment technologyhttp brute forcehttp scannerindicatorindustrial automationindustrial iotindustrial productioninformation gatheringinternet of thingsintrusion detectioniociot botnetiot/ics attackipv4lateral movementmalicious activitymalicious domainmalicious network activitymalicious scanmalicious softwaremalwaremanufacturing technologymicrosoft technologiesmilitary operationsmirai botnetnational securitynetworknetwork activitynetwork attacksnetwork intrusionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynextraynorth americanull scanoceaniaoperating systemoperating system securityos detectionpassword attackpassword attacksphishing attackpossible vulnerability probingpotential threat activitypotential vulnerability assessmentprivilege escalationprocess injectionprocess manufacturingprotocol exploitationpublic administrationpublic infrastructurepublic policyquality controlreconnaissancereconnaissance activityregulatory agenciesremote accessremote servicesresearchedrpcrtbhscanscannerscanning activityscripting attackssecurity operationssecurity policyservice detectionservice enumerationsip scanningsmtpsmtp brute forcesocial engineeringsocradarsourcesql injection probessh attackssh scanningsupply chain managementsurface websyn scant1016t1018t1020t1021t1021.001t1021.002t1040t1046t1047t1055t1056.001t1059t1059.001t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1210t1486t1496t1499.001t1499.002t1499.003t1550.003t1562t1563t1565t1566.001t1566.002t1566.003t1573t1573.001t1589t1589.002t1592t1592.004t1595t1595.001t1595.002t1595.003tcp protocoltelecommunicationstelnet threatthreat actorthreat intelligencethreat preventionudp port scanunited statesunited states of americausverified-benignvoipweb application attackweb attackweb exploitationweb trafficxmas scan

Activity Timeline

1 total obs
Nov 26Nov 26

Threat Activity Heatmap

· Peak: 2025-11-26
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
23
Reports
First seenJan 26, 2022
Last seenNov 26, 2025
GeolocationUS
CountryUnited States
LocationNew York, New York
ASNAS400161
OrgAcademy Internet Research Limited Liability Company
Coords0.0000, 0.0000

VirusTotal

Not checked

WHOIS

description
Scans hitting the server at TCP port 135 DCOM RPC. Same IP should not appear more than once in 96 hours in our lists S3#.
raw
NetRange: 104.156.155.0 - 104.156.155.255 CIDR: 104.156.155.0/24 NetName: ACDRESEARCH NetHandle: NET-104-156-155-0-1 Parent: NET104 (NET-104-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Academy for Internet Research Limited Liability Company (AIRLL) RegDate: 2022-01-07 Updated: 2022-01-07 Ref: https://rdap.arin.net/registry/ip/104.156.155.0 OrgName: Academy for Internet Research Limited Liability Company OrgId: AIRLL Address: #A1- 5436 Address: 1110 Nuuanu Ave City: Honolulu StateProv: HI PostalCode: 96817 Country: US RegDate: 2021-10-15 Updated: 2023-12-11 Ref: https://rdap.arin.net/registry/entity/AIRLL OrgTechHandle: ADMIN7921-ARIN OrgTechName: Admin OrgTechPhone: +1-833-439-0956 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ADMIN7921-ARIN OrgTechHandle: ABUSE8264-ARIN OrgTechName: Abuse OrgTechPhone: +1-833-439-0956 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ABUSE8264-ARIN OrgAbuseHandle: ABUSE8264-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-833-439-0956 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE8264-ARIN
references
https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://example.com, http://cinsscore.com/list/ci-badguys.txt, https://github.com/borestad/blocklist-abuseipdb/blob/main/abuseipdb-s100-3d.ipv4

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 6 months ago
Appeared in 23 threat reports