IOC Radar
IPMediumSignal 63/100

184.105.139.103

Location
United StatesUnited States
Dallas, California
ASN
AS6939
The Shadow Server Foundation
First Seen
Aug 26, 2020
Last Seen
Jun 19, 2026
Aug 26
First Seen
2129d ago
Jun 19
Last Seen
7d ago
26
Reports
source reports
63%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

81 techniques

Network Information

CountryUSUnited States
RegionDallas, California
ASNAS6939
OrganizationThe Shadow Server Foundation

IP Category

Proxy
Proxy server

Feed Intelligence Summary

26 reports63% confidence
26
Source reports
63%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityactive scanactive scanningadbadbhoney activityadbhoney honeypotadministrative accessapi servicesatif feedattackattack surface discoveryattacker-ipaustraliaauto-generated securityautomated_attacksbad reputationbad web botbanlist feedbeningbening scannerbinary defenseblacklist candidateblacklist ipblacklisted ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcec2 communicationcanadacisco asacisco attackcisco devicecisco exploitationcisco exploitation attemptscisco_devicescloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompromised credentialsconpot honeypotconpot ics exploitationcontainer securitycontent deliverycowriecowrie activitycowrie detectioncowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential attackcredential harvestingcredential stuffingcredential theftcredential_access_attemptsctacurldata encryptiondata exfiltrationdata store exposuredatabase attackdatabase login attemptdatabase securitydcerpcddosddos attackddos attacksddospotdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea detectiondionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea payloadsdistributed attacksdnsdns attackdockerdropperelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal threatexternal_threatextortionfattfatt analysisfatt detectionsfatt signaturesfin port scanfinlandfrancefraud voipftpftp attacksftp brute forcegalahgermanygluttongopothackinghellpotheralding activityheralding probeshoneylabshoneynet connecthoneytrap activityhoneytrap datahoneytrap detectionhoneytrap eventshoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsinternet-facinginternet_scannersintrusion detectioniociot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 addressesipv4_activitykfsensor honeypotkibanalamplamp attacklamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stack exploitationlamp stack targetinglateral movementlinux_serverslog4potlogin attemptmailoney activitymailoney attacksmailoney detectionmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious emailmalicious login attemptsmalicious network activitymalicious scanmalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware distributionmalware downloadmanualmass scanningmedpotmirai botnetmobilemobile securitymonthlymssqlnetworknetwork attacksnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork intrusionsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork_discoverynorth americanull port scanoceaniaopen port detectionoperating systemoperating system securityopportunistic attackerp0fp0f fingerprintingp0f os fingerprintingp0f signaturespassword attackpassword attackspassword sprayingperimeter devicesphishingphishing attackphishing trapping of deathpolandportscanpossible malware activitypossible malware distributionpotential compromisepotential credential compromisepotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationproxyproxy accessproxy protocolransomwarerdp attacksreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotremote accessremote code executionremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanningscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scansftp access attemptsftp activitysftp attackshadowsever_org-benignshell accessshell access attemptsip attackssip brute forcesip scanningsippsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationsql injectionsshssh attackssh attacksssh monitoringsuricata alertsuricata alertssyn port scansystem disruptiont1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1064t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1202t1203t1204t1204.002t1486t1490t1496t1497.001t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1588t1588.002t1588.006t1589t1590t1590.001t1590.003t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetorontotpotudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunited statesunited states of americaunknown threat actorusverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanvultrweb apisweb app attackweb application attackweb applicationsweb attackweb developmentweb exploitationweb hostingweb infrastructureweb login attemptweb servicesweb shellweb shell uploadweb technologiesweb trafficweb_attackswgetwordpotxmas port scan

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
26
Reports
First seenAug 26, 2020
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationDallas, California
ASNAS6939
OrgThe Shadow Server Foundation
Coords37.6951, -121.9000
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Paris (France) honeypot
raw
Hurricane Electric LLC HURRICANE-11 (NET-184-104-0-0-1) 184.104.0.0 - 184.105.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-015D9281 (NET-184-105-139-64-1) 184.105.139.64 - 184.105.139.127

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 7 days ago
Appeared in 26 threat reports