IOC Radar
IPMediumSignal 58/100

184.105.139.76

Location
United StatesUnited States
Dallas, California
ASN
AS6939
The Shadow Server Foundation
First Seen
Aug 26, 2020
Last Seen
Jun 19, 2026
Aug 26
First Seen
2127d ago
Jun 19
Last Seen
5d ago
24
Reports
source reports
58%
Confidence
medium
Found in 24 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

80 techniques

Network Information

CountryUSUnited States
RegionDallas, California
ASNAS6939
OrganizationThe Shadow Server Foundation

IP Category

Proxy
Proxy server

Feed Intelligence Summary

24 reports58% confidence
24
Source reports
58%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningatif feedattackattack vectorsattacker-ipaustraliaauthentication failureauto-generated securityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbanlist feedbeningbening scannerbinary defenseblacklist ipbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcecanadaciscocisco asacisco asa attackcisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscitrix securitycloud infrastructurecloud infrastructure attackcloud providercloud servicescode executioncode injectioncommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompromised credentialscompromised hostconfigconpotconpot activityconpot honeypotcowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcingcredential guessingcredential harvestingcredential stuffingcvedata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase brute forcedatabase securitydcom exploitationddosddos attackddos attacksdecoy systemdenial of servicedevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean ipsdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdirectory traversal attemptdistributed attacksdnsdns attackemailencryptionenterprise networkingenterprise securityenumerationeuropeexecutable fileexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploitationexploitation activityexploitation attemptexploited hostexternal access attemptsexternal attackersexternal-scanningfailed loginfailed login attemptsfattfatt analysisfatt signaturesfilefin port scanfinlandfirewall eventfranceftpftp attacksftp brute forceftp brute-forcegermanygithubhackinghomehoneynet connecthoneytrap activityhoneytrap datahoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsicmpics securityidentity & access exploitationimapinbound scanindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinitial access vectorinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing assetsinternet-facing serviceinternet-wide scanintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackipv4ipv4 port scanningkfsensor honeypotlamplamp attacklamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlinuxlinux serverslinux systemslinux_server_attackslogin attemptlogin attemptslogin_attemptmailoney activitymailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious file transfermalicious ip listmalicious ipsmalicious payload detectionmalicious scanmalicious softwaremalicious trafficmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware distributionmalware downloadmalware propagationmalware scanningmalware_activitymanualmass scanningmicrosoft technologiesmirai botnetmodbus scanningmonthlymssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork servicesnetwork traffic analysisnetwork-reconnaissancenetwork_activitynetworkscanningnorth americanull port scanoceaniaopen port detectionopenctip0fp0f network fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible exploit attemptpossible intrusion attemptpossible malware distributionpossible mirai variantpotential exploit activitypotential malware deploymentprocess injectionprotocol exploitationproxyproxy protocolpublic ip addresspythonrandomransomwarereconnaissancereconnaissance activityredis honeypotredishoneypot activityredmineremote accessremote servicesresearchedresource hijackingrpcs7comm scanningsansscada attacksscanscannerscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice discoveryservice scanservice scanningsftpsftp access attemptsftp activitysftp attackshadowsever_org-benignsip attackssip scanningslugsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringsurface websuricata alertssynsyn port scansyn scansystem accesst1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1047t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505t1505.002t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1583t1587.001t1588t1589t1590t1590.001t1590.002t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner interactionstargeting databasetcp protocoltcp scantcp-scanningtcp/3306telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetorontotpottpotcetsecudp port scanudp scanudp-scanningunauthorized accessunauthorized access attemptunauthorized loginunauthorized probingunited statesunited states of americaunknown threat actorususerverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanvultrweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitweb exploitationweb shell attemptweb shell detectionweb spamweb trafficweb_attackxmas port scan

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
24
Reports
First seenAug 26, 2020
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationDallas, California
ASNAS6939
OrgThe Shadow Server Foundation
Coords37.6951, -121.9000
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
Hurricane Electric LLC HURRICANE-11 (NET-184-104-0-0-1) 184.104.0.0 - 184.105.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-015D9281 (NET-184-105-139-64-1) 184.105.139.64 - 184.105.139.127
references
https://github.com/telekom-security/tpotce, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 5 days ago
Appeared in 24 threat reports