IPMediumSignal 61/100
184.105.139.80
Location
United StatesDallas, California
ASN
AS6939
The Shadow Server Foundation
First Seen
Aug 26, 2020
Last Seen
Jun 19, 2026
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionDallas, California
ASNAS6939
OrganizationThe Shadow Server Foundation
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
26 reports61% confidence
26
Source reports
61%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseactive scanactive scanningadbadbhoney activityadbhoney honeypotandroidattackattack originaustraliaauto-generated securityautomated attacksautomated threatbad reputationbad web botbeningbening scannerblacklist candidatebotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcec2 communicationciscocisco asacisco devicecisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscitrix attack attemptcitrix securitycivil servicescloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompromised credentialscompromised hostconnectconpotconpot activityconpot honeypotconpot ics attackconpot ics attackscowriecowrie activitycowrie honeypotcowrie honeypot detectioncowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh logscredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcurldata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase exploitation attemptsdatabase login attemptdatabase securitydcerpcddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandigitalocean ipdionaeadionaea activitydionaea attackdionaea capturedionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackdropperemailencryptionenterprise networkingenterprise securityeuropeexploitexploit attemptexploit attemptsexploit public-facing applicationexploit targetingexploitationexploitation activityexploited hostexternal access attemptsexternal attackersfailed login attemptsfattfatt detectionsfatt signaturesfilefin scanfinlandfirewall eventfranceftpftp brute forcegermanygovernment technologygroupshackingheralding activityhoneylabshoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsicmpics securityidentity & access exploitationinbound scanindicatorindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinitial_access_attemptinjection activityinjection attacksinternet of thingsintrusion detectioniociot attackiot botnetiot securityiot targetediot/ics attackipv4ipv4 activityipv4 port scanningipv4 threatsit infrastructurekfsensor honeypotlamplamp attack attemptlamp exploitation attemptslamp server targetinglamp stack attacklamp stack targetedlamp stack targetinglateral movementlinux serverslinux systemslogin attemptlogin_attemptmailoney activitymailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious file transfermalicious ipmalicious ip detectedmalicious ip listmalicious network activitymalicious payload detectionmalicious softwaremalicious trafficmalwaremalware analysismalware attemptmalware behaviourmalware capturemalware detectionmalware distributionmalware downloadmalware propagationmanualmiraimirai botnetmobile threatmonthlymssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork servicesnetwork traffic analysisnetwork_activitynetwork_scanningnorth americanull scanoceaniaopen proxyp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible exploit attemptpossible intrusion attemptpossible mirai variantpossible reconnaissance activitypotential exploitpotential exploit activitypotential malicious activitypotential malware deploymentpotential malware distributionpotential vulnerability probingprocess injectionprotocol exploitationproxyproxy accesspublic administrationpublic infrastructurepublic ip addresspublic policyransomwarerdp scanningreconnaissanceredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityregulatory agenciesremote accessremote servicesresearchedresource hijackingsansscanscannerscanner ipscannersscanningscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserver exploitationservice enumerationservice scanservice scanningsftpsftp activitysftp attacksftp attackssftp attemptsftp intrusion attemptsftp scanningshadowsever_org-benignshell accesssipsip brute forcesip scanningsippslugsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsoftware developmentsoftware exploitationspamsql injectionsshssh attackssh monitoringsurface websuricata alertsuricata alertssyn scansystem accesst1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.004t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1572t1583t1587.001t1588t1590t1590.001t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunited statesunited states of americausverified-benignvnc protocolvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb application attacksweb attackweb exploitweb exploitationweb login attemptweb shell detectionweb shell uploadweb spamweb trafficwgetxmas scan
Activity Timeline
Jun 19Jun 19
Threat Activity Heatmap
· Peak: 2026-06-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
26
Reports
First seenAug 26, 2020
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationDallas, California
ASNAS6939
OrgThe Shadow Server Foundation
Coords37.6951, -121.9000
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
- raw
- Hurricane Electric LLC HURRICANE-11 (NET-184-104-0-0-1) 184.104.0.0 - 184.105.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-015D9281 (NET-184-105-139-64-1) 184.105.139.64 - 184.105.139.127
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 8 days ago
Appeared in 26 threat reports