IOC Radar
IPMediumSignal 62/100

184.105.247.228

Location
United StatesUnited States
Pleasanton, California
ASN
AS6939
The Shadow Server Foundation
First Seen
Aug 26, 2020
Last Seen
Jun 19, 2026
Aug 26
First Seen
2131d ago
Jun 19
Last Seen
8d ago
30
Reports
source reports
62%
Confidence
medium
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

80 techniques

Network Information

CountryUSUnited States
RegionPleasanton, California
ASNAS6939
OrganizationThe Shadow Server Foundation

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

30 reports62% confidence
30
Source reports
62%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningactor listadbadb protocoladbhoney honeypotandroid devicesaptasiaattackattack attemptattacker-ipaustraliaauthenticationauto-generated securityautomated attacksautomated enumerationautomated reconnaissance activitybad reputationbad web botbeningbening scannerblacklist candidatebotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationcanadacertcisco asacisco devicecisco device targetingcisco exploitationcisco exploitation attemptscitrix attack attemptcitrix exploitation attemptscitrix securityclosecloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompromised hostconpot activityconpot honeypotconpot ics attackscowrie activitycowrie honeypotcowrie honeypot detectioncowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential compromisecredential guessingcredential harvestingcredential stuffingcurldata encryptiondata exfiltrationdata harvesting attemptsdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase probingdatabase securitydcerpcddosddos attackddos attacksdecoy systemdenial of servicedevice managementdigital oceandigitalocean ipdionaea activitydionaea attackdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackdropperelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenterprise securityenumerationeuropeexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploited hostfailed login attemptsfattfatt detectionsfatt signaturesfilefin scanfinlandfranceftpftp brute forceftp brute-forcegeckogermanyhackinghelloheralding activityhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationimapinbound scanindicatorindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinjection activityinjection attacksintel macinternet of thingsinternet-facingintrusion detectioniociot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4it infrastructurekazakhstankaznetkfsensor honeypotkhtmllamplamp attack attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp stack attacklamp stack targetedlamp stack targetinglateral movementlinux x8664login attemptlogin attemptslogin brute forcemailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious file transfermalicious ip detectedmalicious ipv4malicious network activitymalicious payload detectionmalicious softwaremalicious trafficmalwaremalware analysismalware attemptmalware behaviourmalware capturemalware distributionmalware downloadmalware droppermalware propagationmanualmirai botnetmisp threatmobilemobile securitymobile threatmonthlymssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork traffic analysisnetworkscanningnorth americanull scanoceaniaopen port detectionopen proxyopen threatopenctiopportunistic attackeros fingerprintingos xotx pulsenametip0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapping of deathpinyinpla unitpolandportscanpossible botnet activitypossible exploit attemptpossible mirai variantpossible reconnaissancepossible reconnaissance activitypotential exploitpotential exploit activitypotential malicious activitypotential malware deliveryprocess injectionprotocol exploitationproxyproxy accessransomwarerdp scanningreconnaissanceredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityremote accessremote servicesresearchedresource hijackingsansscanscannerscanner detectionscanner ipscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice scanservice version detectionsftp access attemptssftp activitysftp attacksftp attackssftp attemptssftp intrusion attemptsftp scanningshadowsever_org-benignshell accessshell access attemptssip brute forcesip scanningsippslugsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsoftware developmentsoftware exploitationspainspamsql injectionsshssh attackssh brute-forcessh monitoringssl vpnsurface websuricata alertsuricata alertssynsyn scansystem accesst1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1078.001t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1583t1583.001t1583.002t1587.001t1589t1589.002t1590t1590.001t1590.003t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet attemptstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionti advisorytor nodetorontotpottsectsocubuntuudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized scanningunit coverunited statesunited states of americaunknown threat actorunusual network trafficusverified-benignvnc protocolvoidtrapvoipvoip attackvpnvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb application attacksweb attackweb crawling detectionweb exploitweb exploitationweb login attemptweb shell detectionweb shell uploadweb spamweb trafficwgetwindows ntxmas scan

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
30
Reports
First seenAug 26, 2020
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationPleasanton, California
ASNAS6939
OrgThe Shadow Server Foundation
Coords37.6951, -121.9000
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
Hurricane Electric LLC HURRICANE-11 (NET-184-104-0-0-1) 184.104.0.0 - 184.105.255.255 The Shadowserver Foundation, Inc. HURRICANE-CE2897-2AAEDEA4 (NET-184-105-247-192-1) 184.105.247.192 - 184.105.247.255
references
https://threats.kz, https://github.com/telekom-security/tpotce, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 8 days ago
Appeared in 30 threat reports