IOC Radar
IPMediumSignal 100/100

184.168.22.179

Location
United StatesUnited States
Tempe, Arizona
ASN
AS398101
GoDaddy.com, LLC
First Seen
Jan 5, 2025
Last Seen
Mar 19, 2026
Jan 5
First Seen
529d ago
Mar 19
Last Seen
92d ago
17
Reports
source reports
99%
Confidence
medium
1/91
VirusTotal
detections
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

36 techniques

Network Information

CountryUSUnited States
RegionTempe, Arizona
ASNAS398101
OrganizationGoDaddy.com, LLC

Feed Intelligence Summary

17 reports99% confidence
17
Source reports
99%
Confidence score
Category tags
abuseaccess controlactive scanningatif feedattackaustraliaauthentication abuseauthentication attackauthentication attacksauthentication failureauthentication failuresautomated attackautomated attacksbanlist feedbinary defensebotnetbrute forcebrute force attackbrute force attemptbrute-forccisco devicecommand and controlcompromised credentialscowrie honeypotcredential accesscredential harvestingcredential stuffingctadata exfiltrationddos preventiondecoy systemdenial of servicedevice managementdistributed attacksenterprise networkingeuropeexploit attemptsexploitationfail2ban blocked ipfail2ban triggerfailed login attemptsftp brute forcehoneytrap honeypotindicatorinfoinfrastructure acquisitionreconnaissancelamplateral movementlogin attacklogin attemptslogin failuremailoney honeypotmalicious activitymalicious softwaremalwaremanualnetworknetwork attacksnetwork infrastructurenetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynorth americanoticeoceaniapassword attackpassword attacksphishingphishing attackphishing trapprocess injectionreconnaissanceremote accessresearchedscannerscanning activitysecurity operationssecurity policysftp attacksocial engineeringssh attackssh monitoringt1021t1021.004t1040t1041t1046t1055t1059t1059.004t1071.001t1078t1078.001t1078.002t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003tcp scanningtelecommunicationsthreat actorthreat detectionthreat intelligencethreat preventionudp port scanunauthorized accessunauthorized access attemptunauthorized loginunited kingdomunited statesunited states of americaus

Activity Timeline

1 total obs
Mar 19Mar 19

Threat Activity Heatmap

· Peak: 2026-03-19
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
17
Reports
First seenJan 5, 2025
Last seenMar 19, 2026
GeolocationUS
CountryUnited States
LocationTempe, Arizona
ASNAS398101
OrgGoDaddy.com, LLC
Coords33.3359, -111.8940

VirusTotal

1/ 91vendors flagged
1% detection rateJun 8, 2026

WHOIS

description
Host bruteforcing SSH
raw
NetRange: 184.168.0.0 - 184.168.255.255 CIDR: 184.168.0.0/16 NetName: GO-DADDY-COM-LLC NetHandle: NET-184-168-0-0-1 Parent: NET184 (NET-184-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: GoDaddy.com, LLC (GODAD) RegDate: 2010-09-21 Updated: 2014-02-25 Comment: Please send abuse complaints to [email protected] Ref: https://rdap.arin.net/registry/ip/184.168.0.0 OrgName: GoDaddy.com, LLC OrgId: GODAD Address: 2155 E GoDaddy Way City: Tempe StateProv: AZ PostalCode: 85284 Country: US RegDate: 2007-06-01 Updated: 2024-11-25 Comment: Please send abuse complaints to [email protected] Ref: https://rdap.arin.net/registry/entity/GODAD OrgNOCHandle: NOC124-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-480-505-8809 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOC124-ARIN OrgTechHandle: NOC124-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-480-505-8809 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOC124-ARIN OrgAbuseHandle: ABUSE51-ARIN OrgAbuseName: Abuse Department OrgAbusePhone: +1-480-624-2505 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE51-ARIN RNOCHandle: NOC124-ARIN RNOCName: Network Operations Center RNOCPhone: +1-480-505-8809 RNOCEmail: [email protected] RNOCRef: https://rdap.arin.net/registry/entity/NOC124-ARIN RTechHandle: NOC124-ARIN RTechName: Network Operations Center RTechPhone: +1-480-505-8809 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/NOC124-ARIN RAbuseHandle: ABUSE51-ARIN RAbuseName: Abuse Department RAbusePhone: +1-480-624-2505 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE51-ARIN
references
https://blog.edie.io/2020/04/30/diy-ip-threat-feed/, https://github.com/tankmek/threatfeed, https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://redpiranha.net, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 17 threat reports