Report for IP: 184.105.247.246

Threat LevelHIGH60/1002 rule types across 2 attack categories
3 incidents on record · 2 rule types · active attack detected · last seen 7d ago · known internet scanner
PTR scan-13m.shadowserver.org
Org / ASN The Shadow Server Foundation
Country 🇺🇸 United States
City Pleasanton, California
Timezone America/Los_Angeles
Internet ScannerShadowserver
Shadowserver Foundation — non-profit security research org running large-scale internet scans to map vulnerable and misconfigured systems. Scans are broadly distributed across many sensors. All unsolicited scanning probes are treated as hostile traffic on this network regardless of stated purpose.

Attack Analysis

🇺🇸 United States · Pleasanton · 6939 · The Shadow Server Foundation
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
IDS: Database Port Scan
Suricata detected this IP scanning database ports (MySQL, PostgreSQL, Redis, MongoDB). This is reconnaissance to find exposed database services for direct exploitation or credential brute-force. Database ports should never be reachable from the internet.

Reports (3)

Date Severity Description
12 Jun 2026 - 18:16 high IDS: Database port scan — ET SCAN Suspicious inbound to PostgreSQL port 5432
12 Jun 2026 - 16:14 medium IDS: Suricata alert — Honeypot: probe to closed SSH port 22
11 Jun 2026 - 10:11 high IDS: Suricata alert — Honeypot: probe to closed SSH port 22

Related IPs — Same /24 Block (184.105.247.0/24)

184.105.247.244ELEVATED1 report184.105.247.203ELEVATED2 reports184.105.247.208ELEVATED1 report184.105.247.212ELEVATED1 report184.105.247.223ELEVATED1 report184.105.247.235ELEVATED4 reports184.105.247.236ELEVATED3 reports184.105.247.240ELEVATED2 reports
Part of EagleEye Intelligence