Threat LevelMEDIUM46/1001 rule type
1 incident on record · seen 23h ago · known internet scanner
| PTR | scan-12k.shadowserver.org |
| Org / ASN | The Shadow Server Foundation |
| Country | 🇺🇸 United States |
| City | Gunnison, Utah |
| Timezone | America/Denver |
Internet ScannerShadowserver
Shadowserver Foundation — non-profit security research org running large-scale internet scans to map vulnerable and misconfigured systems. Scans are broadly distributed across many sensors. All unsolicited scanning probes are treated as hostile traffic on this network regardless of stated purpose.
Attack Analysis
IDS: Database Port Scan
Suricata detected this IP scanning database ports (MySQL, PostgreSQL, Redis, MongoDB). This is reconnaissance to find exposed database services for direct exploitation or credential brute-force. Database ports should never be reachable from the internet.
Reports (1)
| Date | Severity | Description |
|---|---|---|
| 3 Jun 2026 - 17:30 | high | IDS: Database port scan |
EagleEye Intelligence