IntrusionLabs / threat intelligence

Sign in

← Back to feed

85.217.149.0

TAGGED SUSPICIOUS how we decide →

Threat Confidence

54%

Location

🇨🇦 CA / Beauharnois

ASN

AS209334 · Modat B.V.

Cloud Provider

—

Total Events

6

Below average by volume

Agent Count

2

First / Last Seen

2026-04-23 22:34 — 2026-05-28 20:43

Attack Types

http:scan ssh:bruteforce

MITRE ATT&CK Techniques

Reconnaissance

T1595 T1595.002

Initial Access

T1190

Credential Access

T1110 T1110.001

Discovery

T1046

External Corroboration

CINS Army

Reported 2026-05-28 23:05

cins:bad_reputation

DShield Top Attackers

Reported 2026-05-28 23:01

dshield:top_attacker

Campaigns

Multi-Agent Scan SCAN Active medium

85 IPs 78191 events

2026-05-23 — ongoing · 85 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on AWS. Scanning the same …

Multi-Agent Scan SCAN Active medium

79 IPs 175108 events

2026-05-11 — ongoing · 79 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

41 IPs 10977 events

2026-05-11 — ongoing · 41 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Azure. Scanning the same …

Multi-Agent Scan SCAN Active medium

77 IPs 173342 events

2026-04-23 — ongoing · 77 IPs independently targeted the same honeypot sensors within a 24-hour window. Scanning the same targets in close …

Multi-Agent Scan SCAN Active medium

65 IPs 57199 events

2026-03-02 — ongoing · 65 IPs independently targeted the same honeypot sensors within a 24-hour window. Hosted on Azure. Scanning the same …

Subnet 85.217.149.0/24 SUBNET Active high 🇨🇦 CA

13 IPs 106 events

http:scanssh:bruteforce

2026-02-16 — ongoing · 13 IPs from the same /24 subnet (85.217.149.0/24) were observed attacking our sensors within the same time window. …

Session Forensics

scanner ×1 web_probe ×2

Sessions

3

Avg Depth Score

0.22

Commands Executed

0

Files Downloaded

0

Fingerprints

HASSH

bc3aee897af7d3feb9fc37b89c7d15c9

SSH Client

SSH-2.0-Go

Evidence Timeline

Web Probe bd6d41e8ebaefc9d newark_01 · 2026-05-28 20:43

25%

Loading events...

Web Probe ba99852d3444830d w4m_singapore_01 · 2026-05-22 20:02

25%

Loading events...

Scanner 8e49dc91aa2f w4m_singapore_01 · 2026-04-23 22:34

15%

Loading events...

Non-Session Events

Timestamp	Port	Proto	Event	Source	Location
2026-05-28 20:43:01	:80	http	HTTP GET request	opencanary	ewr
2026-05-22 20:02:34	:80	http	HTTP GET request	opencanary	sin