← Back to feed

AS36352 HostPapa

ASN Active medium
Why this campaign was detected
21 IPs from the same network (HostPapa, AS36352) were active during overlapping time periods. Temporal correlation across a shared autonomous system suggests infrastructure controlled by the same entity.
Primary ASN
AS36352 · HostPapa
Subnet
Country
πŸ‡ΊπŸ‡Έ US
Cloud Provider
Member Count
21 IPs
Below average
Total Events
9565
Below average by volume
Started / Ended
2026-02-19 17:38 — ongoing
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Execution
Credential Access
Discovery
Command and Control
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
192.129.155.134 credential_harvester 67% 1x OSINT 656 2 ssh:bruteforce β€” 2026-07-17 05:31 evidence →
107.173.85.94 interactive_operator 65% 1x OSINT 186 2 ssh:bruteforce β€” 2026-07-17 05:27 evidence →
107.172.43.175 credential_harvester 55% 1x OSINT 763 1 ssh:bruteforce β€” 2026-07-15 14:10 evidence →
192.3.251.33 credential_harvester 55% 1x OSINT 664 1 ssh:bruteforce β€” 2026-07-15 17:03 evidence →
172.245.225.106 credential_harvester 53% 1x OSINT 1102 2 ssh:bruteforce β€” 2026-07-17 09:27 evidence →
23.94.92.98 credential_harvester 53% 1x OSINT 878 2 ssh:bruteforce β€” 2026-07-17 11:19 evidence →
23.94.200.194 credential_harvester 53% 1x OSINT 504 2 ssh:bruteforce β€” 2026-07-17 22:37 evidence →
107.173.122.15 credential_harvester 53% 1x OSINT 522 2 ssh:bruteforce β€” 2026-07-17 16:07 evidence →
96.8.116.34 credential_harvester 53% 1x OSINT 633 2 ssh:bruteforce β€” 2026-07-17 10:38 evidence →
107.175.34.109 scanner 49% 1x OSINT 26 2 ssh:bruteforce β€” 2026-07-15 20:51 evidence →
23.95.20.168 credential_harvester 48% 1x OSINT 622 2 ssh:bruteforce β€” 2026-07-14 22:43 evidence →
23.95.67.200 credential_harvester 47% 1x OSINT 202 2 ssh:bruteforce β€” 2026-07-15 13:27 evidence →
23.94.112.16 opportunistic_bruter 46% 1x OSINT 23 1 ssh:bruteforce β€” 2026-07-13 15:23 evidence →
107.173.146.37 credential_harvester 44% 1x OSINT 154 2 ssh:bruteforce β€” 2026-07-14 03:43 evidence →
198.46.134.148 credential_harvester 42% 1388 2 ssh:bruteforce β€” 2026-07-14 00:42 evidence →
192.3.145.26 credential_harvester 40% 560 2 ssh:bruteforce β€” 2026-07-13 13:07 evidence →
23.94.104.251 credential_harvester 40% 90 2 ssh:bruteforce β€” 2026-07-15 05:15 evidence →
107.172.88.206 credential_harvester 39% 476 2 ssh:bruteforce β€” 2026-07-13 03:22 evidence →
172.245.12.80 opportunistic_bruter 39% 30 2 ssh:bruteforce β€” 2026-07-14 05:51 evidence →
192.3.153.213 credential_harvester 34% 84 2 ssh:bruteforce β€” 2026-07-12 01:13 evidence →
192.3.154.47 web_probe 26% 2 1 http:scan β€” 2026-07-17 15:12 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds