← Back to feed

Subnet 65.49.1.0/24

SUBNET Active high
Why this campaign was detected
15 IPs from the same /24 subnet (65.49.1.0/24) were observed attacking our sensors within the same time window. All belong to Hurricane Electric LLC (AS6939). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS6939 · Hurricane Electric LLC
Subnet
65.49.1.0/24
Country
πŸ‡ΊπŸ‡Έ US
Cloud Provider
Member Count
15 IPs
Below average
Total Events
358
Below average by volume
Started / Ended
2026-02-19 01:28 — ongoing
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
Initial Access
Credential Access
Discovery
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
65.49.1.222 scanner 67% 1x OSINT 37 3 http:scanssh:bruteforce β€” 2026-07-17 13:28 evidence →
65.49.1.202 scanner 66% 1x OSINT 41 3 http:scanssh:bruteforce β€” 2026-07-17 00:06 evidence →
65.49.1.142 scanner 63% 1x OSINT 54 3 http:scanssh:bruteforce β€” 2026-07-15 01:55 evidence →
65.49.1.192 scanner 61% 1x OSINT 44 3 http:scanssh:bruteforce β€” 2026-07-14 02:55 evidence →
65.49.1.122 scanner 60% 1x OSINT 49 3 http:scanssh:bruteforce β€” 2026-07-13 04:50 evidence →
65.49.1.182 scanner 57% 1x OSINT 38 3 http:scanssh:bruteforce β€” 2026-07-12 07:56 evidence →
65.49.1.212 scanner 57% 1x OSINT 37 3 http:scanssh:bruteforce β€” 2026-07-12 04:58 evidence →
65.49.1.80 web_probe 57% 1x OSINT 33 3 http:scanssh:bruteforce β€” 2026-07-12 06:06 evidence →
65.49.1.21 web_probe 44% 1x OSINT 5 2 http:scanssh:bruteforce β€” 2026-07-15 00:03 evidence →
65.49.1.23 web_probe 40% 1x OSINT 2 2 http:scan β€” 2026-07-17 11:42 evidence →
65.49.1.40 web_probe 38% 1x OSINT 8 2 http:scanssh:bruteforce β€” 2026-07-11 11:53 evidence →
65.49.1.187 web_probe 38% 1x OSINT 7 2 http:scanssh:bruteforce β€” 2026-07-11 09:01 evidence →
65.49.1.110 web_probe 29% 1x OSINT 1 1 http:scan β€” 2026-07-16 00:04 evidence →
65.49.1.82 web_probe 20% 1x OSINT 1 1 http:scan β€” 2026-07-12 06:04 evidence →
65.49.1.127 web_probe 19% 1x OSINT 1 1 http:scan β€” 2026-07-11 11:52 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds