IntrusionLabs IntrusionLabs
← Back to feed

Subnet 65.49.1.0/24

SUBNET Active high
Why this campaign was detected
17 IPs from the same /24 subnet (65.49.1.0/24) were observed attacking our sensors within the same time window. All belong to Hurricane Electric LLC (AS6939). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS6939 · Hurricane Electric LLC
Subnet
65.49.1.0/24
Country
πŸ‡ΊπŸ‡Έ US
Cloud Provider
Member Count
17 IPs
Below average
Total Events
157
Below average by volume
Started / Ended
2026-02-19 01:28 — ongoing
Attack Types
http:scan ssh:bruteforce
MITRE ATT&CK Techniques
Reconnaissance
T1595 T1595.002
Initial Access
T1190
Credential Access
T1110 T1110.001
Discovery
T1046
Member Actors
IP Address Behavior Confidence Flags Events Agents Attack Types Hostname Last Seen
65.49.1.232 scanner 67% 1x OSINT 30 3 http:scanssh:bruteforce β€” 2026-05-14 06:23 evidence →
65.49.1.202 scanner 66% 1x OSINT 19 3 http:scanssh:bruteforce β€” 2026-05-14 09:53 evidence →
65.49.1.80 scanner 61% 1x OSINT 22 3 http:scanssh:bruteforce β€” 2026-05-11 10:08 evidence →
65.49.1.142 scanner 59% 1x OSINT 22 3 http:scanssh:bruteforce β€” 2026-05-10 00:05 evidence →
65.49.1.132 scanner 50% 1x OSINT 10 2 http:scanssh:bruteforce β€” 2026-05-14 08:29 evidence →
65.49.1.208 web_probe 49% 1x OSINT 5 2 http:scanssh:bruteforce β€” 2026-05-14 09:53 evidence →
65.49.1.212 scanner 41% 1x OSINT 14 2 http:scanssh:bruteforce β€” 2026-05-09 01:26 evidence →
65.49.1.211 scanner 31% 1x OSINT 8 2 ssh:bruteforce β€” 2026-05-09 15:46 evidence →
65.49.1.236 web_probe 30% 1x OSINT 1 1 http:scan β€” 2026-05-14 06:23 evidence →
65.49.1.205 scanner 30% 1x OSINT 4 1 ssh:bruteforce β€” 2026-05-12 19:33 evidence →
65.49.1.101 web_probe 29% 1x OSINT 1 1 http:scan β€” 2026-05-13 03:16 evidence →
65.49.1.109 scanner 29% 1x OSINT 4 1 ssh:bruteforce β€” 2026-05-12 13:45 evidence →
65.49.1.193 scanner 29% 1x OSINT 4 1 ssh:bruteforce β€” 2026-05-14 00:53 evidence →
65.49.1.107 scanner 29% 1x OSINT 4 1 ssh:bruteforce β€” 2026-05-14 00:51 evidence →
65.49.1.91 web_probe 25% 1x OSINT 1 1 http:scan β€” 2026-05-11 10:07 evidence →
65.49.1.175 scanner 23% 1x OSINT 4 1 ssh:bruteforce β€” 2026-05-11 00:41 evidence →
65.49.1.169 scanner 22% 1x OSINT 4 1 ssh:bruteforce β€” 2026-05-10 05:40 evidence →
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds