← Back to feed
Subnet 65.49.1.0/24
SUBNET Active highWhy this campaign was detected
15 IPs from the same /24 subnet (65.49.1.0/24) were observed attacking our sensors within the same time window. All belong to Hurricane Electric LLC (AS6939). Concentrated activity from adjacent IPs is a strong indicator of a single operator or coordinated botnet.
Primary ASN
AS6939 · Hurricane Electric LLC
Subnet
65.49.1.0/24
Country
πΊπΈ US
Cloud Provider
—
Member Count
15 IPs
Below average
Total Events
358
Below average by volume
Started / Ended
2026-02-19 01:28 — ongoing
Attack Types
MITRE ATT&CK Techniques
Initial Access
Discovery
Member Actors
| IP Address | Behavior | Confidence | Flags | Events | Agents | Attack Types | Hostname | Last Seen | |
|---|---|---|---|---|---|---|---|---|---|
| 65.49.1.222 | scanner | 67% | 1x OSINT | 37 | 3 | http:scanssh:bruteforce | β | 2026-07-17 13:28 | evidence → |
| 65.49.1.202 | scanner | 66% | 1x OSINT | 41 | 3 | http:scanssh:bruteforce | β | 2026-07-17 00:06 | evidence → |
| 65.49.1.142 | scanner | 63% | 1x OSINT | 54 | 3 | http:scanssh:bruteforce | β | 2026-07-15 01:55 | evidence → |
| 65.49.1.192 | scanner | 61% | 1x OSINT | 44 | 3 | http:scanssh:bruteforce | β | 2026-07-14 02:55 | evidence → |
| 65.49.1.122 | scanner | 60% | 1x OSINT | 49 | 3 | http:scanssh:bruteforce | β | 2026-07-13 04:50 | evidence → |
| 65.49.1.182 | scanner | 57% | 1x OSINT | 38 | 3 | http:scanssh:bruteforce | β | 2026-07-12 07:56 | evidence → |
| 65.49.1.212 | scanner | 57% | 1x OSINT | 37 | 3 | http:scanssh:bruteforce | β | 2026-07-12 04:58 | evidence → |
| 65.49.1.80 | web_probe | 57% | 1x OSINT | 33 | 3 | http:scanssh:bruteforce | β | 2026-07-12 06:06 | evidence → |
| 65.49.1.21 | web_probe | 44% | 1x OSINT | 5 | 2 | http:scanssh:bruteforce | β | 2026-07-15 00:03 | evidence → |
| 65.49.1.23 | web_probe | 40% | 1x OSINT | 2 | 2 | http:scan | β | 2026-07-17 11:42 | evidence → |
| 65.49.1.40 | web_probe | 38% | 1x OSINT | 8 | 2 | http:scanssh:bruteforce | β | 2026-07-11 11:53 | evidence → |
| 65.49.1.187 | web_probe | 38% | 1x OSINT | 7 | 2 | http:scanssh:bruteforce | β | 2026-07-11 09:01 | evidence → |
| 65.49.1.110 | web_probe | 29% | 1x OSINT | 1 | 1 | http:scan | β | 2026-07-16 00:04 | evidence → |
| 65.49.1.82 | web_probe | 20% | 1x OSINT | 1 | 1 | http:scan | β | 2026-07-12 06:04 | evidence → |
| 65.49.1.127 | web_probe | 19% | 1x OSINT | 1 | 1 | http:scan | β | 2026-07-11 11:52 | evidence → |
VPN Known VPN or proxy provider
DROP ASN on Spamhaus DROP list
Nx OSINT Corroborated by N external threat feeds