Threat LevelHIGH55/1002 rule types across 2 attack categories
4 incidents on record · 2 rule types · confirmed on global blocklist · active over 6 days · last seen 6d ago · known internet scanner
| PTR | azpdssfpqoqu.stretchoid.com |
| Org / ASN | Microsoft Azure Cloud (southcentralus) |
| Country | 🇺🇸 United States |
| City | San Antonio, Texas |
| Timezone | America/Chicago |
Internet ScannerStretchoid
Stretchoid — internet-wide scanning project. All unsolicited scanning probes are treated as hostile traffic on this network regardless of stated purpose.
Attack Analysis
IDS: Database Port Scan
Suricata detected this IP scanning database ports (MySQL, PostgreSQL, Redis, MongoDB). This is reconnaissance to find exposed database services for direct exploitation or credential brute-force. Database ports should never be reachable from the internet.
IDS: Threat Intel — CINS Active Threat
This IP appears in the CINS (Collective Intelligence Network Security) Active Threat Intelligence feed — a real-time blocklist of IPs with poor reputation scores derived from observed malicious activity. CINS-listed IPs are actively engaged in attacks at the time of detection.
Reports (4)
| Date | Severity | Description |
|---|---|---|
| 14 Jun 2026 - 20:35 | high | IDS: Threat Intel — CINS poor reputation IP — ET CINS Active Threat Intelligence Poor Reputation IP group 32 |
| 14 Jun 2026 - 04:07 | high | IDS: Threat Intel — CINS poor reputation IP — ET CINS Active Threat Intelligence Poor Reputation IP group 32 |
| 9 Jun 2026 - 00:09 | high | IDS: Threat Intel — CINS poor reputation IP — ET CINS Active Threat Intelligence Poor Reputation IP group 32 |
| 9 Jun 2026 - 00:09 | high | IDS: Database port scan — ET SCAN Suspicious inbound to PostgreSQL port 5432 |
EagleEye Intelligence