Threat LevelCRITICAL88/1003 rule types across 3 attack categories
14 incidents · 3 rule types · active attacker + blocklisted · persistent 9-day campaign · seen 1h ago · bulletproof hosting
| PTR | N/A |
| Org / ASN | Cloud Innovation Ltd |
| Country | 🇸🇪 Sweden |
| City | Stockholm, Stockholm County |
| Timezone | Europe/Stockholm |
Abused IP ResellerCloud Innovation Ltd
Cloud Innovation Ltd is a Swedish IP-block reseller that delegates address space to downstream customers globally. Its netblocks have been independently flagged by both CINS Army (active threat intelligence) and DShield (SANS honeypot network), indicating sustained port-scanning and SSH brute-force activity. Abuse complaints appear to go effectively unaddressed, with customers operating dedicated scanning infrastructure.
Attack Analysis
IDS: Blocklist — Dshield
This IP was reported to the DShield community blocklist by multiple independent security sensors worldwide. DShield aggregates firewall logs from thousands of contributors; IPs on this list are confirmed active attackers observed across many networks.
IDS: Threat Intel — CINS Active Threat
This IP appears in the CINS (Collective Intelligence Network Security) Active Threat Intelligence feed — a real-time blocklist of IPs with poor reputation scores derived from observed malicious activity. CINS-listed IPs are actively engaged in attacks at the time of detection.
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
Reports (14)
| Date | Severity | Description |
|---|---|---|
| 15 Jun 2026 - 05:52 | high | IDS: Blocklist — Dshield listed IP — ET DROP Dshield Block Listed Source group 1 |
| 15 Jun 2026 - 05:52 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 15 Jun 2026 - 05:52 | high | IDS: Threat Intel — CINS poor reputation IP — ET CINS Active Threat Intelligence Poor Reputation IP group 62 |
| 15 Jun 2026 - 03:44 | high | IDS: Threat Intel — CINS poor reputation IP |
| 15 Jun 2026 - 03:44 | medium | IDS: Suricata alert — ET COMPROMISED Known Compromised or Hostile Host Traffic group 16 |
| 15 Jun 2026 - 03:44 | high | IDS: Threat Intel — CINS poor reputation IP — ET CINS Active Threat Intelligence Poor Reputation IP group 57 |
| 12 Jun 2026 - 12:27 | high | IDS: Blocklist — Dshield listed IP — ET DROP Dshield Block Listed Source group 1 |
| 12 Jun 2026 - 12:27 | high | IDS: Threat Intel — CINS poor reputation IP — ET CINS Active Threat Intelligence Poor Reputation IP group 62 |
| 9 Jun 2026 - 23:00 | high | IDS: Threat Intel — CINS poor reputation IP — ET CINS Active Threat Intelligence Poor Reputation IP group 62 |
| 9 Jun 2026 - 23:00 | high | IDS: Blocklist — Dshield listed IP — ET DROP Dshield Block Listed Source group 1 |
| 8 Jun 2026 - 14:37 | high | IDS: Blocklist — Dshield listed IP — ET DROP Dshield Block Listed Source group 1 |
| 8 Jun 2026 - 14:37 | high | IDS: Threat Intel — CINS poor reputation IP — ET CINS Active Threat Intelligence Poor Reputation IP group 62 |
| 6 Jun 2026 - 12:05 | high | IDS: Blocklist — Dshield listed IP — ET DROP Dshield Block Listed Source group 1 |
| 6 Jun 2026 - 12:05 | high | IDS: Threat Intel — CINS poor reputation IP — ET CINS Active Threat Intelligence Poor Reputation IP group 62 |
EagleEye Intelligence