Threat LevelHIGH60/1002 rule types across 2 attack categories
3 incidents on record · 2 rule types · active attacker + blocklisted · last seen 11d ago · known internet scanner
| PTR | scan-18f.shadowserver.org |
| Org / ASN | The Shadow Server Foundation |
| Country | 🇺🇸 United States |
| City | Pleasanton, California |
| Timezone | America/Los_Angeles |
Internet ScannerShadowserver
Shadowserver Foundation — non-profit security research org running large-scale internet scans to map vulnerable and misconfigured systems. Scans are broadly distributed across many sensors. All unsolicited scanning probes are treated as hostile traffic on this network regardless of stated purpose.
Attack Analysis
IDS: Threat Intel — CINS Active Threat
This IP appears in the CINS (Collective Intelligence Network Security) Active Threat Intelligence feed — a real-time blocklist of IPs with poor reputation scores derived from observed malicious activity. CINS-listed IPs are actively engaged in attacks at the time of detection.
Suricata IDS Alert
Suricata intrusion detection flagged this IP for malicious network behaviour — including port scanning, exploit attempts, botnet activity, or known attack signatures. The specific signature is shown in the report list below.
Reports (3)
| Date | Severity | Description |
|---|---|---|
| 11 Jun 2026 - 03:54 | high | IDS: Threat Intel — CINS poor reputation IP — ET CINS Active Threat Intelligence Poor Reputation IP group 114 |
| 11 Jun 2026 - 03:54 | medium | IDS: Suricata alert — Honeypot: probe to closed SSH port 22 |
| 11 Jun 2026 - 03:54 | high | IDS: Threat Intel — CINS poor reputation IP |
EagleEye Intelligence