Threat LevelHIGH54/1002 rule types across 2 attack categories
7 incidents on record · multi-vector: SSH, web scanning · active over 8 days · last seen 1d ago
| PTR | scan-90-0.shadowserver.org |
| Org / ASN | The Shadow Server Foundation |
| Country | 🇺🇸 United States |
| City | Minneapolis, Minnesota |
| Timezone | America/Chicago |
Attack Analysis
Port 22 Honeypot Probe
This IP connected to a fake SSH honeypot — a port 22 listener that is not a real SSH server. This is an automated scanner fingerprinting targets before launching a brute-force campaign. Legitimate systems never probe port 22 without a specific reason; this activity is virtually 100% malicious.
Git Repository Exposure Probe
This IP requested the /.git/ directory, attempting to download source code, commit history, database credentials, and API keys from an accidentally exposed Git repository. Automated tools can reconstruct an entire codebase from an exposed .git folder. No legitimate client ever requests this path.
Reports (7)
| Date | Severity | Description |
|---|---|---|
| 31 May 2026 - 14:57 | medium | Rule 100570: Network: Port 22 honeypot probe |
| 31 May 2026 - 03:43 | medium | Rule 100570: Network: Port 22 honeypot probe |
| 30 May 2026 - 13:37 | medium | Rule 100570: Network: Port 22 honeypot probe |
| 30 May 2026 - 02:34 | high | Rule 100312: Web: Git repo exposure probe |
| 30 May 2026 - 02:04 | medium | Rule 100570: Network: Port 22 honeypot probe |
| 27 May 2026 - 15:41 | medium | Rule 100570: Network: Port 22 honeypot probe |
| 23 May 2026 - 16:34 | medium | Rule 100570: Network: Port 22 honeypot probe |