66.132.186.246

Threat LevelHIGH42/1001 rule type
30 recorded incidents · active over 9 days · seen 6h ago
PTR 246.186.132.66.censys-scanner.com
Country CA

Attack Analysis

Port 22 Honeypot Probe
This IP connected to a fake SSH honeypot — a port 22 listener that is not a real SSH server. This is an automated scanner fingerprinting targets before launching a brute-force campaign. Legitimate systems never probe port 22 without a specific reason; this activity is virtually 100% malicious.

Reports (30)

Date Severity Description
1 Jun 2026 - 17:26 medium Rule 100570: Network: Port 22 honeypot probe
1 Jun 2026 - 09:03 medium Rule 100570: Network: Port 22 honeypot probe
1 Jun 2026 - 07:47 medium Rule 100570: Network: Port 22 honeypot probe
1 Jun 2026 - 04:53 medium Rule 100570: Network: Port 22 honeypot probe
1 Jun 2026 - 02:14 medium Rule 100570: Network: Port 22 honeypot probe
1 Jun 2026 - 02:14 medium Rule 100570: Network: Port 22 honeypot probe
31 May 2026 - 12:36 medium Rule 100570: Network: Port 22 honeypot probe
31 May 2026 - 12:36 medium Rule 100570: Network: Port 22 honeypot probe
31 May 2026 - 04:22 medium Rule 100570: Network: Port 22 honeypot probe
30 May 2026 - 11:46 medium Rule 100570: Network: Port 22 honeypot probe
29 May 2026 - 12:36 medium Rule 100570: Network: Port 22 honeypot probe
28 May 2026 - 21:35 medium Rule 100570: Network: Port 22 honeypot probe
28 May 2026 - 07:32 medium Rule 100570: Network: Port 22 honeypot probe
28 May 2026 - 04:39 medium Rule 100570: Network: Port 22 honeypot probe
28 May 2026 - 02:08 medium Rule 100570: Network: Port 22 honeypot probe
27 May 2026 - 23:53 medium Rule 100570: Network: Port 22 honeypot probe
27 May 2026 - 19:50 medium Rule 100570: Network: Port 22 honeypot probe
27 May 2026 - 13:38 medium Rule 100570: Network: Port 22 honeypot probe
27 May 2026 - 03:52 medium Rule 100570: Network: Port 22 honeypot probe
27 May 2026 - 01:47 medium Rule 100570: Network: Port 22 honeypot probe