Summary (Bottom Line Up Front)
Host 185.180.141.47 (Zenlayer Inc/AS21859) conducted low-severity reconnaissance activities against infrastructure from February 24 02:00 to March 12 10:00, 2026. The activity involved automated scanning across multiple protocols with focus on SMB services, consistent with network enumeration rather than active exploitation. Network defenders should implement standard monitoring posture while remaining alert for potential escalation.
Activity Timeline
INITIAL REPORT2026-03-14T17:51:39Z
Source: batch_hunting
Host 185.180.141.47 (Zenlayer Inc/AS21859) conducted low-severity reconnaissance activities against infrastructure from February 24 02:00 to March 12 10:00, 2026. The activity involved automated scanning across multiple protocols with focus on SMB services, consistent with network enumeration rather than active exploitation. Network defenders should implement standard monitoring posture while remaining alert for potential escalation.
Technical details
- Source: 185.180.141.47 (US-based, Zenlayer Inc hosting, AbuseIPDB score 100/100)
- Activity Window: 16-day campaign with 61 total events
- Protocols Observed: HTTP, HTTPS, TLS (1.0, 1.2+), Modbus, TCP/SYN, SMB
- Primary Technique: Network Service Scanning (T1046 - Discovery)
- Attack Patterns: SMB version 1 usage detection (2 instances, medium severity)
- Kill Chain Phase: Reconnaissance
- Assessment: Automated scanning/fingerprinting with binary payloads, low exploitation probability
IOCs
IP:185.180.141.47
ASN:21859
COUNTRY:US
Recommendations
- Block traffic from 185.180.141.47 at perimeter firewalls and update threat intelligence feeds
- Disable SMBv1 protocol across all Windows systems and network shares if not already completed
- Enable enhanced logging for SMB, HTTP, and TLS connections to detect similar reconnaissance patterns
- Review and harden services running on the two targeted destination ports identified during this campaign
- Implement network segmentation to limit lateral movement potential from internet-facing services