Summary (Bottom Line Up Front)
Threat actor operating from IP 44.220.188.92 conducted an intensive HTTPS scanning campaign on March 26, 2026, generating over 2,000 connection attempts within a 2-minute window targeting a single port. This represents a HIGH threat level indicative of automated reconnaissance or potential application-layer attack preparation. Immediate blocking and enhanced monitoring of HTTPS traffic is recommended.
Activity Timeline
INITIAL REPORT2026-03-26T15:12:40Z
Source: Analyst Manual Entry
Threat actor operating from IP 44.220.188.92 conducted an intensive HTTPS scanning campaign on March 26, 2026, generating over 2,000 connection attempts within a 2-minute window targeting a single port. This represents a HIGH threat level indicative of automated reconnaissance or potential application-layer attack preparation. Immediate blocking and enhanced monitoring of HTTPS traffic is recommended.
Technical details
Attack Vector: Concentrated HTTPS scanning with TLS version enumeration (TLS 1.0, TLS 1.2+)
Volume: 2,083 events over 2-minute duration (04:00-05:00 UTC)
Protocols: TCP SYN scanning escalated to full TLS handshake attempts
Target Profile: Single destination port suggesting specific service targeting
MITRE ATT&CK Mapping: T1046 (Network Service Scanning), T1595.002 (Active Scanning: Vulnerability Scanning)
Behavioral Analysis: Extremely high request rate indicates automated tooling, likely vulnerability scanner or exploit framework
IOCs: 44.220.188.92 (source IP)
IOCs
IP:44.220.188.92
Recommendations
- Block IP 44.220.188.92 at perimeter firewalls and web application firewalls immediately
- Enable enhanced logging for TLS handshake attempts and monitor for similar high-frequency connection patterns
- Review and harden TLS configurations to disable legacy protocols (TLS 1.0) if still supported
- Implement rate limiting on HTTPS endpoints to prevent similar reconnaissance attempts
- Monitor for follow-on activity from related IP ranges and similar scanning patterns targeting the same service port