Summary (Bottom Line Up Front)
IP address 98.80.4.97 conducted a high-volume attack campaign generating 2,239 events within a 2-hour window on March 25, 2026, targeting HTTPS services. This represents a concentrated, automated attack with moderate threat level due to the focused nature and encryption protocol targeting. Immediate blocking and enhanced HTTPS monitoring are recommended.
Activity Timeline
INITIAL REPORT2026-03-26T15:10:57Z
Source: Analyst Manual Entry
IP address 98.80.4.97 conducted a high-volume attack campaign generating 2,239 events within a 2-hour window on March 25, 2026, targeting HTTPS services. This represents a concentrated, automated attack with moderate threat level due to the focused nature and encryption protocol targeting. Immediate blocking and enhanced HTTPS monitoring are recommended.
Technical details
- Attack Volume: 2,239 events concentrated within 2 hours (21:00-23:00 UTC, March 25, 2026)
- Protocols Observed: TCP, TLS 1.0, TLS 1.2+, HTTPS with SYN-based reconnaissance
- Attack Pattern: Single destination port targeting suggests focused service exploitation attempt
- MITRE ATT&CK Mapping: T1595.002 (Active Scanning: Vulnerability Scanning), T1190 (Exploit Public-Facing Application)
- IOCs: 98.80.4.97 (source IP), concentrated burst pattern over HTTPS
- Infrastructure: No reverse DNS resolution, non-VPN residential/business connection
IOCs
IP:98.80.4.97
Recommendations
- Block IP address 98.80.4.97 at perimeter firewalls and web application firewalls immediately
- Enhance monitoring for high-volume HTTPS connection attempts from single sources within short timeframes
- Review HTTPS service configurations and ensure latest TLS versions are enforced with deprecated protocols disabled
- Implement rate limiting on HTTPS endpoints to prevent similar concentrated attack patterns
- Correlate this IP with existing threat feeds and monitor for related infrastructure or attack patterns