Suspicious IP address? Check IP address with ELLIO Free IP Lookup!

Blog

Tag: Scanning

Scanning Clear filter
All Product Updates Technical Articles Threat/Vulnerability News
Digital network visualization with glowing blue and red connections overlaid with text "Sanctioned, Seized, Still Scanning - Inside a Russian Bulletproof Hosting Network Targeting the EU"
#CVE #Scanning
Threat/Vulnerability News

Sanctioned, Seized, Still Scanning: Inside a Russian Bulletproof Hosting Network Targeting the EU

On 18 May 2026, Dutch investigators seized more than 800 servers and broke up a hosting operation that prosecutors say powered Russian cyberattacks across the EU. We had spent the previous year watching the same network from the other side. After the seizure, the scanning did not stop.

ELLIO Threat Research Lab
ELLIO Threat Research Lab ·
ELLIO RECON IP Lists dashboard showing scanner IP counts from various security tools including Censys (600,784), Cortex Xpanse (4,611), BinaryEdge (2,279), and others with trend visualizations
#Scanning #IP Blocking
Product Updates

ELLIO expands with 10 new recon and scanner IP feeds

ELLIO Threat Intelligence & Blocklist Automation has been updated with 10 new scanner and recon IP address feeds. This improves detection and control of scanning activity at the network perimeter, enabling more accurate allow and block rules without manual IP range management.

ELLIO Product Team
ELLIO Product Team ·
ELLIO threat intelligence dashboard showing IP 178.16.53.51 flagged as malicious Mirai botnet from Amsterdam, with timeline of exploit attempts and port scanning activity detected between March 22-24, 2026.
#Scanning
Threat/Vulnerability News

[watchdog]: Inside a Mirai variant with six-layer persistence

An open directory is serving a Mirai variant across 14 CPU architectures - all updated yesterday. It kills competitors by SHA256 hash, persists through six layers, and hides as a kernel thread. Here's what's inside.

ELLIO Threat Research Lab
ELLIO Threat Research Lab ·
Screenshot of ELLIO threat intelligence interface showing malicious Docker API exploits from IPs 45.156.87.4 and 187.86.243.141, with security indicators and threat classification tags
#CVE #Scanning
Threat/Vulnerability News

What Gets Deployed via Exposed Docker APIs

Over 1,000 unique IPs scan for exposed Docker APIs every day. A fraction go further. We captured every container creation payload and classified them by monetization strategy.

ELLIO Threat Research Lab
ELLIO Threat Research Lab ·
ELLIO threat intelligence dashboard showing IP 93.123.109.205 from Amsterdam marked as malicious, with MITRE ATT&CK tactics, CVE vulnerabilities, and various exploit detectors including Setup.php, Jenkins, and SQL injection
#Network Fingerprints #Scanning #IP Blocking
Threat/Vulnerability News

Analyze everything or move straight to network-level blocking?

One IP. Four days. Nearly 900 user agents. Over 3,000 probes. Sometimes a single IP address tells you everything you need to know about how industrialized internet scanning has become.

ELLIO Community Team
ELLIO Community Team ·