External IP address 90.151.171.108 conducted sustained reconnaissance and CRLF injection attacks against web services from February 17 to April 16, 2026, generating 2,742 security events. The activity represents a MEDIUM threat level with moderate confidence, indicating potential preparation for web…
A Netherlands-based IP address (204.76.203.212) conducted sustained CRLF injection attacks against web infrastructure over a 29-day period from February 26 to March 27, 2026, generating 5,525 malicious events. Despite the high AbuseIPDB score (100/100), this activity is assessed as automated scannin…
Source IP 193.142.146.230 (Netherlands/ColocaTel Datacenter) conducted low-severity reconnaissance activities against authentication endpoints over a 16-day period from February 26 to March 14, 2026. The activity involved automated scanning using Go HTTP clients with limited credential testing atte…
A threat actor operating from Netherlands-based infrastructure (89.42.231.241) conducted a sustained CRLF injection campaign over a 4-day period from February 27-March 2, 2026. The activity demonstrates medium-level sophistication with 35 recorded events targeting web applications through HTTP resp…