Our sensors detected sustained automated probe activity from IP 79.124.62.134 (Bulgaria/AS207812) between April 1-June 9, 2026, targeting multiple network services including MySQL. This appears to be low-sophistication scanning traffic from known malicious infrastructure with minimal immediate threa…
Malicious activity detected from 93.123.109.127 (NL, AS48090). 629 events observed across SMTP, TCP. AI verdict: NOISE.
An IP address from Düsseldorf, Germany (178.16.54.22) has been observed engaging in credential capture attempts and SMTP probing over a three-day period. The activity is assessed as noise but warrants attention due to the high volume of login attempts. Network defenders should implement or review th…
Malicious activity detected from 62.60.130.169 (LT, AS59441). 237156 events observed across SMTP, TCP. AI verdict: NOISE.
A low-severity TCP-based reconnaissance event was detected from IP 78.128.112.215 targeting port 8080. No exploit payloads or CVE-specific activity were observed. Network defenders should capture PCAP data and apply rate-limiting measures if the scanning persists. ###
A suspicious IP address (130.12.180.65) from Germany has been observed conducting reconnaissance and potential exploitation attempts targeting TCP port 5555 associated with Android Debug Bridge (ADB). The threat level is assessed as MEDIUM, indicating a need for network defenders to investigate and …
Malicious activity detected from 185.150.191.165 (US, AS23470). 4719 events observed across HTTP, HTTPS, TCP, TCP/SYN, TLS. AI verdict: NOISE.
IP address 66.132.172.138 conducted extensive multi-protocol reconnaissance over 42 days (April 2-May 14, 2026), generating 667 security events targeting industrial control systems, Kubernetes infrastructure, and network services. Despite high-severity exploit signatures, this activity is assessed a…
Malicious activity detected from 45.205.1.8 (BR, ASNone). 4652 events observed across ADB, HTTP, TCP, TCP/SYN, TLS. AI verdict: NOISE.
An IP address from Germany (45.135.194.83) has been observed conducting repeated ADB connection attempts and exploit activities over a two-month period. The threat level is assessed as low due to the lack of malicious payloads or unusual behavior, but network defenders should remain vigilant. ###
Malicious activity detected from 66.132.172.16 (US, ASNone). 875 events observed across BACnet, EtherNet/IP, TCP, TCP/SYN. AI verdict: NOISE.
IP address 178.16.54.237 (Netherlands/dus.net GmbH) conducted sustained SMTP reconnaissance and credential capture attempts against organizational infrastructure from April 29 00:00 to May 4 18:00. The source IP maintains a 100/100 AbuseIPDB reputation score and is listed on Spamhaus DROP, indicatin…
High-severity threat activity detected from Brazilian cloud infrastructure (45.205.1.27) conducting systematic reconnaissance and exploitation attempts against multiple network services from April 2nd through April 29th, 2026. The source IP maintains a maximum malicious reputation score and demonstr…
IP address 65.49.1.80 conducted a sustained multi-protocol reconnaissance campaign from February 21 to April 27, 2026, targeting industrial control systems, network infrastructure, and enterprise services across 14 unique ports with 135 recorded events. The threat is assessed as HIGH severity due to…
IP address 65.49.1.192 conducted sustained reconnaissance activities over 53 days (March-April 2026) targeting FortiGate appliances and industrial control systems using IEC-104 protocol probes. This represents a MEDIUM threat level with potential critical infrastructure targeting. Organizations shou…
IP address 66.132.172.182 conducted an extensive 32-day scanning campaign from March 25 to April 26, 2026, targeting multiple protocols including industrial control systems, Kubernetes infrastructure, and enterprise services. Despite generating 490 security events across 8 destination ports, this ac…
Russian-origin IP address 81.29.142.100 conducted a sustained multi-protocol reconnaissance campaign targeting industrial control systems, databases, and enterprise services over a 68-day period from February to April 2026. The attacker demonstrated particular focus on MQTT messaging systems and Ora…
Malicious activity detected from 119.23.110.193 (CN, AS37963). 20371 events observed across SSH, TCP, TCP/SYN, TLS. AI verdict: NOISE.
Threat actor operating from 104.243.34.165 conducted an 18-day reconnaissance campaign targeting hidden environment files and multiple network services, generating 2,504 malicious events between April 4-22, 2026. The activity demonstrates systematic information gathering techniques consistent with c…
IP address 66.132.172.198 conducted a 24-day reconnaissance and exploitation campaign from March 24 to April 17, 2026, targeting industrial control systems (S7comm), SMB services, and network infrastructure across multiple protocols. The threat is assessed as LOW severity with 85% confidence, repres…