IP address 65.49.1.80 conducted a sustained multi-protocol reconnaissance campaign from February 21 to April 27, 2026, targeting industrial control systems, network infrastructure, and enterprise services across 14 unique ports with 135 recorded events. The threat is assessed as HIGH severity due to…
IP address 65.49.1.192 conducted sustained reconnaissance activities over 53 days (March-April 2026) targeting FortiGate appliances and industrial control systems using IEC-104 protocol probes. This represents a MEDIUM threat level with potential critical infrastructure targeting. Organizations shou…
IP address 65.49.1.108 conducted a 41-day reconnaissance campaign from March 8-April 18, 2026, targeting industrial control systems and network infrastructure across 14 unique ports using multiple protocols including S7comm, RDP, and Fortinet device probes. Despite the broad attack surface and ICS t…
External IP address 65.49.1.132 conducted sustained reconnaissance activities from February 21 to April 18, 2026, targeting enterprise infrastructure including FortiGate appliances, industrial control systems, and network services across 13 unique ports. Assessment indicates LOW threat severity with…
IP address 65.49.1.152 conducted sustained reconnaissance activities from March 15 to April 17, 2026, targeting multiple protocols including FortiGate infrastructure, Oracle databases, IoT devices, and Kubernetes clusters across 59 observed events. Assessment indicates LOW threat level with medium c…
IP address 66.132.153.123 conducted automated reconnaissance against FortiGate appliances and industrial control systems over a 12-day period from March 4-16, 2026. This represents medium-severity preparatory activity for potential follow-on attacks against network security infrastructure and ICS en…
Threat actor at 65.49.20.69 conducted sustained multi-protocol reconnaissance targeting FortiGate appliances, industrial control systems, and IoT devices over 54 days from February 21 to April 15, 2026. Activity demonstrates medium-severity threat with focus on critical infrastructure enumeration ac…
IP address 64.62.197.122 conducted sustained reconnaissance against network infrastructure and industrial control systems over a 52-day period from February 19 to April 11, 2026, generating 58 security events. The activity primarily targeted FortiGate and Palo Alto security appliances alongside Modb…
IP address 65.49.1.66 conducted sustained multi-protocol reconnaissance targeting industrial control systems, network infrastructure, and enterprise services over a 6-week period from February 25 to April 6, 2026. The activity demonstrates medium-risk threat behavior with 62 recorded events spanning…
A single threat actor (152.32.149.19) conducted targeted reconnaissance against Fortinet infrastructure on March 4, 2026, between 17:00-18:00 UTC, generating 148 malicious events focused on FortiGate device enumeration and login page discovery. The activity represents a MEDIUM threat level indicati…
Hong Kong-based IP address 43.132.207.18 conducted 147 reconnaissance attempts against FortiGate infrastructure between March 9-20, 2026, employing automated scanning techniques to probe for vulnerabilities and access points. This activity represents a LOW severity threat with moderate confidence, …
A Hong Kong-based threat actor (199.45.155.98) conducted focused reconnaissance against FortiGate infrastructure on 2026-03-17 around 07:00, generating 78 attack events within a one-hour window. This represents an active exploitation phase with medium threat level targeting network security applian…
IP address 66.132.153.127 conducted an 11-day reconnaissance campaign from March 1-12, 2026, targeting Fortinet appliances and SMTP services with 141 recorded events. The threat actor demonstrates medium-severity scanning behavior focused on network infrastructure enumeration. Organizations should …
Malicious activity detected from 172.235.168.35 (NL, AS63949). 2503 events observed across HTTP, Java-RMI, MQTT, Modbus, Oracle/TNS. AI verdict: HIGH.