External IP 185.247.137.206 conducted sustained multi-protocol reconnaissance targeting Oracle databases and industrial control systems over a 10-week period from February to April 2026. The campaign demonstrates medium-severity threat activity with 61 recorded events spanning database enumeration, …
IP address 66.132.172.182 conducted an extensive 32-day scanning campaign from March 25 to April 26, 2026, targeting multiple protocols including industrial control systems, Kubernetes infrastructure, and enterprise services. Despite generating 490 security events across 8 destination ports, this ac…
Russian-origin IP address 81.29.142.100 conducted a sustained multi-protocol reconnaissance campaign targeting industrial control systems, databases, and enterprise services over a 68-day period from February to April 2026. The attacker demonstrated particular focus on MQTT messaging systems and Ora…
IP address 85.217.140.37 conducted a sustained multi-protocol reconnaissance campaign from March 7 to April 20, 2026, targeting 16 unique ports across FTP, MQTT, Oracle, RDP, SMTP, and SSH services with 97 total events. This activity represents low-risk service discovery and enumeration rather than …
IP address 66.132.172.96 conducted extensive reconnaissance targeting industrial control systems and enterprise infrastructure between March 20-April 7, 2026, with 326 observed events focusing on Siemens S7, Modbus, Oracle, and Kubernetes protocols. This activity represents a HIGH threat level with …
IP address 85.217.140.53 conducted a sustained multi-protocol scanning campaign from March 11-28, 2026, targeting Oracle database, SSH, and Kubernetes services across 7 unique ports with 92 total events. Assessment indicates low-sophistication automated reconnaissance activity with minimal immediate…