Threat actors operating from Middlesex University infrastructure (158.94.210.190) conducted sustained SMTP reconnaissance activities between March 9-13, 2026, generating 2,944 malicious events with a 100/100 AbuseIPDB reputation score. Assessment indicates MEDIUM threat level reconnaissance activit…
A Windows Server 2012 R2 system at 178.16.54.15 (Netherlands/dus.net GmbH) conducted sustained SMTP reconnaissance activities over 72 hours targeting organizational mail infrastructure. The threat level is assessed as MEDIUM due to focused reconnaissance behavior with potential for escalation to ex…
Threat actor operating from Middlesex University network (158.94.211.49) conducted sustained SMTP reconnaissance against multiple targets from March 9-14, 2026, generating 4,593 malicious events. Assessment: MEDIUM threat level with potential for escalation to credential harvesting or phishing infr…
Internet-facing sensors observed targeted SMTP reconnaissance activity from IP 86.54.42.44 (Switzerland/AS42624) during a concentrated 1-second window on 2026-03-02 at 02:00 hours. The activity demonstrates medium-severity mail server enumeration behavior with systematic protocol probing across mul…
Threat actor operating from Vienna-based hosting infrastructure (146.70.146.50) conducted targeted SMTP reconnaissance against organizational mail servers on March 3, 2026 at approximately 12:00 UTC. Activity demonstrates systematic enumeration techniques consistent with pre-attack reconnaissance f…
High-confidence SMTP reconnaissance activity detected from IP 77.83.39.164 (AS215693 PalmaHost, Netherlands) conducting systematic probing against mail infrastructure over a 3-day period from March 7-10, 2026. Threat level assessed as MEDIUM due to sustained reconnaissance pattern and maximum Abuse…