IP address 204.76.203.73 conducted a sustained Local File Inclusion (LFI) attack campaign from February 21 to April 16, 2026, targeting multiple web services with 118 recorded events. The activity represents LOW severity reconnaissance and exploitation attempts focused on accessing sensitive system …
IP address 35.216.140.3 conducted a sustained 41-day reconnaissance campaign targeting web applications and network services, attempting to access sensitive configuration files and probing RDP/SMB services. The activity represents a MEDIUM threat level with moderate sophistication, likely representi…
External threat actor at IP 2.57.122.234 conducted a 42-day reconnaissance and credential harvesting campaign from March 1-April 12, 2026, generating 112 attack events primarily targeting Fortinet devices and authentication systems. Assessment indicates MEDIUM threat level with sophisticated APT-lik…
Threat actor operating from IP 204.76.203.215 conducted sustained reconnaissance and Local File Inclusion (LFI) attacks against multiple services over 47 days (February 22 - April 10, 2026), generating 284 security events. Despite the LOW confidence assessment, the campaign demonstrates escalating s…
Malicious activity detected from 45.142.193.233 (, ASNone). 1187050 events observed across EtherNet/IP, TCP, TCP/SYN, TLS, TLS/1.0. AI verdict: HIGH.
High-confidence Local File Inclusion (LFI) attack campaign observed from 89.42.231.182 (Netherlands/Amarutu Technology Ltd) targeting web applications with directory traversal techniques to access sensitive system files. Assessment: HIGH threat level with 95% confidence based on 146 attack events o…
IP address 198.211.115.185 conducted an intensive web exploitation campaign on March 18, 2026, executing 217 attack events over a 3-hour window targeting web applications through Local File Inclusion (LFI) attacks and vulnerability scanning. This represents a HIGH threat level based on the concentr…
Internet-facing sensors observed medium-severity reconnaissance activity from IP 45.148.10.23 (Netherlands/AS48090) conducting Local File Inclusion (LFI) attacks targeting Git configuration files and vulnerability scanning across 27 events over a 12-hour period from February 26-27, 2026. The threat…
A Linux-based threat actor operating from US infrastructure conducted sustained web application exploitation attempts over a 9-day period, generating 2,244 malicious events targeting HTTP services. The actor demonstrated HIGH threat level activity through systematic Local File Inclusion (LFI) attack…
IP address 198.199.69.186 conducted a concentrated multi-protocol reconnaissance campaign on February 24, 2026, targeting Oracle TNS, SMB, and web services within a one-minute timeframe. The attacker profile indicates HIGH threat level consistent with advanced persistent threat (APT) tactics. Immed…
IP address 27.123.241.43 (India-based) conducted credential brute force attacks against BoaForm admin interfaces on embedded devices and routers, exploiting CVE-2021-46422. This represents a MEDIUM severity threat with potential for device compromise and lateral network movement. Organizations shou…
A Moroccan threat actor (196.115.7.197) conducted a sustained web application attack campaign from February 27-March 4, 2026, targeting sensitive configuration files and conducting vulnerability scanning. The attacker demonstrates medium-severity capabilities with Local File Inclusion (LFI) techniq…