Loading threats
Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 81.29.142.100 | 100% | 33,985 | 24,815 | 🇷🇺 RU | AS210259 | 2026-04-19 |
| 81.29.142.6 | 100% | 24,131 | 18,337 | 🇷🇺 RU | AS210259 | 2026-04-19 |
| 45.91.64.6 | 100% | 16,479 | 10,098 | 🇷🇺 RU | AS214664 | 2026-04-19 |
| 95.215.0.144 | 100% | 13,684 | 10,530 | 🇷🇺 RU | AS44050 | 2026-04-19 |
| 45.91.64.7 | 100% | 10,528 | 9,427 | 🇷🇺 RU | AS214664 | 2026-04-19 |
| 80.82.77.202 | 98% | 7,427 | 6,189 | 🇳🇱 NL | AS202425 |
| 2026-04-19 |
| 207.90.244.28 | 100% | 6,693 | 3,819 | 🇺🇸 US | AS174 | 2026-03-04 |
| 80.13.153.140 | 100% | 5,964 | 4,143 | 🇫🇷 FR | AS3215 | 2026-04-19 |
| 92.154.95.236 | 100% | 5,434 | 3,786 | 🇫🇷 FR | AS3215 | 2026-04-19 |
| 207.90.244.14 | 100% | 5,373 | 3,220 | 🇺🇸 US | AS174 | 2026-03-04 |
| 71.6.199.23 | 100% | 5,262 | 3,494 | 🇺🇸 US | AS10439 | 2026-04-19 |
| 5.101.64.6 | 100% | 4,659 | 4,382 | 🇷🇺 RU | AS34665 | 2026-04-19 |
| 93.174.95.106 | 100% | 4,250 | 2,974 | 🇳🇱 NL | AS202425 | 2026-04-18 |
| 80.82.77.139 | 100% | 4,089 | 2,886 | 🇳🇱 NL | AS202425 | 2026-04-19 |
| 80.82.77.33 | 100% | 3,935 | 2,764 | 🇳🇱 NL | AS202425 | 2026-04-19 |
| 71.6.135.131 | 100% | 3,868 | 2,748 | 🇺🇸 US | AS10439 | 2026-04-18 |
| 185.93.89.18 | 96% | 3,778 | 3,767 | 🇮🇷 IR | AS213790 | 2026-03-09 |
| 176.32.195.85 | 100% | 3,709 | 2,666 | 🇦🇲 AM | AS197834 | 2026-03-24 |
| 86.54.31.32 | 100% | 3,704 | 2,454 | 🇨🇦 CA | AS12989 | 2026-04-19 |
| 86.54.31.38 | 100% | 3,651 | 2,448 | 🇨🇦 CA | AS12989 | 2026-04-19 |