Loading threats
SMTP client issued an EHLO command to identify itself and initiate an Extended SMTP session. This is the standard capability negotiation step where the client announces its hostname and requests supported extensions from the server. On exposed or honeypot SMTP services, automated tools and spam bots often send EHLO immediately after connecting as part of relay testing, enumeration, or bulk delivery workflows.
| IP Address | Risk | Events | Sessions | Country | ASN | Last Seen |
|---|---|---|---|---|---|---|
| 194.26.192.102 | 95% | 54,364 | 11,476 | 🇳🇱 NL | AS210558 | 2026-03-17 |
| 178.16.54.139 | 92% | 44,573 | 44,503 | 🇳🇱 NL | AS202412 | 2026-03-14 |
| 81.29.142.100 | 100% | 33,975 | 24,805 | 🇷🇺 RU | AS210259 | 2026-04-19 |
| 81.29.142.6 | 100% | 24,129 | 18,335 | 🇷🇺 RU | AS210259 | 2026-04-18 |
| 45.91.64.6 | 100% | 16,478 | 10,097 | 🇷🇺 RU | AS214664 | 2026-04-19 |
| 95.215.0.144 | 100% | 13,680 | 10,526 | 🇷🇺 RU | AS44050 | 2026-04-19 |
| 80.94.93.5 | 98% | 11,256 | 11,232 | 🇷🇴 RO | AS47890 | 2026-03-01 |
| 45.91.64.7 | 100% | 10,527 | 9,426 | 🇷🇺 RU | AS214664 | 2026-04-19 |
| 80.82.77.202 | 98% | 7,414 | 6,176 | 🇳🇱 NL | AS202425 | 2026-04-19 |
| 185.242.226.19 | 96% | 7,116 | 3,900 | 🇺🇸 US | AS202425 | 2026-04-15 |
| 115.231.78.11 | 100% | 6,810 | 4,604 | 🇨🇳 CN | AS58461 | 2026-04-18 |
| 207.90.244.28 | 100% | 6,693 | 3,819 | 🇺🇸 US | AS174 | 2026-03-04 |
| 80.13.153.140 | 100% | 5,963 | 4,142 | 🇫🇷 FR | AS3215 | 2026-04-19 |
| 92.154.95.236 | 100% | 5,421 | 3,773 | 🇫🇷 FR | AS3215 | 2026-04-18 |
| 207.90.244.14 | 100% | 5,373 | 3,220 | 🇺🇸 US | AS174 | 2026-03-04 |
| 155.117.232.31 | 96% | 5,285 | 3,357 | 🇺🇸 US | AS399486 | 2026-03-31 |
| 71.6.199.23 | 100% | 5,262 | 3,494 | 🇺🇸 US | AS10439 | 2026-04-19 |
| 5.101.64.6 | 100% | 4,656 | 4,379 | 🇷🇺 RU | AS34665 | 2026-04-18 |
| 93.174.95.106 | 100% | 4,250 | 2,974 | 🇳🇱 NL | AS202425 | 2026-04-18 |
| 80.82.77.139 | 100% | 4,087 | 2,884 | 🇳🇱 NL | AS202425 | 2026-04-18 |