I have a server co-loced at Mikrotec. It’s part of my bi-monthly security scans. Today Mikrotec called to say that they noticed a large amount of activity to my coloc, and, on further investigation, it looked like attacks.
I don’t think I’ve ever had an ISP alert me that a machine was being attacked. This was a pleasant unexpected surprise