Summary (Bottom Line Up Front)
An automated credential capture attempt was detected originating from IP 121.102.38.87 in Kyoto, Japan, targeting port 8080 over a two-hour period. The attack is assessed as noise with no associated CVEs or zero-day exploits, and poses minimal risk to networks. ###
Activity Timeline
INITIAL REPORT2026-05-17T05:57:45Z
Source: Analyst Manual Entry
An automated credential capture attempt was detected originating from IP 121.102.38.87 in Kyoto, Japan, targeting port 8080 over a two-hour period. The attack is assessed as noise with no associated CVEs or zero-day exploits, and poses minimal risk to networks.
Technical details
- Protocols: TCP, TCP/SYN, TELNET
- Techniques: CREDENTIAL_CAPTURE via brute force attempts
- Attack Volumes: 162 auth_retry events and 81 auth events over a two-hour window
- MITRE Technique Mapping: Not applicable (common brute-force attack)
- IOCs: IP address 121.102.38.87, port 8080
IOCs
IP:121.102.38.87
ASN:2497
COUNTRY:JP
Recommendations
- Monitor access logs for unusual authentication attempts.
- Implement rate limiting on critical services to mitigate brute force attacks.
- Ensure strong password policies and multi-factor authentication are enforced.
- Regularly review and update firewall rules to restrict unnecessary open ports.
- Educate users about the risks of credential harvesting attacks.