Summary (Bottom Line Up Front)
A low-severity TCP-based reconnaissance event was detected from IP 78.128.112.215 targeting port 8080. No exploit payloads or CVE-specific activity were observed. Network defenders should capture PCAP data and apply rate-limiting measures if the scanning persists. ###
Activity Timeline
INITIAL REPORT2026-05-17T10:16:33Z
Source: Analyst Manual Entry
A low-severity TCP-based reconnaissance event was detected from IP 78.128.112.215 targeting port 8080. No exploit payloads or CVE-specific activity were observed. Network defenders should capture PCAP data and apply rate-limiting measures if the scanning persists.
Technical details
The incident involved a TCP probe to destination port 8080, with no evidence of exploit payloads or specific vulnerabilities being targeted. The attack utilized high confidence patterns matching suricata_sid_2403422 (ET CINS Active Threat Intelligence Poor Reputation IP group). MITRE ATT&CK technique T1046 was employed during the reconnaissance phase. Key indicators of compromise include TCP traffic to ports 8080 and 8443.
IOCs
IP:78.128.112.215
ASN:202325
COUNTRY:BG
Recommendations
- Capture packet captures (PCAPs) for further analysis.
- Search logs for any follow-up activities from this IP address.
- Apply rate-limiting or temporary blocking if the scanning continues.
- Monitor network traffic for anomalies similar to MITRE technique T1046.
- Share findings with peers and relevant threat intelligence platforms.