Threat Intelligence Feed — Tag: AUTH_ATTACK

Malicious activity detected from 45.142.193.233 (, ASNone). 1187050 events observed across EtherNet/IP, TCP, TCP/SYN, TLS, TLS/1.0. AI verdict: HIGH.

IP address 173.239.240.145 conducted a sustained credential attack campaign against SSL VPN infrastructure over 21 days (March 4-25, 2026), generating 3,555 authentication attempts targeting HTTPS services. This represents a MEDIUM threat with potential for unauthorized network access if weak creden…

High-confidence credential stuffing attacks targeting Cisco ASA SSL VPN login interfaces have been observed from US-based infrastructure (AS396356 Latitude.sh) between March 17-23, 2026. The threat actor demonstrates specific knowledge of Cisco WebVPN authentication mechanisms and poses significant …

A medium-severity credential stuffing attack was observed from IP 64.89.161.182 (Luxembourg) targeting authentication services with weak credentials over a brief timeframe on March 9, 2026. The attacker conducted 214 events within one minute using HTTP Basic Authentication, specifically targeting p…

IP address 173.239.240.234 conducted a sustained credential attack campaign against Cisco ASA SSL VPN infrastructure from March 10-14, 2026, generating 2,738 authentication attempts using the credentials "clientes/Winter2026!". This represents a HIGH threat level with 85% confidence due to the targ…

A sophisticated threat actor operating from Netherlands-based infrastructure (45.142.193.232) conducted a sustained credential harvesting and authentication attack campaign over 48 hours, generating 981 security events with a 100/100 AbuseIPDB reputation score. The actor demonstrated advanced capab…