IPMediumSignal 27/100
173.44.141.75
Location
United StatesDallas, Hessen
ASN
AS62904
servinga GmbH
First Seen
Apr 20, 2025
Last Seen
Apr 6, 2026
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
27%
Signal Score
27 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionDallas, Hessen
ASNAS62904
Organizationservinga GmbH
IP Category
⊕
VPN
VPN exit node
Feed Intelligence Summary
6 reports27% confidence
6
Source reports
27%
Confidence score
Category tags
access controlactive scanactive scanningattackauthenticationauthentication attackauthentication brute forceauthentication failureautomated brute forcebotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptscivil servicescommand and controlcountcredential accesscredential stuffingdata exfiltrationdata store exposuredistributed attacksencryptioneuropeexploitation activitygeo-distributed attackgermanygovernment technologyidentity & access exploitationindicatorinformation technologyinjection activityipv4ipv4 addressesit infrastructurelogin attackmalicious activitymalicious softwaremalwaremulti-geo location attackmultiple failed loginsmultiple geo locationsmultiple geo-locationsmultiple ip addressesmultiple ipsnetworknetwork accessnetwork intrusionnetwork securitynorth americapassword attackpassword attackspassword crackingphishingprocess injectionpublic administrationpublic infrastructurepublic policyrandom usernamesreconnaissanceregulatory agenciesremote accessresearchedscannersecurity operationssoftware developmentssl vpnt1055t1071.001t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1486t1496t1499.002t1499.003t1555t1555.003t1565t1588t1588.004t1589t1589.002t1595t1595.001t1595.002t1595.003threat actorthreat intelligencetor nodeunauthorized accessunauthorized access attemptsunauthorized loginunauthorized login attemptsunited statesunknown passwordsunknown usernamesusernames: random/unknownvpnvpn security
Activity Timeline
Apr 6Apr 6
Threat Activity Heatmap
· Peak: 2026-04-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
27
SIGNAL
Signal Score
27%
Confidence
6
Reports
First seenApr 20, 2025
Last seenApr 6, 2026
GeolocationUS
CountryUnited States
LocationDallas, Hessen
ASNAS62904
Orgservinga GmbH
Coords37.7510, -97.8220
VPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 addresses from multiple GEO locations making multiple unauthorised attempts to establish SSL VPN connections to firewall using random/unknown username and passwords. Logged between 24/04/2025 8am - 25/04/2025 8am.
- raw
- Eonix Corporation EONIX (NET-173-44-128-0-1) 173.44.128.0 - 173.44.255.255 Winnebell Network Services WINBNS-1734414124-001 (NET-173-44-141-0-1) 173.44.141.0 - 173.44.141.255
- references
- 2025-04-25-SSL-VPN-malicious-login-attempts.csv, 2025-04-24-SSL-VPN-malicious-login-attempts.csv, 2025-04-23-SSL-VPN-malicious-login-attempts.csv, 2025-04-22-SSL-VPN-malicious-login-attempts.csv, 2025-04-18-SSL-VPN-malicious-login-attempts.csv, 2025-04-16-SSL-VPN-malicious-login-attempts.csv, 2025-04-15-SSL-VPN-malicious-login-attempts.csv, 2025-04-14-SSL-VPN-malicious-login-attempts.csv, 2025-04-11-SSL-VPN-malicious-login-attempts.csv
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 2 months ago
Appeared in 6 threat reports