AiTM phishing kit (Tycoon/EvilProxy fingerprint, UA portal-browser/3.8.0 Electron) probing Microsoft ...
show moreAiTM phishing kit (Tycoon/EvilProxy fingerprint, UA portal-browser/3.8.0 Electron) probing Microsoft 365 auth. Repeated failed sign-ins (errorCode 50173 FreshTokenNeeded) against 3 distinct UPNs on 2026-06-19 and 2026-06-21. Source confirmed via signin diagnostic logs. Datacamp Limited AS212238.
show less
Authentication attack against Microsoft 365 tenant. 22 failed sign-in attempts across 2 rounds (2026 ...
show moreAuthentication attack against Microsoft 365 tenant. 22 failed sign-in attempts across 2 rounds (2026-06-19 18:23-18:26 UTC and 2026-06-21 ~11:00 UTC) targeting 3 user accounts. Error codes 70000 (provided grant has expired / been revoked, OAuth refresh-token replay) and 50173 (FreshTokenNeeded, stale refresh token). User-agent fingerprint: Mozilla/5.0 Windows portal-browser/3.8.0 Chrome/120 Electron/28.3.3 -- Adversary-in-the-Middle phishing toolkit (EvilProxy / Tycoon family). Original transfer method: device code flow (classic BEC vector). PTR: unn-149-88-98-169.datapacket.com. ASN 212238 Datacamp Limited / CDN77 Toronto colocation. All attempts rejected by Microsoft Entra; now also blocked at tenant Conditional Access layer.
show less
Brute-Force
Exploited Host
Anonymous
Unauthorized connection attempt detected in the last 24 hours
BAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:user-agent. (110 ...
show moreBAD BOT - Detected and Blocked.. Matched phrase "go-http-client" at REQUEST_HEADERS:user-agent. (1100000-124)
show less
Bad Web Bot
Anonymous
Bad connection attempt Reported by AntiScan for Fabric
Port Scan
Anonymous
Portscan
Port Scan
Anonymous
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
Showing 1 to
7
of 7 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ