Login Bruteforce attempts against intelx.io

Published on November 21, 2019 by

Minutes ago (evening of November 21, 2019) we just stopped an unsuccessful login bruteforce attack. The attacker’s email address is primeday@protonmail.com and the IPs used in the attack are 163.172.225.39 (a NordVPN IP), 94.36.97.33 and 87.0.205.119.

There were 27,601 login attempts from those IPs before stopped by Intelligence X staff.

As clearly stated in our Terms of Service, we are sharing information about attacks with the public and law enforcement.

Additional Information

The IP address 163.172.225.39 is associated with NordVPN – the domain fr253.nordvpn.com resolves to that IP address.

The email primeday@protonmail.com has an user account at https://demonforums.net/ with the nickname “asd666”.

On November 22, 2019 an additional attempt was made from the IP 209.107.196.128 making 591 login requests.

Related articles

Newsletter 2020-03-23

Published on March 23, 2020 by

March 2020 Updates How we prepared for the current global situation We have ordered and deployed 180 TB worth of enterprise storage to be prepared for upcoming price increases and shortages of hard disks. We are reading reports that warn of upcoming delivery delays due to disruptions in the supply chain. We tweeted a picture


Decoding the US Death Master File

Published on March 19, 2020 by

“The Death Master File (DMF) is a computer database file made available by the United States Social Security Administration since 1980″ according to Wikipedia. It is available here https://ladmf.ntis.gov/ but costs $2,930.00 anually. The file has since been posted on the internet for free, including here: http://ssdmf.info/download.html November 30, 2011 http://cancelthesefunerals.com/ May 31, 2013 https://archive.org/details/DeathMasterFile May 31, 2013 This file can


An OSINT investigation into one of our attackers

Published on March 5, 2020 by

On December 11, 2019 we have received 31,866 HTTP requests from the IP 81.171.107.57. Below are few sample log entries: 81.171.107.57 – – [11/Dec/2019:13:52:37 +0000] “POST /login HTTP/1.1” 200 7448 81.171.107.57 – – [11/Dec/2019:13:52:37 +0000] “POST /login HTTP/1.1” 200 7443 81.171.107.57 – – [11/Dec/2019:13:52:37 +0000] “POST /login HTTP/1.1” 200 7447 81.171.107.57 – – [11/Dec/2019:13:52:37 +0000]


Search the blog: