{"id":518,"date":"2026-07-03T03:58:49","date_gmt":"2026-07-03T03:58:49","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/dolmacyse201\/?page_id=518"},"modified":"2026-07-03T04:22:58","modified_gmt":"2026-07-03T04:22:58","slug":"artifact1-2","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/dolmacyse201\/artifact1-2\/","title":{"rendered":"Artifact1"},"content":{"rendered":"\n<p>Anonymous IP address | joe.lartey@manytek.org | Malicious IP Sweden| Multiple Failures | Password resets | Verifying with Mgr<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Summary<\/h2>\n\n\n\n<p>On 12\/05\/2026 18:00:00 EST, the Manytek Security Operation Team (MSOC Team), received an alert title &#8220;Anonymous IP address&#8221; The alert was triggered when the user &#8220;joe.lartey&#8221; was detected attempting to sign-in from an anonymous hosting IP provider located in Sweden, Using Firefox browser on windows 10 device.<\/p>\n\n\n\n<p>The IP address &#8220;2a0d:bbc7::f816:3eff:fec7:9bc8&#8221; is registered to QuxLabs AB located in Sweden and has been reported by OSINT Sources as highly malicious. Sigin-in Logs of the user account activity and IP in the last 7days shows multiple keep me signed in interrupts and repeated failures, followed by successful attempts with no MFA required, all from non cooperate device.<\/p>\n\n\n\n<p>This behavior differs from the users normal pattern. Joe normally sign-ins from Virginia US, using Chrome windows 10 device, with no history of Sweden based access or anonymous IP usage.<\/p>\n\n\n\n<p>Recent Account activity includes a password reset {credential rotation} and a new device registration within the last 7days.<\/p>\n\n\n\n<p>Given the anonymous IP, Foreign location, repeated failures and deviation from the users normal sign-in behavior, the activity is considered suspicious. The MSOC Team is reaching to the users manager to verify if the activity is expected.<\/p>\n\n\n\n<p>2: Given the anonymous IP, Foreign location, repeated failures and deviation from the users normal sign-in behavior, the activity is considered suspicious. The MSOC Team is force reseting the users password and revoking all MFA session and Notify Manager.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Alert Details:<\/h2>\n\n\n\n<p>Alert Date\/Time: 12\/05\/2026 18:00:00 EST<br>Event Date\/Time: 11\/5\/2026 19:16:20 EST<br>User name: joe.lartey<br>IP address: 2a0d:bbc7::f816:3eff:fec7:9bc8<br>Sign-in location: Solna, Stockholms Lan, SE<br>User Agent: Mozilla\/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko\/20100101 Firefox\/140.0<br>Sign-in request Id: 55dfa23a-a247-416a-895b-da9adf0f6200<\/p>\n\n\n\n<p>User Information<br>Name:Joe Lartey<br>Email:joe.lartey@manytek.org<br>Job Title:Application Engineer<br>Department:Engineering<br>Mgr: Derek Atiawu<\/p>\n\n\n\n<p>IP Information:<br>IP:2a0d:bbc7::f816:3eff:fec7:9bc8<br>ISP: QuxLabs AB<br>Domain Name: quxlabs.com<br>Country Stockholm Sweden<br>This IP was reported 451 times. Confidence of Abuse is 39%:<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Action\/Recommendations<\/h2>\n\n\n\n<p>1: option<br>Please verify with the user whether the sign-ins from Sweden were expected<br>If expected, educate the user to refrain from using third party VPN\/Proxy IPs when accessing company resources<br>If not expected, please reply immediately for us to remediate their account.<\/p>\n\n\n\n<p>2: option<br>Please verify with the user whether the sign-ins from Sweden were expected<br>If expected, educate the user to refrain from using third party VPN\/Proxy IPs when accessing company resources<br>For precautionary measures we have reset the users account<br>please Advise the user to reach out to the service desk to have their account re-instated<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><\/h2>\n","protected":false},"excerpt":{"rendered":"<p>Anonymous IP address | joe.lartey@manytek.org | Malicious IP Sweden| Multiple Failures | Password resets | Verifying with Mgr Summary On 12\/05\/2026 18:00:00 EST, the Manytek Security Operation Team (MSOC Team), received an alert title &#8220;Anonymous IP address&#8221; The alert was triggered when the user &#8220;joe.lartey&#8221; was detected attempting to sign-in from an anonymous hosting IP&#8230; <\/p>\n<div class=\"link-more\"><a href=\"https:\/\/sites.wp.odu.edu\/dolmacyse201\/artifact1-2\/\">Read More<\/a><\/div>\n","protected":false},"author":29732,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"_links":{"self":[{"href":"https:\/\/sites.wp.odu.edu\/dolmacyse201\/wp-json\/wp\/v2\/pages\/518"}],"collection":[{"href":"https:\/\/sites.wp.odu.edu\/dolmacyse201\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sites.wp.odu.edu\/dolmacyse201\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/dolmacyse201\/wp-json\/wp\/v2\/users\/29732"}],"replies":[{"embeddable":true,"href":"https:\/\/sites.wp.odu.edu\/dolmacyse201\/wp-json\/wp\/v2\/comments?post=518"}],"version-history":[{"count":3,"href":"https:\/\/sites.wp.odu.edu\/dolmacyse201\/wp-json\/wp\/v2\/pages\/518\/revisions"}],"predecessor-version":[{"id":541,"href":"https:\/\/sites.wp.odu.edu\/dolmacyse201\/wp-json\/wp\/v2\/pages\/518\/revisions\/541"}],"wp:attachment":[{"href":"https:\/\/sites.wp.odu.edu\/dolmacyse201\/wp-json\/wp\/v2\/media?parent=518"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}