This is a sample of the report LogTriage generates from a single uploaded log file — no signup, no manual triage. Open the interactive demo →
Credential Stuffing with Confirmed Account Compromise
Generated in ~30 seconds from a 22-line access log.
Executive summary
A single source (185.220.101.45, a Tor exit node) ran an automated
credential-stuffing campaign against /api/v1/auth/login: 19 login attempts,
17 failures (89% failure rate), followed by 2 successful logins — confirming
account compromise. One compromised account then accessed /api/v1/users/export,
indicating possible data exfiltration. Immediate containment is required.
Attack pattern & evidence
- • 19 auth requests from one IP in a 4-minute window
- • 17 failures (89% fail rate) — automated, not human
- • 2 successful authentications after the failure burst — compromise confirmed
- •
python-requestsuser-agent — scripted client, no browser - • Source is a known Tor exit node (anonymized infrastructure)
Indicators of compromise (IOCs)
- 185.220.101.45 (Tor exit)
- AS205100 — F3 Netze (Tor)
- python-requests/2.28.0
- /api/v1/auth/login
- /api/v1/users/export
Threat intelligence verdicts
MITRE ATT&CK
Remediation steps
- 1
Block 185.220.101.45 at the edge/WAF and force-terminate active sessions for the two compromised accounts.
WAF / IdP
- 2
Force a password reset + step-up MFA re-enrolment for the affected users; review actions taken after the successful logins.
IdP
- 3
Rate-limit and add credential-stuffing protection (device fingerprinting, bot detection) on /api/v1/auth/login.
WAF
- 4
Audit /api/v1/users/export access from the compromised accounts for data exfiltration.
App logs
- 5
Add a detection rule for failed-then-successful auth bursts by source IP (see our free Sigma library).
SIEM
This report was generated automatically from one log file.
Upload yours and get the same analysis in under a minute — 50+ log formats supported.
See this detection run on a real report
Try the live demo with a pre-loaded malicious log set — no signup required — or upload your own log file and get a full AI-reviewed threat report in minutes.