Critical Alert
IP 64.188.91.243, registered to network operator ADCIL-ASN-01 in the United States, presents a critical threat with a 10/10 threat level, having generated 2084 abuse reports across automated honeypot sensors within a concentrated timeframe spanning January to March 2026. The dominant activity associated with this address consists of VNC brute-force authentication attacks, which represent a serious and direct pathway to unauthorized remote system access.
The 2084 reports were collected from 20 distinct automated honeypot sensors over approximately three months, yielding a 62% confidence score in the attribution. The AS401152 autonomous system, operated by ADCIL-ASN-01, serves as the network origin for this sustained hostile activity. Suricata intrusion detection systems flagged the specific attack pattern as "SURICATA STREAM Packet with broken ack" in conjunction with VNC brute-force attempts, indicating a methodical and automated campaign targeting remote authentication interfaces. While the activity frequency metric registers at zero out of ten, the volume of reports relative to the detection window suggests concentrated burst activity rather than sustained low-level probing.
VNC brute-force attacks systematically attempt authentication credentials against Virtual Network Computing services, which provide graphical remote desktop access. Successful compromise grants attackers direct interactive control over target systems, enabling data exfiltration, lateral movement within networks, and deployment of secondary payloads. The broken acknowledgment packets observed in the attack signatures suggest the use of modified or evasive network packets designed to circumvent standard detection mechanisms. This combination of automated credential guessing with network-level evasion techniques elevates the risk beyond simple password spraying to a sophisticated intrusion campaign.
Site operators exposing VNC or similar remote access services should immediately implement multi-factor authentication, enforce strong password policies, and consider restricting access via IP allowlisting or VPN tunnels. Deploying or configuring fail2ban to dynamically block repeated authentication failures will mitigate brute-force attempts. Network-level rate limiting on VNC ports, coupled with Suricata or Snort intrusion detection rules that flag anomalous TCP acknowledgment patterns, will strengthen defenses against the evasion techniques observed. Regular monitoring of authentication logs for patterns consistent with the broken-ack attack signatures will aid in early detection of compromise attempts.
UA 
HK 
BE 
PL