IOC Radar
IPMediumSignal 78/100

45.135.232.92

Location
GermanyGermany
Frankfurt am Main, MOW
ASN
AS215174
ProNow Tech CO. L.L.C
First Seen
Jul 13, 2024
Last Seen
May 8, 2026
Jul 13
First Seen
702d ago
May 8
Last Seen
38d ago
26
Reports
source reports
78%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
78%
Signal Score
78 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

71 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, MOW
ASNAS215174
OrganizationProNow Tech CO. L.L.C

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

26 reports78% confidence
26
Source reports
78%
Confidence score
Category tags
abuseaccess controlactive scanactive scanninganomalous network connectionsapacheapache attackerasiaattackattack campaignattack source ipattack source: externalattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptauthentication attemptsauthentication brute forceauthentication bypassauthentication-attemptsautomated attackautomated attacksautomated scanningbad reputationbad web botblock listblock.txtblog spambotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbruteforce ipsbruteforcingc2c2 communicationc2 serverchinachina mobilecolumnscommand & controlcommand and controlcommunication protocolcompany limitedcompromise assessmentcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemscowrie datacowrie honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential-stuffingcyberattackdaily_sourcesdata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase securityddosddos attackdedecoy systemdenial of servicedenial-of-service attemptdistributed attacksenumerationeuropeeurope/asiaexecutable fileexploitexploit attemptsexploitation activityexploitation attemptsexploited hostexternal attackexternal ip addressexternal networkexternal remote servicesfinlandfrancefraud ordersfraud voipftpftp brute forceftp brute-forcegermanyhackinghk abusehandlerhoneynet connecthoneytrap honeypothong konghttp brute forcehttp request anomalieshttp scannerhttp scanninghttpshurricane usidentity & access exploitationindiainitial accessinjection activityinjection attacksinternet scanninginternet-facing servicesintrusion detectioniociot securityiot targetedipv4kill-chain exploitationkill-chain reconnaissancelamplateral movementlcialinux-server-attacksloginlogin attacklogin attemptlogin brute forcelow-riskmalicious activitymalicious ip activitymalicious sftp activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware distributionmalware propagationmalware scanningnetworknetwork attacksnetwork boundarynetwork enumerationnetwork intrusionnetwork intrusion attemptsnetwork login attemptnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork servicenetwork service exploitationnetwork service scanningnetwork traffic analysisnorth americaoceaniaopen proxyosintpassword attackpassword attackspassword sprayingpassword-guessingpgp signphishingphishing attackping of deathpolandport-scanningpossible botnet activitypossible malware distributionprocess injectionprotocol exploitationproxyrdp bruteforcereconnaissancereconnaissance activityremote accessremote access attemptremote service attackremote servicesresearchedrurussiarussian federationscams & fraudscanscannerscanning activitysecurity operationssecurity policyservice scansftp attacksingaporesip protocolsip scansmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringspamsql injection attemptsssh attackssh brute-forcessh monitoringssh protocolssh scant-pott1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1065t1068t1071t1071.001t1076t1078t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1210t1486t1496t1499.001t1499.002t1499.003t1552.001t1555t1563t1565t1566t1566.001t1566.002t1566.003t1573t1573.001t1583t1583.001t1588t1588.002t1588.004t1589t1589.002t1592t1595t1595.001t1595.002t1595.003targeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodeudp scanunauthorized accessunauthorized access attemptunauthorized login attemptsunited kingdomunited statesus abuseus nonevalid accountsvnc bruteforcevoipvpnvpn ipvulnerability scanweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
May 8May 8

Threat Activity Heatmap

· Peak: 2026-05-08
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
78
SIGNAL
Signal Score
78%
Confidence
26
Reports
First seenJul 13, 2024
Last seenMay 8, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, MOW
ASNAS215174
OrgProNow Tech CO. L.L.C
Coords55.7483, 37.6171
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPV4 hosts detected attempting to brute force SSH on private honeypot
raw
inetnum: 45.135.232.0 - 45.135.232.255 netname: RU-PROTON66 country: RU org: ORG-PL533-RIPE admin-c: PL14453-RIPE tech-c: PL14453-RIPE status: ASSIGNED PA mnt-by: IP-RIPE created: 2023-03-31T20:14:04Z last-modified: 2023-03-31T20:14:07Z source: RIPE organisation: ORG-PL533-RIPE org-name: Proton66 LLC org-type: OTHER address: pr-kt Iskrovskiy, d. 21YU, kv. 218 address: 193230 Saint Petersburg address: Russia abuse-c: PL14453-RIPE mnt-ref: IP-RIPE mnt-by: IP-RIPE created: 2023-03-31T20:10:41Z last-modified: 2023-03-31T20:10:41Z source: RIPE # Filtered role: Proton66 LLC nic-hdl: PL14453-RIPE address: pr-kt Iskrovskiy, d. 21YU, kv. 218 address: 193230 Saint Petersburg address: Russia abuse-mailbox: [email protected] phone: +7 999 5285271 mnt-by: IP-RIPE created: 2023-03-31T20:09:34Z last-modified: 2023-03-31T20:10:30Z source: RIPE # Filtered route: 45.135.232.0/24 origin: AS198953 mnt-by: IP-RIPE created: 2023-04-14T19:15:16Z last-modified: 2023-04-14T19:15:16Z source: RIPE
references
https://jamesbrine.com.au/bruteforce-ip-list-2025-09-03/, https://jamesbrine.com.au, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-02/, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-01/, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-31/, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-27/, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-26/, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-25/, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-24/, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-09/, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-08/, https://jamesbrine.com.au/bruteforce-ip-list-2025-08-07/, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-05/, https://jamesbrine.com.au/bruteforce-ip-list-2025-09-04/, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 26 threat reports