IOC Radar
IPMediumSignal 72/100

45.156.128.111

Location
BelgiumBelgium
Amsterdam, North Holland
ASN
AS211680
Inap AMS
First Seen
Jun 19, 2024
Last Seen
Jun 13, 2026
Jun 19
First Seen
733d ago
Jun 13
Last Seen
9d ago
36
Reports
source reports
72%
Confidence
medium
Found in 36 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

91 techniques

Network Information

CountryBEBelgium
RegionAmsterdam, North Holland
ASNAS211680
OrganizationInap AMS

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

36 reports72% confidence
36
Source reports
72%
Confidence score
Category tags
abuseabuseipdbaccessaccess attemptsaccess controlaccount compromiseactive scanactive scanningadbhoney alertsadbhoney honeypotapacheapache attackerapplication layer protocolaptarbitrary file uploadasiaattachment phishingattackattacker ipattacker-ipaustraliaauthentication attemptsauto-generated securityautomated attackautomated attack attemptsautomated attacksautomated emailautomated threatback orificebad reputationbad web botbankingbase64base64 encodingbebecbelgiumblacklist activityblacklist candidateblacklist ipblacklisted ipblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute_forcebruteforcebulk emailc2c2 communicationc2 servercertciscocisco asacisco attackcisco devicecisco device targetingcisco exploitationcisco exploitation attemptscisco logscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcommunication securitycompromised hostcompromised hostsconnected devicesconpotconpot attackconpot honeypotcowriecowrie activitycowrie attackcowrie attackscowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential abusecredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential phishingcredential stuffingcredential-accesscredit card servicesdasan gpon rcedata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase probingdatabase securityddosddos attackddos attacksddos attemptdecoy systemdefault credentialsdenial of servicedevice managementdhcpdhcp scanningdictionary attackdigital oceandigitalocean ipsdionaeadionaea activitydionaea attacksdionaea detectiondionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondistributed attacksdnsdns attackelasticpot honeypotelasticsearchelasticsearch monitoringelasticsearch scanningemailencryptionenterprise networkingeuropeexploitexploit attemptexploit attemptsexploit kit activityexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexposed servicesexternal access attemptsfattfatt signaturesfilefinancefinance and insurancefinancial servicesfinancial technologyfinlandfortios ssl vpnfranceftpftp brute forceftp brute-forcegermanygithubgroupshackinghoneynet connecthoneypot datahoneytrap activityhoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/shttps scanninghungaryicmpics securityidentity & access exploitationimapimap brute forceinbound scanindicatorindustrial control systemsindustrial iotinformation disclosureinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing serviceinternetcensus-benignintrusion detectioniociocsiot analyticsiot applicationsiot botnetiot exploitationiot platformsiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 addressjapanlamplamp attacklamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp server targetedlamp stack attacklamp stack targetinglateral movementldapldap scanninglinux serverslinux systemslinux_server_attackslogin attacklogin attemptmail protocol abusemailoney activitymailoney honeypotmailoney interactionsmailoney logsmalicious activitymalicious activity detectedmalicious ipmalicious ipsmalicious network activitymalicious payload attemptsmalicious scanmalicious sip activitymalicious softwaremalicious trafficmalicious-scanmalwaremalware analysismalware behaviourmalware capturemalware detectionmalware distributionmalware propagationmalware_activitymanualmemcached scanningmiraimirai botnetmobile threatmssqlmssql brute forcenetherlandsnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-reconnaissancenetwork_scanningnlnorth americantpntp scanningoceaniaopenctioracleoracle brute forcep0fp0f os fingerprintingp0f signaturespasswordpassword attackpassword attackspassword theftpayment fraudpayment processingphishingphishing attackphishing campaignphishing trapphpunit rceping of deathpolandpop3 brute forceportscanpossible botnet activitypossible malware distributionpossible malware propagationpossible mirai variantpostgrespostgresql brute forcepotential botnet activitypotential malicious activityprice requestprice request scamprobingprocess injectionprotocol exploitationproxyproxy protocolptpythonqhoneypot detectionransomwarereconnaissancereconnaissance activityredisredis brute forceredis honeypotredishoneypot activityremote accessremote access attemptsremote access trojanremote service exploitationremote service interactionremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanningscanning activityschedule themescheduled task abusescriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer interactionssentrypeer logsserver exploitationservice enumerationservice scanservice scanningservice-discoverysftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssipsip brute forcesip scanningslugsmart devicessmbsmb brute forcesmb scanningsmtpsmtp brute forcesmtp probingsmtp scanningsnmpsocial engineeringsocks5socks5 scanningsocradarsocradar honeypotsora botnetspamsql injectionsql injection attemptsql injection attemptssshssh attackssh monitoringsurface websuricata alertsuricata alertssystem accesst1003t1003.001t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1199t1203t1204t1204.002t1210t1486t1490t1496t1497t1499.001t1499.002t1499.003t1505.004t1539t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1587.001t1588t1589t1590t1590.001t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1598t1598.003tannertanner activitytanner interactionstanner logstargeting databasetariff server compromisetariff server themetariffs servertcptcp protocoltcp scantcp-scantelecommunicationstelerik radasyncuploadtelnettelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat_discoverytor nodetpottpotceudp port scanudp scanudp-scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunidentified attackerunited statesunknown threat actorverified-benignvncvnc protocolvnc scanningvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvultrwealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitweb exploitationweb scannerweb spamweb trafficweb_attackwebscanwebscannerwetransfer abuse

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
36
Reports
First seenJun 19, 2024
Last seenJun 13, 2026
GeolocationBE
CountryBelgium
LocationAmsterdam, North Holland
ASNAS211680
OrgInap AMS
Coords47.4919, 19.0500
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
inetnum: 45.156.128.0 - 45.156.128.255 descr: INAP-AMS-1 netname: INAP-AMS-1 country: EU admin-c: DOT14-RIPE tech-c: DOT14-RIPE abuse-c: AR59913-RIPE status: ASSIGNED PA mnt-by: MNT-BST created: 2023-04-07T18:23:20Z last-modified: 2023-05-10T19:12:36Z source: RIPE remarks: https://internet-census.org remarks: Internet Census Group seeks to measure the global Internet with non-intrusive data collection techniques in order to analyze trends and benchmark security performance across a broad range of industries remarks: We are committed to upholding the security and privacy of the entire online community. As part of that mission, we maintain a list of entities that have contacted us and wish to prevent us from attempting to access their addresses or ports remarks: To have your IP address added to this list, provide us with the IP addresses you wish to remove via email to: [email protected] remarks: Please continue to update us if your IP addresses or networks change so we can continue to keep you opted out. You will receive a confirmation email when completed role: Data Operations address: 111 Huntington Ave Suite 2010 address: MA 02199 address: Boston address: UNITED STATES nic-hdl: DOT14-RIPE mnt-by: MNT-BST created: 2020-02-21T08:44:10Z last-modified: 2021-03-12T21:55:04Z source: RIPE # Filtered route: 45.156.128.0/24 origin: AS211680 mnt-by: MNT-BST created: 2023-04-07T18:25:10Z last-modified: 2023-04-07T18:25:10Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://www.linkedin.com/posts/starlightintel_starlight-cti-activity-7371187642471862272-zivC?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, 462.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 9 days ago
Appeared in 36 threat reports