IPMediumSignal 60/100

`45.156.129.105`

Location

Belgium

Chicago, Illinois

ASN

AS211680

Inap CHI

First Seen

Jun 5, 2024

Last Seen

Jun 6, 2026

Jun 5

First Seen

738d ago

Jun 6

Last Seen

7d ago

Reports

source reports

60%

Confidence

medium

Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

60%

Signal Score

60 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

67 techniques

Network Information

Country

Belgium

RegionChicago, Illinois

ASNAS211680

OrganizationInap CHI

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

35 reports60% confidence

Source reports

60%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseaccount securityactive scanactive scanningadbhoney honeypotadministrative accessalfa teamapacheapache attackeraptasiaattackattack vectorsaustraliaauthenticationauto-generated securityautomated attackautomated attacksautomated threatautomated-attackback orificebad reputationbad web botbankingbebelgiumblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebruteforcec2c2 communicationc2 servercanadacertciscocisco asa targetedcisco devicecisco exploitation attemptcisco exploitation attemptscloud infrastructurecloud infrastructure attackcloud servicescommand & controlcommand and controlcommand injectioncommunication protocolcompromised hostcompromised hostsconnectconpot activityconpot honeypotcowriecowrie activitycowrie attackscowrie honeypotcowrie interactioncowrie interactionscredential accesscredential attackscredential brute forcecredential harvestingcredential stuffingcredential-stuffingcredit card servicesctacvecve exploitationdata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase enumerationdatabase securityddosddos attackddos attacksddwrtdecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdirectory traversaldistributed attacksdnsdns attackenterprise networkingenumerationeuropeexploitexploit attemptsexploit kitexploit probingexploitationexploitation activityexploitation attemptsexploited hostexploitsexternal access attemptsfattfatt signaturesfilefin port scanfinancefinancial servicesfinancial technologyfinlandfranceftpftp brute forceftp brute-forcegermanygithubgpongroupshackinghoneynet connecthoneytrap datahoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/shungaryics securityidentity & access exploitationindiaindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinjection activityinjection attacksinternet of thingsinternet-wide scaninternetcensus-benignintrusion detectioniociot botnetiot exploitationiot securityiot targetediot/ics attackipv4ipv4 port scanningknown malicious iplamplamp attacklamp exploit attemptlamp exploitation attemptslamp server attacklamp stack attacklamp stack targetinglateral movementlinux serverslinux systemslinux-server-attacklogin attemptmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious email activitymalicious ip listmalicious ipsmalicious softwaremalicious ssh activitymalicious-login-attemptsmalicious_activitymalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmalware propagationmalware scanningmanualmass scanningmirai botnetmonthlymysql brute forcenetgearnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnorth americanull port scanoceaniaopen port detectionopen proxyoperating systemoperating system securityp0fp0f signaturespassword attackpassword attackspassword sprayingpayment processingphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible credential stuffingpossible exploit attemptpossible malware distributionpossible malware dropperpossible malware probingpossible mirai variantpotential compromisepotential lateral movementpotential malware uploadprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxypythonransomwarercereconnaissanceredis honeypotredishoneypotremote accessremote code executionremote service exploitationremote servicesresearchedresource developmentresource hijackingrouter vulnerabilityrtbhsansscanscannerscannersscanning activityscriptscripting attackssecurity eventsecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice discoveryservice scanservice scanningsftpsftp access attemptsftp activitysftp attacksftp probingsftp-attacksingaporesipsip brute forcesip scanningslugsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsocradar honeypotsora botnetspamsql injectionsql injection attemptssshssh attackssh monitoringssh-brute-forcesurface websuricata alertssyn port scansystembc botnett-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1078t1078.001t1083t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1199t1203t1204.002t1210t1486t1496t1497t1499.001t1499.002t1499.003t1505.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1590t1590.001t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcptcp protocoltcp scantelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottpotceudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized-access-attemptunited statesunited states of americauploadusvalid accountsverified-benignvnc protocolvoipvoip attackvulnerability scanvultrwealth managementweb app attackweb application attackweb application scanningweb attackweb attacksweb exploitweb exploitationweb scannerweb shellweb spamweb trafficweb-application-attackxmas port scan

Activity Timeline

1 total obs

Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

60%

Confidence

Reports

First seenJun 5, 2024

Last seenJun 6, 2026

GeolocationBE

CountryBelgium

LocationChicago, Illinois

ASNAS211680

OrgInap CHI

Coords41.8781, -87.6298

Proxy

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw: inetnum: 45.156.129.0 - 45.156.129.255 descr: INAP-CHI-1 netname: INAP-CHI-1 country: EU admin-c: DOT14-RIPE tech-c: DOT14-RIPE abuse-c: AR59913-RIPE status: ASSIGNED PA mnt-by: MNT-BST created: 2023-04-07T18:24:05Z last-modified: 2023-05-10T19:14:54Z source: RIPE remarks: https://internet-census.org remarks: Internet Census Group seeks to measure the global Internet with non-intrusive data collection techniques in order to analyze trends and benchmark security performance across a broad range of industries remarks: We are committed to upholding the security and privacy of the entire online community. As part of that mission, we maintain a list of entities that have contacted us and wish to prevent us from attempting to access their addresses or ports remarks: To have your IP address added to this list, provide us with the IP addresses you wish to remove via email to: [email protected] remarks: Please continue to update us if your IP addresses or networks change so we can continue to keep you opted out. You will receive a confirmation email when completed role: Data Operations address: 111 Huntington Ave Suite 2010 address: MA 02199 address: Boston address: UNITED STATES nic-hdl: DOT14-RIPE mnt-by: MNT-BST created: 2020-02-21T08:44:10Z last-modified: 2021-03-12T21:55:04Z source: RIPE # Filtered route: 45.156.129.0/24 origin: AS211680 mnt-by: MNT-BST created: 2023-04-07T18:25:52Z last-modified: 2023-04-07T18:25:52Z source: RIPE
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7351283849395363840-Qjt2?utm_source=share&utm_medium=member_desktop&rcm=ACoAADM4tMgBAoph1aAnRhGdecMXg-lVzkLrxyM, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, 462.txt, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7257396147508404225-BxAP?utm_source=share&utm_medium=member_desktop, http://cinsscore.com/list/ci-badguys.txt

`45.156.129.105`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy