IPMediumSignal 59/100

`45.156.129.108`

Location

Belgium

Chicago, Brussels Hoofdstedelijk Gewest

ASN

AS211680

Inap CHI

First Seen

Jun 5, 2024

Last Seen

Jun 5, 2026

Jun 5

First Seen

735d ago

Jun 5

Last Seen

6d ago

Reports

source reports

59%

Confidence

medium

Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

59%

Signal Score

59 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

67 techniques

Network Information

Country

Belgium

RegionChicago, Brussels Hoofdstedelijk Gewest

ASNAS211680

OrganizationInap CHI

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

32 reports59% confidence

Source reports

59%

Confidence score

Category tags

abuseabuseipdbaccess controlaccount compromiseaccount securityactive scanactive scanningadministrative accessapacheapache attackerapache path traversalaptasiaasset discoveryattackaustraliaauto-generated securityautomated attacksautomated threatautomated-attackautomated_attackback orificebad reputationbad web botbankingbebelgiumblacklist candidateblacklist ipblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 communicationc2 servercanadacertcisco asa targetedcisco devicecisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised system attemptconpot activityconpot honeypotcowriecowrie activitycowrie attackscowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential brute-forcecredential harvestingcredential stuffingcredential-stuffingcredit card servicescvecve exploitationcve-listd-link exploitdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase enumerationdatabase securityddosddos attackddos attacksddos probeddwrt rcedecoy systemdefault credential abusedenial of servicedevice managementdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware collectiondirectory traversaldistributed attacksdnsdns attackencryptionenterprise networkingenumerationeuropeexploitexploit attemptsexploit kitexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexploitsexternal access attemptsfattfatt signaturesfinancefinancial servicesfinancial technologyfinlandfortios exploitfranceftpftp attackftp brute forceftp brute-forcegermanygpon router exploithackinghoneynet connecthoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshungaryhydraics securityidentity & access exploitationindicatorindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet exposedinternet of thingsinternet-facinginternetcensus-benignintrusion detectioninvalid credentialsinvalid login attemptsiociot botnetiot device exploitationiot securityiot targetediot/ics attackipv4ipv4 activityipv4_addressjapanknown malicious iplamplamp attacklamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack targetinglateral movementlinux serverlinux serverslinux systemslinux-server-attacklogin attemptlogin attemptsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious email activitymalicious login attemptsmalicious scanmalicious softwaremalicious ssh activitymalicious-login-attemptsmalwaremalware behaviourmalware capturemalware delivery attemptmalware distributionmalware propagationmanualmedusamirai botnetmobile threatmodbusmonthlymssqlmysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork_reconnaissancenetwork_scanningnmapnorth americaoceaniaopen port detectionoperating systemoperating system securityp0fp0f signaturespassword attackpassword attackspayment processingphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible credential stuffingpossible exploit attemptpossible malware distributionpossible malware dropperpossible malware probingpossible mirai variantpotential intrusion attemptpotential lateral movementpotential reconnaissanceprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy protocolransomwarereconnaissancereconnaissance activityremote accessremote code executionremote service exploitationremote servicesresearchedresource hijackingsansscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsserver exploitationservice discoveryservice enumerationservice scanservice scanningsftp access attemptsftp access attemptssftp activitysftp attacksftp probingsftp-attacksip brute forcesip scanningsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsshssh attackssh monitoringssh-brute-forcesuricata alertssyn scanningsystem accesssystembct-pott1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1589t1590t1590.001t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat preventionthreat_discoverytor nodetpottpotceudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized-access-attemptunauthorized_access_attemptunidentified threat actorunited statesunited states of americausvalid accountsverified-benignvoipvoip attackvulnerability scanvultrwealth managementweb app attackweb application attackweb application attacksweb application probingweb application scanningweb attackweb attacksweb exploitweb exploitationweb scannerweb spamweb trafficweb-application-attackzgrab

Activity Timeline

1 total obs

Jun 5Jun 5

Threat Activity Heatmap

· Peak: 2026-06-05

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

59%

Confidence

Reports

First seenJun 5, 2024

Last seenJun 5, 2026

GeolocationBE

CountryBelgium

LocationChicago, Brussels Hoofdstedelijk Gewest

ASNAS211680

OrgInap CHI

Coords50.8504, 4.3488

Proxy

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=honeytrap, p0f; threshold?1; private IPs excluded. geo=PT; ports=8983 Location=Sydney, Australia.
raw: inetnum: 45.156.129.0 - 45.156.129.255 descr: INAP-CHI-1 netname: INAP-CHI-1 country: EU admin-c: DOT14-RIPE tech-c: DOT14-RIPE abuse-c: AR59913-RIPE status: ASSIGNED PA mnt-by: MNT-BST created: 2023-04-07T18:24:05Z last-modified: 2023-05-10T19:14:54Z source: RIPE remarks: https://internet-census.org remarks: Internet Census Group seeks to measure the global Internet with non-intrusive data collection techniques in order to analyze trends and benchmark security performance across a broad range of industries remarks: We are committed to upholding the security and privacy of the entire online community. As part of that mission, we maintain a list of entities that have contacted us and wish to prevent us from attempting to access their addresses or ports remarks: To have your IP address added to this list, provide us with the IP addresses you wish to remove via email to: [email protected] remarks: Please continue to update us if your IP addresses or networks change so we can continue to keep you opted out. You will receive a confirmation email when completed role: Data Operations address: 111 Huntington Ave Suite 2010 address: MA 02199 address: Boston address: UNITED STATES nic-hdl: DOT14-RIPE mnt-by: MNT-BST created: 2020-02-21T08:44:10Z last-modified: 2021-03-12T21:55:04Z source: RIPE # Filtered route: 45.156.129.0/24 origin: AS211680 mnt-by: MNT-BST created: 2023-04-07T18:25:52Z last-modified: 2023-04-07T18:25:52Z source: RIPE

`45.156.129.108`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy