IPMediumSignal 62/100
45.156.129.164
Location
United StatesChicago, Illinois
ASN
AS211680
Inap CHI
First Seen
Jun 5, 2024
Last Seen
Jun 15, 2026
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionChicago, Illinois
ASNAS211680
OrganizationInap CHI
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
23 reports62% confidence
23
Source reports
62%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbhoney activityadbhoney honeypotanomalous network connectionsapacheapache attackerapache http serveraptarbitrary command executionarbitrary file uploadasiaattackaustraliaauto-generated securityautomated attackautomated attacksautomated threatautomated_attackback orificebad reputationbad web botblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnetactivitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec2canadacgi-bin path traversalchina mobilecisco devicecisco device targetingcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud servicescolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromised credentialscompromised hostcompromised systemsconnected devicescowriecowrie attackscowrie emulationcowrie honeypotcowrie interactionscowrie ssh honeypotcredential accesscredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingdaily_sourcesdasan gpondata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase securityddosddos attackddwrtdecoy systemdenial of servicedenial-of-service attemptdevice managementdhcpdictionary attackdigital oceandionaeadionaea capturedionaea exploitsdionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksdnsdns attackelasticsearchencryptionenterprise networkingeuropeexecutable fileexploitexploit attemptexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexposed servicesexternal access attemptsfattfatt detectionsfatt signaturesfilefinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegermanygponhackinghk abusehandlerhoneynet connecthoneytrap datahoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp daemonhttp probinghttp request anomalieshttp scannerhttp scanninghttp/shungaryhurricane usidentity & access exploitationimapinbound scanindicatorindustrial iotinformation gatheringinitial accessinitial_accessinjection activityinjection attacksinternet of thingsinternet-facing serviceinternet_wide_scaninternetcensus-benignintrusion detectioniociocsiot analyticsiot applicationsiot platformsiot securityiot targetedipv4ipv4 addressipv4_indicatorsjapanlamplamp server attacklamp stack attacklamp stack targetinglateral movementldaplinuxlinux serverslinux systemslinux_server_attackslogin attemptmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious ip activitymalicious ipsmalicious login attemptsmalicious payload detectionmalicious softwaremalicious trafficmalwaremalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware_activitymssqlnetgear dgn1000networknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork traffic analysisnorth americantpoceaniaopen proxyoraclep0fp0f signaturespassword attackpassword attackspgp signphishingphishing attackphishing trapping of deathpolandportscanpossible botnet activitypossible exploit attemptpossible malware distributionpossible mirai variantpotential exploit activityprocess injectionprotocol exploitationproxyransomwarereconnaissancereconnaissance activityremote accessremote command injectionremote servicesresearchedresource hijackingsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice scanservice scanningsftp access attemptssftp activitysftp attacksftp attackssftp exploitationsip attackssip scanningsmart devicessmb attackssmb brute forcesmtpsmtp brute forcesmtp probingsocial engineeringsocks5socradar honeypotsora botnetspamsql injectionsshssh attackssh attacksssh monitoringsuricata alertssystem accesst1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1083t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1590t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat intelligencethreat preventiontimeouttop10.txttopips.txttor nodetorontotpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized loginunited statesunknown threat actorusus noneverified-benignvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvultrweb app attackweb application attackweb attackweb exploitweb exploitationweb exploitsweb serverweb server attacksweb spamweb trafficweb_attack
Activity Timeline
Jun 15Jun 15
Threat Activity Heatmap
· Peak: 2026-06-15LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
23
Reports
First seenJun 5, 2024
Last seenJun 15, 2026
GeolocationUS
CountryUnited States
LocationChicago, Illinois
ASNAS211680
OrgInap CHI
Coords41.8781, -87.6298
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
- raw
- inetnum: 45.156.129.0 - 45.156.129.255 descr: INAP-CHI-1 netname: INAP-CHI-1 country: EU admin-c: DOT14-RIPE tech-c: DOT14-RIPE abuse-c: AR59913-RIPE status: ASSIGNED PA mnt-by: MNT-BST created: 2023-04-07T18:24:05Z last-modified: 2023-05-10T19:14:54Z source: RIPE remarks: https://internet-census.org remarks: Internet Census Group seeks to measure the global Internet with non-intrusive data collection techniques in order to analyze trends and benchmark security performance across a broad range of industries remarks: We are committed to upholding the security and privacy of the entire online community. As part of that mission, we maintain a list of entities that have contacted us and wish to prevent us from attempting to access their addresses or ports remarks: To have your IP address added to this list, provide us with the IP addresses you wish to remove via email to: [email protected] remarks: Please continue to update us if your IP addresses or networks change so we can continue to keep you opted out. You will receive a confirmation email when completed role: Data Operations address: 111 Huntington Ave Suite 2010 address: MA 02199 address: Boston address: UNITED STATES nic-hdl: DOT14-RIPE mnt-by: MNT-BST created: 2020-02-21T08:44:10Z last-modified: 2021-03-12T21:55:04Z source: RIPE # Filtered route: 45.156.129.0/24 origin: AS211680 mnt-by: MNT-BST created: 2023-04-07T18:25:52Z last-modified: 2023-04-07T18:25:52Z source: RIPE
- references
- https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 10 days ago
Appeared in 23 threat reports