IPMediumSignal 63/100
45.156.129.60
Location
BelgiumChicago, Illinois
ASN
AS211680
Inap CHI
First Seen
Jun 5, 2024
Last Seen
Jun 8, 2026
Found in 38 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
63%
Signal Score
63 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBelgium
BelgiumRegionChicago, Illinois
ASNAS211680
OrganizationInap CHI
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
38 reports63% confidence
38
Source reports
63%
Confidence score
Category tags
a5 httpsa6 httpsabuseaccess attemptaccess controlaccount compromiseaccount securityactive scanactive scanningadb brute forceadbhoney honeypotadminadministrative accessapacheapache attackeraptatif feedattackattack vectorsattacking-ipsaustraliaauto-generated securityautomated attacksautomated threatautomated-attackbad reputationbad web botbanlist feedbebelgiumbinary defenseblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute force ftpbrute force sshbrute-forcebruteforcec2c2 communicationc2 servercanadacertciscocisco attackcisco brute forcecisco devicecisco device scanningcisco device targetingcisco exploitation attemptscitrix exploitation attemptcitrix securityclosecloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised credentialscompromised hostcompromised host detectioncompromised hostsconpotconpot activityconpot attackconpot honeypotcowriecowrie activitycowrie attackcowrie honeypotcowrie honeypot datacowrie interactionscowrie ssh attackscowrie ssh honeypotcredential accesscredential access attemptscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-harvestingcredential-stuffingdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase securityddosddos attackddos attacksddos attemptddos reflectiondecoy systemdenial of servicedevice managementdigital oceandigitalocean ipsdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversaldistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenv-huntingeuropeexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploitationexploitation activityexploitation attemptexploited hostexposed servicesexternal access attemptsexternal_threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegeckogermanyhackinghelloheralding activityhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanninghttp/httpshttp/shttpshttps scanninghungaryics attacksics securityidentity & access exploitationimapimap attackinbound scanindicatorindicators-of-compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinjection activityinjection attacksintel macinternet of thingsinternet-facinginternet-wide scaninternetcensus-benignintrusion detectioniociocsiot botnetiot device attacksiot securityiot targetediot/ics attackipv4ipv4 addressipv4 port scanningipv4_activitykfsensor honeypotkhtmllamplamp attacklamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlinux serverslinux systemlinux systemslinux x8664linux-server-attacklogin attemptmail protocol abusemailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious emailmalicious email activitymalicious file transfermalicious ipmalicious ip activitymalicious ip addressesmalicious ip listmalicious ipsmalicious network activitymalicious payloadmalicious payload detectionmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware delivery attemptsmalware detectionmalware distributionmalware hostingmalware propagationmanualmiraimirai botnetmobilemobile securitymonthlynetworknetwork activitynetwork attacksnetwork device attacknetwork device probingnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork intrusion detectionnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork_discoverynetwork_enumerationnginxnorth americanull scanoceaniaopen port detectionopen port enumerationopen proxyopenctioperating systemoperating system securityopportunistic attackopportunistic-attackos xp0fp0f network fingerprintingp0f signaturespassword attackpassword attackspassword crackingperimeter securityphishingphishing attackphishing trapphp exploitation attemptsping of deathpolandport-scanningportscanpossible botnet activitypossible malware propagationpossible mirai variantpotential botnet activitypotential compromisepotential intrusionpotential malicious activitypotential threat actorpotential vulnerability exploitationprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyptransomwarercerdprdp scanningreconnaissancereconnaissance activityredisredis attacksredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityremote accessremote access attemptremote servicesresearchedresource hijackingrtbhsansscams & fraudscanscannerscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationserver securityservice discoveryservice enumerationservice scanservice scanningsftpsftp activitysftp attacksftp attackssftp attemptssftp credential attacksftp exploitation attemptsftp intrusion attemptssftp-attackshellsipsip attackssip brute forcesip scansip scanningsip vulnerability scansmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptssshssh attackssh attacksssh brute-forcessh monitoringssh scanningssh-brute-forcestealth scansuricata alertssyn scansystem accesst1005t1016t1016.001t1016.002t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1040t1041t1046t1047t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1064t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1562t1563t1565t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1587.001t1589t1590t1590.001t1590.002t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeted scantargeting databasetcptcp protocoltcp scantelecommunicationstelnettelnet threattelnet-brute-forcethreat actorthreat actor: unknownthreat detectionthreat intelligencethreat preventionthreat-intelligencetor nodetorontotpotubuntuudp port scanudp scanunattributed threat actorunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized-access-attemptunited statesunited states of americaunknown threat actorususer enumerationverified-benignvnc protocolvoipvoip attackvulnerability scanvulnerability-scanningvultrweb app attackweb application attackweb application attacksweb application scanweb application scanningweb attackweb attacksweb exploitweb exploit attemptweb exploitationweb server attackweb service scanningweb shell detectionweb shell uploadweb spamweb trafficweb-application-attackwinwindowswindows ntxmas scan
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
63
SIGNAL
Signal Score
63%
Confidence
38
Reports
First seenJun 5, 2024
Last seenJun 8, 2026
GeolocationBE
CountryBelgium
LocationChicago, Illinois
ASNAS211680
OrgInap CHI
Coords47.4919, 19.0500
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
- raw
- inetnum: 45.156.129.0 - 45.156.129.255 descr: INAP-CHI-1 netname: INAP-CHI-1 country: EU admin-c: DOT14-RIPE tech-c: DOT14-RIPE abuse-c: AR59913-RIPE status: ASSIGNED PA mnt-by: MNT-BST created: 2023-04-07T18:24:05Z last-modified: 2023-05-10T19:14:54Z source: RIPE remarks: https://internet-census.org remarks: Internet Census Group seeks to measure the global Internet with non-intrusive data collection techniques in order to analyze trends and benchmark security performance across a broad range of industries remarks: We are committed to upholding the security and privacy of the entire online community. As part of that mission, we maintain a list of entities that have contacted us and wish to prevent us from attempting to access their addresses or ports remarks: To have your IP address added to this list, provide us with the IP addresses you wish to remove via email to: [email protected] remarks: Please continue to update us if your IP addresses or networks change so we can continue to keep you opted out. You will receive a confirmation email when completed role: Data Operations address: 111 Huntington Ave Suite 2010 address: MA 02199 address: Boston address: UNITED STATES nic-hdl: DOT14-RIPE mnt-by: MNT-BST created: 2020-02-21T08:44:10Z last-modified: 2021-03-12T21:55:04Z source: RIPE # Filtered route: 45.156.129.0/24 origin: AS211680 mnt-by: MNT-BST created: 2023-04-07T18:25:52Z last-modified: 2023-04-07T18:25:52Z source: RIPE
- references
- https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-02/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-01/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-05-01/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-30/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-30/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-29/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-28/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-29/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-27/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-25/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-24/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-22/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-20/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-20/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-19/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-15/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-14/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-12/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-13/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-12/
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 6 days ago
Appeared in 38 threat reports