IPMediumSignal 66/100
45.156.129.88
Location
BelgiumChicago, Illinois
ASN
AS211680
Inap CHI
First Seen
Jun 5, 2024
Last Seen
Jun 8, 2026
Found in 39 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
66%
Signal Score
66 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBelgium
BelgiumRegionChicago, Illinois
ASNAS211680
OrganizationInap CHI
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
39 reports66% confidence
39
Source reports
66%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount securityactive scanactive scanningadbadb brute forceadb scanadb_protocoladbhoney activityadbhoney attackadbhoney attacksadbhoney honeypotadministrative accessand exploitation attemptsandroid device attacksapacheapache attackeraptasiaattackattack surface discoveryattacker ipattacker-ipaustraliaauthentication failureauto-generated securityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbebelgiumblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcec2c2 communicationc2 servercanadacertchinacisco attackcisco attackscisco devicecisco device attackcisco device scanningcisco device targetingcisco exploit attemptscisco exploitation attemptcisco exploitation attemptscisco logscisco vulnerability exploitationcloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostcompromised hostsconnect scanconpot activityconpot attackconpot attacksconpot honeypotcontainer securitycowriecowrie activitycowrie attackscowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcingcredential compromisecredential harvestingcredential stuffingcredential-stuffingcredential_accesscredential_guessingcurldata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase exploit attemptsdatabase login attemptdatabase probingdatabase securitydatabase-serverdcerpcdcom exploitationddosddos attackddos attacksddos attemptddos preparationddos probeddos reflectionddospotdecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea logsdionaea malware collectiondionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot activityelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationeu cyber policieseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kitexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploit_attemptsexploitationexploitation activityexploitation attemptexploitation of vulnerabilityexploitation_attemptexploited hostexternal access attemptsexternal threatextortionfattfatt detectionsfatt signaturesfin scanfinlandfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp_protocolgalahgermanygithubgluttongopotgroupshackinghellpotheralding activityhoneynet connecthoneytrap activityhoneytrap attackhoneytrap datahoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp probinghttp scannerhttp scanninghttp/shttp_protocolhttpshttps scanninghungaryicsics securityics/scadaics/scada attacksidentity & access exploitationimapimap attackindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptinitial_accessinitial_access_attemptinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing serviceinternetcensus-benignintrusion detectioniociocsiot attacksiot botnetiot securityiot targetediot/ics attackip-address-iocipmi scanipp_protocolipphoney honeypotipv4ipv4 addressesjapankibanalamplamp attacklamp attackslamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack targetinglamp vulnerability scanlateral movementlcialinux malwarelinux serverslinux systemslinux-server-attacklinux-systemlinux_server_attackslog4potlogin attacklogin attemptlondonmail protocol abusemailoney eventsmailoney honeypotmailoney interactionsmailoney logsmalicious activitymalicious activity detectedmalicious emailmalicious emailsmalicious loginmalicious network activitymalicious payloadmalicious payload attemptmalicious payload detectionmalicious scanmalicious script executionmalicious softwaremalicious ssh activitymalicious trafficmalicious-login-attemptsmalicious_activitymalwaremalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptsmalware downloadmalware download attemptsmalware payloadmalware_activitymalware_distribution_attemptmanualmedpotmicrosoft technologiesmirai botnetmobile threatmodbus attacksmssqlmysql brute forcenetworknetwork attacksnetwork device attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-devicenetwork_devicenetwork_enumerationnetwork_intrusionnetwork_scanningnorth americanull scanoceaniaopen port detectionopenctioperating systemoperating system securityopportunistic attacksos command injectionos fingerprintingp0fp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackphishing trapphp exploitation attemptsphp injection attemptsping of deathpolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible malware distributionpossible malware propagationpossible mirai variantpossible vulnerability scanningpotential botnetpotential botnet activitypotential exploit activitypotential exploit targetingpotential malicious activitypotential malware activitypotential malware deliverypotential malware deploymentpotential malware distributionpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability scanprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy accesspythonransomwarereconnaissancereconnaissance activityredis brute forceredis exploitationredis exploitation attemptsredis honeypotredis honeypot attackredis honeypot attacksredishoneypot activityregional securityremote accessremote access attackremote access attacksremote servicesresearchedresource hijackingrpcs7comm attackssansscams & fraudscanscannerscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer logsserver exploitationservice detectionservice discoveryservice enumerationservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp scanningsftp-attacksftp_protocolshell accessshell access attemptsipsip attackssip brute forcesip probingsip scanningsip_protocolsippslugsmb attackssmb brute forcesmb exploitationsmb_protocolsmtpsmtp attacksmtp attackersmtp brute forcesmtp probingsmtp_protocolsnaresocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh-brute-forcessh_protocolsurface websuricata alertsuricata alertssyn scansyn_scansystem disruptiont-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1053.005t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1072t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1547t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.004t1590.006t1592t1592.002t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner attackstanner eventstanner interactionstanner logstargeting databasetcp protocoltcp scantcp scanningtcp/3306telecommunicationstelnet threattelnet-brute-forcetelnet_protocolthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventiontor nodetpottpotceudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized loginunauthorized login attemptunauthorized-access-attemptunidentified attackerunited kingdomunited statesunited states of americaunknown threat actorusvalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvoip attacksvulnerability scanvultrvultr tokyoweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploit attemptweb exploit attemptsweb exploitationweb login attemptweb server attacksweb shellweb shell attemptweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb-serverweb_applicationweb_application_attackweb_attackwgetwindows malwarewordpotxmas scanxmas_scan
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
66
SIGNAL
Signal Score
66%
Confidence
39
Reports
First seenJun 5, 2024
Last seenJun 8, 2026
GeolocationBE
CountryBelgium
LocationChicago, Illinois
ASNAS211680
OrgInap CHI
Coords41.8781, -87.6298
Proxy
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
- raw
- inetnum: 45.156.129.0 - 45.156.129.255 descr: INAP-CHI-1 netname: INAP-CHI-1 country: EU admin-c: DOT14-RIPE tech-c: DOT14-RIPE abuse-c: AR59913-RIPE status: ASSIGNED PA mnt-by: MNT-BST created: 2023-04-07T18:24:05Z last-modified: 2023-05-10T19:14:54Z source: RIPE remarks: https://internet-census.org remarks: Internet Census Group seeks to measure the global Internet with non-intrusive data collection techniques in order to analyze trends and benchmark security performance across a broad range of industries remarks: We are committed to upholding the security and privacy of the entire online community. As part of that mission, we maintain a list of entities that have contacted us and wish to prevent us from attempting to access their addresses or ports remarks: To have your IP address added to this list, provide us with the IP addresses you wish to remove via email to: [email protected] remarks: Please continue to update us if your IP addresses or networks change so we can continue to keep you opted out. You will receive a confirmation email when completed role: Data Operations address: 111 Huntington Ave Suite 2010 address: MA 02199 address: Boston address: UNITED STATES nic-hdl: DOT14-RIPE mnt-by: MNT-BST created: 2020-02-21T08:44:10Z last-modified: 2021-03-12T21:55:04Z source: RIPE # Filtered route: 45.156.129.0/24 origin: AS211680 mnt-by: MNT-BST created: 2023-04-07T18:25:52Z last-modified: 2023-04-07T18:25:52Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 6 days ago
Appeared in 39 threat reports