IPMediumSignal 97/100
45.179.236.159
Location
BrazilSão Luís, Maranhão
ASN
AS269194
ST1 INTERNET
First Seen
Aug 4, 2024
Last Seen
May 30, 2026
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
97%
Signal Score
97 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryBrazil
BrazilRegionSão Luís, Maranhão
ASNAS269194
OrganizationST1 INTERNET
Feed Intelligence Summary
9 reports97% confidence
9
Source reports
97%
Confidence score
Category tags
active scanactive scanningadbhoney honeypotantispamattackbotnetbotnet activitybrbrazilbrute forcebrute force attackbrute-forcebrute_forcebruteforcecommand and controlcommunication protocolcompromised credentialscowrie honeypotcredential accesscredential harvestingcredential stuffingdata exfiltrationdata exfiltration attemptsdata store exposuredatabase securitydecoy systemdionaea honeypotdionaea malware analysisdistributed attackselasticpot honeypotelasticsearch monitoringexploitation activityexploitation attemptexploitation attemptsftpftp_bruteforceheralding attack patternhttp scannerhttp_scanhttps_scanidentity & access exploitationindicatorinjection activityiot securitylateral movementlog4jmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware deployment attemptsnetworknetwork attack attemptsnetwork scanningnetwork securitynetwork service scanningnorth americapassword attacksphishingphishing attackphishing trappossible botnet activityprocess injectionprotocol exploitationproxypython script activityreconnaissanceremote accessremote servicesresearchedresource hijackingscannerscanning activityscripting attackssentrypeer botnetservice scansftp access attemptsftp attacksip brute forcesocial engineeringsouth americaspamsql injection attemptssh attackssh monitoringssh_bruteforcet1021t1021.001t1040t1041t1046t1055t1059t1059.007t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1583t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet threattelnet_bruteforcethreat actorthreat intelligencetor nodeunauthorized accessunauthorized access attemptunited statesvoipvoip attackweb attackweb exploitationweb traffic
Activity Timeline
May 30May 30
Threat Activity Heatmap
· Peak: 2026-05-30LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Intelligence SummaryAI Generated
This indicator of compromise (IOC), an IPv4 address with a very high threat score of 96.69 and no whitelisting, signals a significant and active threat to organizational security. Its presence within network logs or security alerts mandates immediate investigation, as it strongly suggests an ongoing or attempted compromise. Such an IP address is likely involved in various stages of an attack, ranging from initial reconnaissance and exploitation attempts to potentially more advanced post-compromi…
Threat ScoreHigh Risk
97
SIGNAL
Signal Score
97%
Confidence
9
Reports
First seenAug 4, 2024
Last seenMay 30, 2026
GeolocationBR
CountryBrazil
LocationSão Luís, Maranhão
ASNAS269194
OrgST1 INTERNET
Coords-2.5278, -44.3049
VirusTotal
Not checked
WHOIS
- description
- 2025-07-05T08:32:10.613Z Honeypot : Heralding : Source: 45.179.236.159 : Username/Password: adMIn/mynoob Port: 1080 Message: 2025-07-05 08:32:10.613312,ecfd9833-b8dd-4b0a-9193-3c479ae6c338,42b23eaa-3085-41d6-a05f-973e19f3e285,45.179.236.159,60622,99.18.26.18,1080,socks5,adMIn,mynoob,
- references
- https://github.com/telekom-security/tpotce
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 1 year ago · Last seen 14 days ago
Appeared in 9 threat reports