IOC Radar
IPMediumSignal 57/100

45.230.66.45

Location
ArgentinaArgentina
Oliveros, S
ASN
AS266702
Megalink S.R.L
First Seen
Aug 14, 2024
Last Seen
Apr 7, 2026
Aug 14
First Seen
671d ago
Apr 7
Last Seen
70d ago
17
Reports
source reports
57%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
57%
Signal Score
57 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryARArgentina
RegionOliveros, S
ASNAS266702
OrganizationMegalink S.R.L

Feed Intelligence Summary

17 reports57% confidence
17
Source reports
57%
Confidence score
Category tags
abuseaccessaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotarargentinaasiaattackauto-generated securityback orificebad reputationbankingbotnetbotnet activitybrute forcebrute force attackcgi vulnerabilitychinacommand and controlcommunication protocolcompromised credentialscowriecowrie activitycowrie attackcowrie honeypotcredential accesscredential harvestingcredential stuffingcredit card servicesctad-link exploitdasan gpon exploitdata exfiltrationdata store exposureddosddos attackddos attacksdecoy systemdenial of servicedionaeadionaea activitydionaea attackdionaea honeypotdistributed attacksemailexploitation activityfinancefinance and insurancefinancial servicesfinancial technologyftp brute forcegithubgroupshnap soapaction-header injectionhoneytrap activityhoneytrap honeypothttp scanneridentity & access exploitationindexindiaindicatorinformation technologyinjection activityinternet of thingsintrusion detectioniot botnetiot securityiot/ics attackkfsensor honeypotlamplamp attacklamp stack attackloginmailoney activitymailoney honeypotmalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemirai botnetmozi botnetnetgear exploitnetworknetwork attacksnetwork intrusionnetwork probingnetwork scanningnetwork securitynorth americapassword attackspayment processingphishingphishing attackphishing trapprocess injectionprotocol exploitationpythonransomwarercereconnaissanceremote accessremote code executionremote servicesresearchedresource hijackingscanscannerscanner detectionscanning activityscriptscripting attackssecurity policysentrypeer activitysentrypeer botnetsftpsftp activitysftp attacksipsip scanningslugsocial engineeringsouth americasshssh attackssh monitoringsurface websystembc botnett1021t1021.001t1021.002t1040t1041t1055t1056.001t1059t1059.001t1059.004t1059.007t1071.001t1076t1078t1078.001t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner attacktcp protocoltcp/23tcp/80telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotceunited statesvoipvoip attackvulnerability scanwealth managementweb application attackweb attackweb exploitationweb scannerweb trafficzgrab scanner

Activity Timeline

1 total obs
Apr 7Apr 7

Threat Activity Heatmap

· Peak: 2026-04-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
57
SIGNAL
Signal Score
57%
Confidence
17
Reports
First seenAug 14, 2024
Last seenApr 7, 2026
GeolocationAR
CountryArgentina
LocationOliveros, S
ASNAS266702
OrgMegalink S.R.L
Coords-32.6631, -60.8023

VirusTotal

Not checked

WHOIS

description
2025-02-01T20:22:02.391Z Honeypot : Tanner : Source: 45.230.66.45 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}, 'sess_uuid': '431d900c-ee6a-4e7a-8fa4-5d66e6d62ab2'}}}
raw
Socket not responding: [Errno 111] Connection refused
references
https://github.com/telekom-security/tpotce, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7287144968912097280-UHce?utm_source=share&utm_medium=member_desktop, https://www.linkedin.com/posts/starlightintel_cybersecurity-cyberattack-rce-activity-7280583808536494081-qojh?utm_source=share&utm_medium=member_desktop

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 17 threat reports