IOC Radar
IPMediumSignal 46/100

5.154.1.252

Location
SpainSpain
Elche, Valencia
ASN
AS29119
Airenetworks
First Seen
Jan 11, 2025
Last Seen
Jun 7, 2026
Jan 11
First Seen
515d ago
Jun 7
Last Seen
3d ago
12
Reports
source reports
46%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
46%
Signal Score
46 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

47 techniques

Network Information

CountryESSpain
RegionElche, Valencia
ASNAS29119
OrganizationAirenetworks

Feed Intelligence Summary

12 reports46% confidence
12
Source reports
46%
Confidence score
Category tags
active scanactive scanningadbhoney honeypotantispamapplication layer protocolattackattacker ipsaustraliaauthentication abuseauthentication attackauthentication attemptauthentication bypassbad reputationblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcecisco devicecommand and controlcommand injectioncommunication protocolconpot honeypotcowrie activitycowrie honeypotcredential accesscredential attackcredential harvestingcredential stuffingdata exfiltrationdata exfiltration attemptsdata store exposuredatabase attacksdatabase exploitation attemptdatabase securityddosdecoy systemdevice managementdionaea honeypotdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringenterprise networkingeseuropeexploitexploit attemptsexploitationexploitation activityexploitation attemptexploitation attemptsfattftpftp attacksftp brute forceftp brute-forceheralding activityheralding projecthoneytrap honeypothttp brute forcehttp scannerics securityidentity & access exploitationindicatorindicators of compromiseindustrial control systemsinitial accessinjection activityiot attacksiot device targetingiot securityiot/ics attackipphoney honeypotipv4ipv4 attackslamplamp vulnerability scanlateral movementlog4jlogin attackmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware deliverymalware deployment attemptsmalware distributionnetworknetwork activitynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probenetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork-based attack attemptsoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trapprocess injectionprotocol exploitationrdp attacksreconnaissanceredis honeypotremote accessremote access attemptsremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetserver exploitationservice scansftp access attemptsftp attacksftp exploitationsip brute forcesip scanningsmtpsmtp attackersmtp attackssocial engineeringspainspamsql injectionsql injection attemptsshssh attackssh attacksssh brute-forcessh monitoringt1018t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.002t1563t1565t1566.001t1566.002t1566.003t1566.004t1583t1588.004t1589.002t1595t1595.001t1595.002t1595.003tannertargeting databasetelecommunicationstelnet attackstelnet threatthreat actorthreat actor activitythreat detectionthreat intelligencethreat intelligence feedtor nodetpotunauthorized loginunauthorized login attemptsvnc protocolvoipvoip attackvulnerability scanweb application attacksweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
46
SIGNAL
Signal Score
46%
Confidence
12
Reports
First seenJan 11, 2025
Last seenJun 7, 2026
GeolocationES
CountrySpain
LocationElche, Valencia
ASNAS29119
OrgAirenetworks
Coords40.4172, -3.6840

VirusTotal

Not checked

WHOIS

description
2025-06-09T21:59:00.249Z Honeypot : Heralding : Source: 5.154.1.252 : Username/Password: pRoXYuSeR/123456 Port: 1080 Message: 2025-06-09 21:59:00.249583,1dbf4a77-636f-4e6a-ab6f-37eb9c7517b9,448d1565-4d24-4348-8773-b34792dd26d6,5.154.1.252,49881,99.18.26.21,1080,socks5,pRoXYuSeR,123456,
raw
inetnum: 5.154.0.0 - 5.154.127.255 netname: ES-AIRENETWORKS-20120719 country: ES org: ORG-ANDM1-RIPE admin-c: JMG284-RIPE tech-c: JMG284-RIPE status: ALLOCATED PA mnt-by: mnt-es-airenetworks-1 mnt-by: RIPE-NCC-HM-MNT created: 2019-06-05T12:09:31Z last-modified: 2019-06-05T12:09:31Z source: RIPE organisation: ORG-ANDM1-RIPE org-name: AIRE NETWORKS DEL MEDITERRANEO SL UNIPERSONAL country: ES org-type: LIR address: Calle Santiago Ramon y Cajal Numero 11, Parque Empresarial address: 03203 address: Elche address: SPAIN phone: +34 911090000 admin-c: JMG284-RIPE tech-c: MT18159-RIPE tech-c: ZG726-RIPE abuse-c: AR50182-RIPE mnt-ref: mnt-es-airenetworks-1 mnt-by: RIPE-NCC-HM-MNT mnt-by: mnt-es-airenetworks-1 created: 2019-01-07T15:30:34Z last-modified: 2020-12-16T13:39:10Z source: RIPE # Filtered person: JOSE MIGUEL GARCIA address: Calle Santiago Ramon y Cajal Numero 11, Parque Empresarial address: 03203 address: Elche address: SPAIN phone: +34 911090000 nic-hdl: JMG284-RIPE mnt-by: mnt-es-airenetworks-1 created: 2019-01-07T15:30:32Z last-modified: 2019-01-07T15:30:33Z source: RIPE route: 5.154.0.0/17 descr: Airenetworks Route origin: AS29119 mnt-by: SERVIHOSTING-MNT created: 2014-05-05T12:52:00Z last-modified: 2019-09-04T14:17:00Z source: RIPE
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 days ago
Appeared in 12 threat reports