Summary (Bottom Line Up Front)
IP address 45.156.129.164 (AS211680 Sistemas Informaticos, S.A.) conducted vulnerability scanning activities against multiple targets from March 2, 2026 22:00 through March 19, 2026 04:00. The threat is assessed as MEDIUM severity based on reconnaissance behavior patterns and maximum AbuseIPDB reputation score. Immediate blocking and enhanced monitoring of vulnerable web paths is recommended.
Activity Timeline
INITIAL REPORT2026-03-20T07:52:43Z
Source: Analyst Manual Entry
IP address 45.156.129.164 (AS211680 Sistemas Informaticos, S.A.) conducted vulnerability scanning activities against multiple targets from March 2, 2026 22:00 through March 19, 2026 04:00. The threat is assessed as MEDIUM severity based on reconnaissance behavior patterns and maximum AbuseIPDB reputation score. Immediate blocking and enhanced monitoring of vulnerable web paths is recommended.
Technical details
- Source: 45.156.129.164 (US-based, AS211680)
- Activity Period: 17-day campaign with 52 total events
- Protocols: HTTP, TCP, TCP/SYN scanning
- Attack Vector: Vulnerability path enumeration targeting 2 unique destination ports
- MITRE ATT&CK: T1595.002 (Active Scanning: Vulnerability Scanning)
- Reputation: AbuseIPDB score 100/100 indicating confirmed malicious activity
- Behavioral Pattern: Systematic scanning for exploitable web application paths
IOCs
IP:45.156.129.164
ASN:211680
COUNTRY:US
Recommendations
- Block IP address 45.156.129.164 at network perimeter and web application firewalls
- Review and harden web applications against common vulnerability scanning techniques
- Implement rate limiting on web services to mitigate automated scanning attempts
- Monitor for similar scanning patterns from AS211680 (Sistemas Informaticos, S.A.) address space
- Validate security posture of services running on the two targeted destination ports identified in this campaign