IPMediumSignal 72/100
199.45.154.116
Location
United StatesNew York, Kowloon
ASN
AS398722
Censys, Inc.
First Seen
Jan 15, 2024
Last Seen
Jun 18, 2026
Found in 42 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
72%
Signal Score
72 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionNew York, Kowloon
ASNAS398722
OrganizationCensys, Inc.
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
42 reports72% confidence
42
Source reports
72%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningadbadb scanadb scanningadbhoney activityadbhoney attackadbhoney honeypotamerican express companyanomalous network connectionsapacheapache attackerapplication exploitationapplication layer protocolaptasiaattackaustraliaauthenticationauthentication attackauthentication attacksauthentication attemptautomated attackautomated attacksautomated threatsautomated-attackbad reputationbad web botbeningbening scannerblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2c2 communicationc2 servercanadacensys-benignchinachina mobileciscocisco asacisco attackcisco devicecisco device targetedcisco device targetingcisco exploit attemptcisco exploit attemptscisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescisco targetedcisco_exploitcitrix attack attemptcitrix exploitation attemptcitrix securitycloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecncolumnscommand & controlcommand and controlcommand executioncommand injectioncommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnectconpot activityconpot attackconpot attacksconpot honeypotconpot interactioncowriecowrie activitycowrie attackcowrie attackscowrie capturecowrie datacowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie sshcowrie ssh honeypotcowrie_attackcredential accesscredential attackcredential brute forcecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential stuffing attemptscredential-stuffingcredential_accessctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase exploitdatabase exploitation attemptdatabase exploitation attemptsdatabase probingdatabase scandatabase securityddosddos attackddos attacksddos attemptddos probedecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea payloadsdistributed attacksdnsdns attackelasticpot activityelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeuropeexecutable fileexploitexploit attemptexploit attemptsexploit kitexploit probingexploit public-facing applicationexploit scanexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal scanningexternal threatexternal-threatexternal_threatfattfatt detectionsfatt signaturesfin port scanfin scanfinlandfrancefraud voipftpftp attackftp brute forceftp brute-forceftp scangermanygithubgroupshackingheralding activityhkhk abusehandlerhoneynet connecthoneytrap activityhoneytrap attackhoneytrap datahoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/httpshttp/shttpshttps scanninghuaweihurricane usicmpicsics securityidentity & access exploitationimapimap attackimap brute forceindicatorindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinitial access attemptsinitial_accessinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing serviceinternet-scanningintrusion attemptintrusion detectioniociocsiosiot attackiot botnetiot deviceiot device targetingiot securityiot targetediot/ics attackipmi scanipphoney activityipphoney honeypotipv4ipv4 port scanningipv4 scanningipv4-iocipv4-scanningipv4_activityjapankfsensor honeypotkill-chain exploitationkill-chain reconnaissancelamplamp attacklamp attack attemptlamp attackslamp exploitlamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp_exploitlateral movementlinux exploitlinux malwarelinux serverlinux system targetinglinux systemslinux targetlinux targetslinux-server-attacklinux_server_attackslogin attemptlogin attemptslogin brute forcelow-riskmail service attackmailoney activitymailoney attackmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious ip activitymalicious ip listmalicious login attemptsmalicious network activitymalicious payloadmalicious payload detectionmalicious softwaremalicious software detectionmalicious ssh activitymalicious trafficmalicious-login-attemptsmalicious_activitymalwaremalware analysismalware attemptmalware behaviourmalware capturemalware delivery attemptmalware delivery attemptsmalware distributionmalware distribution attemptmalware distribution attemptsmalware download attemptmalware download attemptsmalware hostingmalware payloadmalware propagationmalware scanningmalware_activitymanualmass scanningmass-scanningmirai botnetmobile threatmssqlmssql brute forcemysql brute forcenation-state activitynetworknetwork attacksnetwork devicenetwork device exploitationnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service exploitationnetwork service scanningnetwork traffic analysisnetwork-discoverynetwork_discoverynorth americanull port scannull scanoceaniaopen port detectionopen proxyosintp0fp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trapphp injection attemptspolandpop3 brute forceport-scanningportscanpossible botnet activitypossible exploit attemptspossible malware distributionpossible mirai variantpotential botnet activitypotential compromisepotential credential theftpotential exploit activitypotential intrusionpotential intrusion attemptpotential malware distributionpotential malware uploadpotential reconnaissancepotential threat activitypre-attackprocess injectionprotocol exploitationprotocol-abuseproxypythonransomwarerdp scanningreconnaissancereconnaissance activityredis attacksredis exploitationredis honeypotredishoneypot activityredishoneypot attackremote accessremote access attemptremote service exploitationremote servicesresearchedresource hijackingsansscadascams & fraudscannerscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice scansftpsftp access attemptsftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitation attemptssftp intrusion attemptssftp probingsftp scanningsftp-attacksftp_attacksipsip attackssip brute forcesip enumerationsip scansip scanningsip_attackslugsmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotspamsql injectionsql injection attemptsql injection attemptssshssh attackssh brute-forcessh monitoringssh scanssh-brute-forcessh_bruteforcesslsurface websuricata alertssyn port scansyn scansystem accesssystem discoverysystem reconnaissancet-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1048t1053t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1539t1550.002t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1589t1590t1590.001t1590.004t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner eventstanner interactionstargeting databasetcptcp protocoltcp scantelecommunicationtelecommunicationstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttokyotop10.txttopips.txttor nodetorontotpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunauthorized-access-attemptunited statesunix targetsunknown threat actorusus abuseus noneus originus sourceuser enumerationvalid accountsverified-benignvnc protocolvoipvoip attackvoip systemsvpnvulnerability scanvulnerability-scanningvultrvultr cloud infrastructurevultr parisvultr-platformweak credentialsweb app attackweb application attackweb application attacksweb application scanweb application scanningweb attackweb attacksweb exploitweb exploitationweb scannerweb serverweb server attackweb serversweb service attacksweb shellweb shell attemptweb shell uploadweb spamweb trafficweb-application-attackweb_attackwells fargo bankwindows malwarewindows system targetingxmas port scanxmas scan
Activity Timeline
Jun 18Jun 18
Threat Activity Heatmap
· Peak: 2026-06-18LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
72
SIGNAL
Signal Score
72%
Confidence
42
Reports
First seenJan 15, 2024
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationNew York, Kowloon
ASNAS398722
OrgCensys, Inc.
Coords22.3193, 114.1690
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: AS398722 Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 8 days ago
Appeared in 42 threat reports