IOC Radar
IPMediumSignal 71/100

199.45.154.151

Location
United StatesUnited States
New York, Kowloon
ASN
AS398722
Censys, Inc.
First Seen
Jan 15, 2024
Last Seen
Jun 15, 2026
Jan 15
First Seen
887d ago
Jun 15
Last Seen
6d ago
40
Reports
source reports
71%
Confidence
medium
Found in 40 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

99 techniques

Network Information

CountryUSUnited States
RegionNew York, Kowloon
ASNAS398722
OrganizationCensys, Inc.

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

40 reports71% confidence
40
Source reports
71%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbadb attacksadbhoney activityadbhoney alertsadbhoney honeypotapacheapache attackeraptasiaatif feedattackattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attacksautomated enumerationautomated reconnaissance activityautomated threatautomated-attackautomated_attackbad reputationbad web botbanlist feedbeningbening scannerbinary defenseblock listblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcebrute-force attackbrute-force-attackbrute_forcebruteforcec2c2 communicationc2 servercanadacensys-benignchinachina mobilecisco asacisco attackcisco devicecisco device attackscisco device targetedcisco exploitcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco_device_attackcitrix brute forcecitrix securityclosecloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnected devicesconpotconpot activityconpot honeypotconpot ics attackconpot ics exploitationconpot interactioncontainer securitycowriecowrie activitycowrie attackscowrie honeypotcowrie honeypot detectioncowrie interactioncowrie interactionscowrie logscowrie sshcowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-accesscredential-attackcredential-stuffingcredential_accesscredential_stuffingctacurldata encryptiondata exfiltrationdata harvesting attemptsdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase exploitdatabase exploitationdatabase exploitation attemptsdatabase login attemptdatabase probingdatabase securitydatabase_serverdcerpcddosddos attackddos attemptddospotdecoy systemdenial of servicedevice managementdictionary attackdictionary_attackdigital oceandionaeadionaea activitydionaea attacksdionaea detectiondionaea exploitsdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackdockerelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation_attemptexploited hostexternal access attemptsexternal threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin scanfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegalahgeckogermanygithubgluttongopothackinghellohellpotheralding activityheralding probeshkhk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpshttps scanningicmpics securityics/scada attacksidentity & access exploitationimapimap attackimap brute forceindicatorindicators of compromiseindustrial control systemsindustrial iotinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginitial accessinitial access attemptinitial_accessinjection activityinjection attacksintel macinternet of thingsinternet-facing serviceinternet-wide scanintrusion detectioniociocsiot analyticsiot applicationsiot attackiot attacksiot platformsiot securityiot targetediot/ics attackiot_attackipphoney activityipphoney honeypotipv4it infrastructurekfsensor honeypotkhtmlkibanaknown malicious iplamplamp attacklamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stack attacklamp stack attackslamp stack exploitationlamp stack targetedlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp_stack_attacklateral movementlateral movement attemptlateral movement techniqueslcialinuxlinux exploitlinux serverslinux systemslinux x8664linux-server-attacklinux_server_attackslog4potloginlogin attemptmailoney activitymailoney attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious file transfermalicious ip activitymalicious login attemptsmalicious network activitymalicious payloadmalicious sftp activitymalicious softwaremalicious software detectionmalicious ssh activitymalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware distribution attemptmalware downloadmalware download attemptsmalware propagationmalware_activitymanualmasscanmedpotmelbourne regionmobilemobile securitymssqlmysql brute forcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicesnetwork-reconnaissancenetwork_reconnaissancenmapnorth americanull scanoceaniaos fingerprintingos xp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword-guessingperimeter securitypgp signphishingphishing attackphishing trapping of deathpolandpop3 brute forceport-scanningportscanpossible exploit attemptpossible malware distributionpossible malware dropperpossible malware infectionpossible malware payloadpossible mirai variantpotential botnet activitypotential compromisepotential credential theftpotential exploitpotential exploit activitypotential exploit attemptspotential intrusionpotential malwarepotential vulnerability assessmentprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accesspythonransomwareransomware activityrdp attacksreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityremote accessremote code executionremote service exploitationremote servicesremote_access_serviceresearchedresource developmentresource hijackingrtbhsansscams & fraudscanscannerscanner detectionscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attacksentrypeer sip attacksserver exploitationserver securityservice discoveryservice enumerationservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitation attemptsftp probingsftp scanningsftp-attackshell accessshell access attemptsipsip attackssip brute forcesip enumerationsip scanningsip vulnerability scansippslugsmart devicessmb attackssmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradar honeypotsoftware developmentsoftware exploitationspamspam campaignssql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh brute-forcessh monitoringssh-brute-forcesurface websuricata alertsuricata alertssynsyn scansystem accesssystem discoverysystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1048t1053t1053.005t1055t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1486t1490t1496t1497t1499.001t1499.002t1499.003t1505.002t1505.004t1539t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstanner web attacktargeting databasetcp protocoltcp scantcp/3306telecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttor nodetpotubuntuudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized-access-attemptunited kingdomunited statesunknown threat actorunusual network trafficusus abuseus noneverified-benignvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-scanningvultrvultr infrastructure targetedweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb crawling detectionweb exploitweb exploitationweb login attemptweb scannerweb serverweb server attacksweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb-serversweb_attackweb_serverwgetwindows ntwordpotxmasxmas scanzmap

Activity Timeline

1 total obs
Jun 15Jun 15

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
40
Reports
First seenJan 15, 2024
Last seenJun 15, 2026
GeolocationUS
CountryUnited States
LocationNew York, Kowloon
ASNAS398722
OrgCensys, Inc.
Coords22.3193, 114.1690
ProxyVPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
raw
NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: AS398722 Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://chiraba.com:8443/hourly, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 6 days ago
Appeared in 40 threat reports