IPMediumSignal 65/100
199.45.154.176
Location
United StatesNew York, New York
ASN
AS398722
Censys, Inc.
First Seen
Jan 15, 2024
Last Seen
Jun 19, 2026
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionNew York, New York
ASNAS398722
OrganizationCensys, Inc.
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
32 reports65% confidence
32
Source reports
65%
Confidence score
Category tags
abuseaccessaccess attemptaccess controlaccount compromiseaccount discoveryaccount securityackack scanactive reconnaissanceactive scanactive scanningadbhoney activityadbhoney honeypotadminadministrative accessagentalertamerican expressamerican express companyapacheapache attackeraptasiaasset discoveryattackattack attemptattack preparatoryattack surface discoveryattack vectorsattacker ipattacker-ipaustraliaauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attack attemptsautomated attacksautomated multi-vector probingautomated-attackautomated_attackbad ip'sbad reputationbad web botbeningbening scannerblacklist candidateblacklist ipblacklisted ipblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackbrute_force_attemptbruteforcec2c2 communicationc2 servercanadacensys-benignchinachina mobilecins activeciscocisco devicecisco device targetingcisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecncode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemsconnect scanconpotconpot activityconpot honeypotconpot ics attackscontainer securitycowriecowrie activitycowrie detected activitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential attackscredential brute-forcingcredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-accesscredential_accessctacurlcvecyber threatsdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdenialdenial of servicedevice managementdigital oceandigitalocean ipdigitalocean ipsdigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdirectory traversal probediscovery phasedistributed attacksdnsdns attackdockerdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationet dropeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexposed servicesexternal network scanexternal scanexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinancefinancial servicesfinlandfirewall detectionfirewall detection probefirewall probingfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scangalahgermanygithubgluttongopothackinghellpotheralding activityhkhk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttpshuaweiicmpics securityidentity & access exploitationids evasionimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial-accessinitial_accessinitial_access_attemptinjection activityinjection attacksinternet exposedinternet facing systemsinternet of thingsinternet-facinginternet-facing assetsinternet-scanninginternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion attemptintrusion detectioniociocsiosiot botnetiot securityiot targetediot/ics attackip-addressipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4-scanningipv4_activityipv4_addressipv4_indicatorsjapankfsensor honeypotkibanalamplamp exploitation attemptlamp server targetlamp stack targetinglatamlateral movementlisted sourcelog4potlogin attacklogin attemptlogin_attemptmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious infrastructuremalicious ipmalicious ip activitymalicious ip detectedmalicious ip listmalicious ipsmalicious ipv4malicious login attemptsmalicious network activitymalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptsmalware downloadmalware propagationmalware scanningmanualmass port scanmass scanningmass-scanningmasscanmedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmobile threatmssqlnation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-attacknetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork-scanningnetwork_activitynetwork_discoverynetwork_enumerationnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen proxyopen_port_discoveryoperating systemoperating system securityopportunistic attackeros detectionos fingerprintingos fingerprinting attemptp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trappingping of deathpolandpoor reputationportport-scanportscanpossible exploit attemptspossible malicious activitypossible reconnaissance activitypotential attackpotential attack vectorpotential credential compromisepotential intrusionpotential intrusion attemptpotential malicious activitypotential malware deploymentpotential malware propagationpotential threatpotential threat activitypotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpre-attackprivilege escalationprobing activityprocess injectionprotoprotocol exploitationproxyproxy accessproxy protocolpublic cloud targetingpythonransomwareransomware activityrcerdprdp attacksrdp scanrdp scanningreconnaissancereconnaissance activityredisredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypot activityremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrpcrtbhscams & fraudscanscannerscanner ipscannersscanning activityscanning_activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer datasentrypeer eventssentrypeer interactionsserver exploitationserviceservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftpsftp activitysftp attacksftp intrusion attemptsftp scanningshell accessshell access attemptsingaporesipsip attackssip brute forcesip scansip scanningsip vulnerability exploitationsippslugsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql injection probesql-injectionsshssh attackssh attacksssh monitoringssh scanssh scanningstealthstealth scansurface websuricata alertsuricata alertssweep scansynsyn port scansyn scansystem accesssystem discoverysystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1205t1205 traffict1210t1213t1486t1490t1496t1498t1498 networkt1499t1499 endpointt1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003ta0001 initialta0005 defenseta0040 impacttannertanner activitytanner detected activitytanner eventstanner exploitstanner interactionstargeting databasetcptcp port scanningtcp protocoltcp scantcp scanningtcp-scanningtcp_scantelecommunicationtelecommunicationstelnet attackstelnet scantelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetimeouttokyotor nodetorontotpottsecudp port scanudp port scanningudp scanudp-scanningudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized scanningunited kingdomunited statesunknown actorunknown threat actorunsolicited network probeusus abuseus noneverified-benignvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvulnerability-scanvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructure targetedvultr parisvultr tokyovultr-platformvultr_platform_activityweb app attackweb application attackweb application attacksweb attackweb exploitweb exploitationweb exploitsweb login attemptweb service scanningweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficweb-attackwells fargo bankwestpac new zealandwgetwinwindowswordpotxmasxmas port scanxmas scan
Activity Timeline
Jun 19Jun 19
Threat Activity Heatmap
· Peak: 2026-06-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
32
Reports
First seenJan 15, 2024
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationNew York, New York
ASNAS398722
OrgCensys, Inc.
Coords37.7510, -97.8220
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
- raw
- NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
- references
- https://jamesbrine.com.au/vultrparis-sip-bruteforce-ip-list-2025-09-08/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://github.com/telekom-security/tpotce, https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://example.com
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 8 days ago
Appeared in 32 threat reports