IOC Radar
IPMediumSignal 62/100

199.45.154.178

Location
United StatesUnited States
New York, New York
ASN
AS398722
Censys, Inc.
First Seen
Jan 15, 2024
Last Seen
Jun 21, 2026
Jan 15
First Seen
888d ago
Jun 21
Last Seen
yesterday
28
Reports
source reports
62%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

101 techniques

Network Information

CountryUSUnited States
RegionNew York, New York
ASNAS398722
OrganizationCensys, Inc.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

28 reports62% confidence
28
Source reports
62%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount discoveryaccount securityackack scanactive reconnaissanceactive scanactive scanningadbhoney honeypotadministrative accessagentalertamerican express companyapacheapache attackerapi servicesapplication layer protocolaptasiaattackattack attemptattack preparatoryattack source ipattack surface discoveryattack vectorsattacker-ipaustraliaauthenticationauthentication abuseauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attacksautomated threatsautomated-attackautomated_attackbad ip'sbad reputationbad web botbanner grabbing attemptbeningbening scannerblacklist candidateblacklist ipblacklisted ipblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbrute_force_attemptc2 communicationc2 servercanadacensys-benignchinachina mobilecins activeciscocisco devicecisco device attackcisco exploit attemptcisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecncode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnect scanconpot activityconpot attackconpot honeypotcontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh logscredential accesscredential attackcredential attackscredential brute-forcingcredential guessingcredential harvestingcredential stuffingcredential_accesscredentialscurlcvedata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos preparationddos probeddospotdecoy systemdenial of servicedenial-of-servicedevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean ipdigitalocean ipsdionaeadionaea activitydionaea attackdionaea attacksdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationet dropeu cyber policieseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal network scanexternal scanexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall detectionfirewall evasionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scangalahgermanygithubgluttongopothackinghellpotheralding activityheralding attemptshkhk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshoneytrap logshong konghttp attackhttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttpshuaweiicmpicmp scanics securityics/scada attackidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access vectorinitial_accessinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing assetsinternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scaninternet_scannersinternet_wide_scanintrusion attemptintrusion detectioniociosiot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 activityipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_activityipv4_addressipv4_indicatorsjapankfsensor honeypotkibanalamplamp attacklamp exploitlamp exploit attemptlamp exploitation attemptslamp server attacklamp stack attacklateral movementlcialisted sourcelog4potlogin attacklogin attemptlogin_attemptlouisiana networkmailoney activitymailoney attackmailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious infrastructuremalicious ipmalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious scanmalicious softwaremalicious trafficmalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptsmalware downloadmalware propagationmalware scanningmanualmass port scanmass scanningmass scanning activitymasscanmasscan activitymedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmobile threatmssqlnation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_discoverynetwork_enumerationnetwork_intrusionnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnmap scannmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port identificationopen proxyopen_port_discoveryoperating systemoperating system securityopportunistic attackeros detectionos fingerprintingp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trappingping of deathpolandpoor reputationportportscanpossible exploit attemptspossible malicious activitypossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanningpotential botnetpotential compromisepotential exploit targetingpotential intrusion attemptpotential malwarepotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprocess injectionprotoprotocol exploitationproxyproxy accessproxy protocolpublic cloud targetingpythonransomwareransomware activityrcerdp attacksrdp scanrdp scanningreconnaissancereconnaissance activityred piranharedis honeypotregional securityremote accessremote access attackremote access attemptsremote code executionremote servicesresearchedresource hijackingrpcrtbhscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscanning_activityscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftpsftp access attemptsftp attacksftp attemptsftp attemptssftp scanningshell accessshell access attemptsingaporesipsip attackssip brute forcesip scanningsip vulnerability exploitationsip vulnerability scansippslugsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh scanssh scanningstealthstealth scanstealth scan techniquessurface websuricata alertsuricata alertssuspected malicious activitysynsyn port scansyn scansystem accesssystem discoverysystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1571t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploit attemptstanner exploitstanner interactionstargeted scantargeting databasetcptcp protocoltcp scantcp scanningtcp-scanningtcp_scantelecommunicationtelecommunicationstelnettelnet attackstelnet scantelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetimeouttokyotor nodetorontotpottpotcetsecudp port scanudp scanudp-scanningudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunauthorized probingunauthorized scanningunauthorized_access_attemptunited kingdomunited statesunknown actorunknown threat actorunsolicited network probeusus abuseus noneverified-benignversion detectionvnc protocolvoidtrapvoipvoip attackvoip servicesvulnerability scanvulnerability-exploitationvultrvultr cloud infrastructurevultr infrastructure targetedvultr parisvultr tokyovultr-platformvultr_platform_activityweak credentialsweb apisweb app attackweb application attackweb application attacksweb applicationsweb attackweb developmentweb exploitweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb service scanningweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb technologiesweb trafficwells fargo bankwgetwordpotxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 21Jun 21

Threat Activity Heatmap

· Peak: 2026-06-21
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
28
Reports
First seenJan 15, 2024
Last seenJun 21, 2026
GeolocationUS
CountryUnited States
LocationNew York, New York
ASNAS398722
OrgCensys, Inc.
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
raw
NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: AS398722 Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 1 day ago
Appeared in 28 threat reports