IOC Radar
IPMediumSignal 65/100

199.45.154.181

Location
United StatesUnited States
New York, New York
ASN
AS398722
Censys, Inc.
First Seen
Jan 15, 2024
Last Seen
Jun 19, 2026
Jan 15
First Seen
891d ago
Jun 19
Last Seen
6d ago
32
Reports
source reports
65%
Confidence
medium
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

100 techniques

Network Information

CountryUSUnited States
RegionNew York, New York
ASNAS398722
OrganizationCensys, Inc.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

32 reports65% confidence
32
Source reports
65%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningadb scanningadbhoney activityadbhoney honeypotadministrative accessamerican express companyapplication layer protocolapplication scanningaptasiaasset discoveryattackattack attemptattack preparatoryattack surface discoveryattack vectorsattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attacksautomated-attackautomated_attackbad ip'sbad reputationbad web botbeningbening scannerblacklist candidateblacklist ipblacklisted ipblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackbrute_force_attemptbruteforcec2c2 communicationc2 servercanadacensys-benignchinachina mobileciscocisco devicecisco device attackcisco device targetingcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscitrix attackcitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecncode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycommunication technologiescompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnect scanconpot activityconpot attackconpot exploitationconpot honeypotconpot ics attackconpot ics attacksconpot interactioncontainer securitycowriecowrie activitycowrie attackcowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute-forcingcredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential_accesscredential_guessingctacurlcvedata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdenial of servicedevice managementdigital oceandigitalocean environmentdigitalocean ipdigitalocean ipsdigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdirectory traversal probediscovery phasedistributed attacksdnsdns attackdockerelasticpot activityelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenumeration attempteuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexposed servicesexternal scanexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinlandfirewall detectionfirewall evasionfirewall probingfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scangalahgermanygithubgluttongopothackinghellpotheralding activityheralding attacksheralding attemptshkhk abusehandlerhoneynet connecthoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttpshuaweiicmpics securityics/scada attackidentity & access exploitationids evasionimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access vectorinitial_accessinitial_access_attemptinjection activityinjection attacksinternal scaninternet exposedinternet facing systemsinternet of thingsinternet-facinginternet-facing assetsinternet-scanninginternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scannersinternet_wide_scanintrusion attemptintrusion detectioniociocsiosiot botnetiot device targetingiot securityiot targetediot/ics attackipmi scanningipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4-scanningipv4_activityipv4_addressipv4_addressesipv4_indicatorsjapankfsensor honeypotkibanalamplamp attacklamp exploit attemptlamp exploitation attemptslamp server targetinglamp stack attacklamp stack targetinglamp vulnerability exploitationlateral movementlog4potlogin attacklogin attemptlogin attemptslogin brute forcelogin_attemptmailoney activitymailoney attackmailoney attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious infrastructuremalicious ipmalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious login attemptsmalicious network activitymalicious payload detectionmalicious scanmalicious softwaremalicious trafficmalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptsmalware downloadmalware propagationmanualmass port scanningmass-scanningmasscanmasscan activitymassive port scanmedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmobile carriersmobile networksmobile threatmssqlnation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_discoverynetwork_enumerationnetwork_intrusionnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port enumerationopen port identificationopen proxyoperating systemoperating system securityopportunistic attackeros detectionos fingerprintingp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapphp exploitping of deathpolandportscanpossible exploit attemptspossible malware distributionpossible vulnerability probingpotential attack vectorpotential exploit targetingpotential intrusion attemptpotential malwarepotential malware deliverypotential reconnaissance activitypotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpre-attackprivilege escalationprobing activityprocess injectionproduction_environment_threatprotocol exploitationproxyproxy accessproxy protocolpublic cloud targetingpythonransomwareransomware activityrdp attacksrdp scanrdp scanningreconnaissancereconnaissance activityredis exploitation attemptredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrpcrtbhscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscanning_activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptssftp scanningshell accessshell access attemptsingaporesipsip attackssip brute forcesip protocolsip scansip scanningsip vulnerability exploitationsip vulnerability scansip_brute_forcesip_vicioussippskypeslugsmbsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssql injection probesshssh attackssh attacksssh monitoringssh scanssh scanningssh_brute_forcestealthstealth scanstealth scan techniquessurface websuricata alertsuricata alertssweep scansynsyn port scansyn scansystem accesssystem discoverysystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.003t1590.005t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploit kittanner exploitstanner interactionstanner web attacktargeted scantargeting databasetcptcp port scanningtcp protocoltcp scantcp-scanningtelecom servicestelecommunicationtelecommunicationstelnettelnet attackstelnet attemptstelnet scantelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetimeouttokyotor nodetorontotpottpotceudp port scanudp port scanningudp scanudp-scanningunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized network activityunauthorized probingunauthorized scanningunauthorized_access_attemptunited kingdomunited statesunknown actorunknown threat actorusus abuseus nonevalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-exploitationvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructure targetedvultr parisvultr tokyovultr-platformvultr_platform_activityweb app attackweb application attackweb application attacksweb application scanningweb attackweb exploitweb exploitationweb exploitsweb login attemptweb service scanningweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficwells fargo bankwgetwordpotxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
32
Reports
First seenJan 15, 2024
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationNew York, New York
ASNAS398722
OrgCensys, Inc.
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: AS398722 Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://example.com, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 6 days ago
Appeared in 32 threat reports