IOC Radar
IPMediumSignal 81/100

199.45.154.189

Location
United StatesUnited States
New York, New York
ASN
AS398722
Censys, Inc.
First Seen
Jan 15, 2024
Last Seen
Jun 19, 2026
Jan 15
First Seen
889d ago
Jun 19
Last Seen
4d ago
33
Reports
source reports
81%
Confidence
medium
Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
81%
Signal Score
81 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

108 techniques

Network Information

CountryUSUnited States
RegionNew York, New York
ASNAS398722
OrganizationCensys, Inc.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

33 reports81% confidence
33
Source reports
81%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount discoveryaccount securityack scanactive reconnaissanceactive scanactive scanningadbhoney honeypotadministrative accessaegisagentalertamberamerican express companyapacheapache attackerapplication layer protocolaptasiaasset discoveryattackattack attemptattack preparatoryattack surface discoveryattack vectorsattacker-ipaustraliaauthenticationauthentication attacksauthentication attemptsauto-generated securityautomated attacksautomated-attackautomated_attackbad ip'sbad reputationbad web botbeningbening scannerblacklist candidateblacklist ipblacklisted ipblock listblock ratebotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebrute_force_attackbrute_force_attemptc2c2 communicationc2 servercanadacensys-benignchinachina mobilecins activeciscocisco devicecisco device targetingcisco exploit attemptcisco exploitation attemptcisco exploitation attemptscitrix exploitationcitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecncode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised hostcompromised hostscompromised systemsconnect scanconpot emulationconpot honeypotconpot interactioncontainer securitycorazacowriecowrie attackscowrie detected activitycowrie emulationcowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential attackscredential brute-forcingcredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-accesscredential_accessctacurlcvecyber threatsdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcomdcom exploitationddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdenialdenial of servicedevice managementdigital oceandigitalocean environmentdigitalocean ipdigitalocean ipsdigitalocean platformdionaeadionaea activitydionaea attacksdionaea emulationdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdiscovery phasedistributed attacksdnsdns attackdockerdropsdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenumeration activityet dropeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexposed servicesexternal network scanexternal scanexternal scanningexternal threatexternal-scanningexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinancefinancial servicesfinlandfirewall detectionfirewall detection probefirewall probingfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forceftp scanftp scanninggalahgermanygithubgluttongopothackinghellpotheralding activityhkhk abusehandlerhoneynet connecthoneytrap activityhoneytrap emulationhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scanhttp scannerhttp scanninghttpshuaweiicmpicmp scanics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access vectorinitial_accessinitial_access_attemptinjection activityinjection attacksinternet exposedinternet facing systemsinternet of thingsinternet-facinginternet-scanninginternet-wide monitoringinternet-wide observationinternet-wide scaninternet_scaninternet_wide_scanintrusion attemptintrusion detectioniociocsiosiot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 addressipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4-scanningipv4_activityipv4_addressipv4_indicatorsitalyjapankfsensor honeypotkibanalamplamp attacklamp attackslamp exploitlamp exploitation attemptlamp stack exploitationlamp stack targetinglamp vulnerability exploitationlatamlateral movementlisted sourcelog4potlogin attacklogin attemptlogin_attemptmail protocol attacksmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious infrastructuremalicious ipmalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious login attemptsmalicious network activitymalicious scanmalicious softwaremalicious trafficmalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptsmalware downloadmalware propagationmalware scanningmanualmass port scanmass scanningmass-scanningmasscanmedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmobile threatmssqlmysqlnation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_activitynetwork_discoverynetwork_enumerationnetwork_intrusionnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen_port_discoveryoperating systemoperating system securityopportunistic attackeros detectionos fingerprintingos fingerprinting attemptp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trappingping of deathpolandpoor reputationportportscanpossible exploit attemptspossible malicious activitypossible malware distributionpossible vulnerability probingpostpotential attack vectorpotential intrusion attemptpotential malware activitypotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpre-attackprivilege escalationprocess injectionprotoprotocol exploitationproxyproxy accessproxy protocolpublic cloud targetingpythonransomwareransomware activityrcerdp attacksrdp scanrdp scanningreconnaissancereconnaissance activityredisredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrpcrtbhscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscanning_activityscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationserviceservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftpsftp access attemptsftp attacksftp attackssftp attemptssftp scanningshell accessshell access attemptsingaporesipsip attackssip brute forcesip exploitationsip scansip scanningsip vulnerability scansippskypeslugsmbsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scansmtp scanningsnaresocial engineeringsocradarsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh scanssh scanningstealth scanstealth scan techniquessurface websuricata alertsuricata alertssuspected malicious activitysynsyn port scansyn scansynacksystem accesssystem discoverysystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1082t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1199t1203t1204t1204.002t1205t1205 traffict1210t1213t1486t1490t1496t1498t1498 networkt1499t1499 endpointt1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003t1608ta0001 initialta0005 defenseta0040 impacttannertanner activitytanner detected activitytanner eventstanner exploitstanner interactionstargeting databasetcptcp port scanningtcp protocoltcp scantcp scanningtcp-scanningtcp_scantelecommunicationtelecommunicationstelnettelnet attackstelnet attemptstelnet scantelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetimeouttokyotor nodetorontotpottpotcetsecudpudp port scanudp port scanningudp scanudp-scanningudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized network activityunauthorized probingunauthorized scanningunited kingdomunited statesunknown actorunknown threat actorunsolicited network probeusus abuseus noneverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanvulnerability-exploitationvulnerability-scanningvultrvultr cloud infrastructurevultr infrastructurevultr infrastructure targetedvultr parisvultr tokyovultr-platformvultr_platform_activityweb app attackweb application attackweb application attacksweb attackweb exploitweb exploitationweb exploitsweb login attemptweb service scanningweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficwells fargo bankwgetwordpotxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
81
SIGNAL
Signal Score
81%
Confidence
33
Reports
First seenJan 15, 2024
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationNew York, New York
ASNAS398722
OrgCensys, Inc.
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
raw
NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: AS398722 Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references
https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-11/, https://jamesbrine.com.au/vultrmelbournetest-sip-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-12/, https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/digitaloceantoronto-sip-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-10/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-08/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-04-07/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-04-06/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-04-06/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 4 days ago
Appeared in 33 threat reports