IPMediumSignal 73/100

`199.45.155.104`

Location

United States

Hong Kong, Michigan

ASN

AS398722

Censys, Inc.

First Seen

Jan 25, 2024

Last Seen

Jun 10, 2026

Jan 25

First Seen

872d ago

Jun 10

Last Seen

5d ago

Reports

source reports

73%

Confidence

medium

12/91

VirusTotal

detections

Found in 44 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

73%

Signal Score

73 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

101 techniques

Network Information

Country

United States

RegionHong Kong, Michigan

ASNAS398722

OrganizationCensys, Inc.

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

44 reports73% confidence

Source reports

73%

Confidence score

Category tags

abuseabuseipdbaccessaccess controlaccount compromiseactive scanactive scanningadb attacksadb scanningadbhoney activityadbhoney honeypotamerican expressanomalous network connectionsapacheapache attackeraptasaasiaatif feedattachment phishingattackattack sourceattack surface discoveryattacker-ipaustraliaauthenticationauthentication abuseauthentication attemptsauto-generated securityautomated attackautomated attacksautomated emailautomated threatautomated-attackautomated_attackbad reputationbad web botbanlist feedbase64base64 encodingbecbeningbening scannerbinary defenseblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebulk emailc2c2 communicationc2 servercanadacensys-benigncertchinachina mobilecisco asacisco devicecisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco vulnerability exploitationcisco_device_attackcloud infrastructurecloud infrastructure attackcloud servicescncode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconnectconpot activityconpot attacksconpot honeypotconpot ics attacksconpot ics exploitationconpot interactioncontainer securitycowriecowrie activitycowrie attackscowrie capturecowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential phishingcredential stuffingcredential-stuffingcredential_stuffingctacurlcvedaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase exploit attemptsdatabase exploitation attemptsdatabase login attemptdatabase probingdatabase securitydatabase_serverdcerpcddosddos attackddospotdecoy systemdefense evasiondenial of servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandigitalocean ipdionaeadionaea activitydionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackdockerelasticpot activityelasticpot attackselasticpot dataelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit scanexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation_attemptexploited hostexploitsexposed servicesexposed services exploitationexternal access attemptsexternal remote servicesexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt detectionsfatt signaturesfilefinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forceftp scanninggalahgermanygithubgluttongopotgroupshackinghellpotheralding activityheralding attacksheralding probeshkhk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttpshttps scanninghuaweihurricane usicmpics securityics/scada attackics/scada attacksidentity & access exploitationimapimap attackindicatorindicators of compromiseindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinjection activityinjection attacksinternet-facinginternet-facing assetsinternet-facing serviceinternet-wide monitoringintrusion detectioniociocsiot device targetingiot securityiot targetediot/ics attackiot_attackipmi scanningipphoney activityipphoney honeypotipv4ipv4 addressipv4 addressesipv4-iocit infrastructurejapankibanakill-chain exploitationkill-chain reconnaissancelamplamp attacklamp attackslamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp server probelamp server targetlamp stacklamp stack attacklamp stack exploitationlamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlamp_stack_attacklateral movementlateral movement techniqueslcialinux serverslinux systemslinux-server-attacklinux_server_attackslog4potloginlogin attemptmailoney activitymailoney attackmailoney email attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious code detectionmalicious email detectionmalicious emailsmalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious network activitymalicious payload detectionmalicious python scriptsmalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptmalware downloadmalware hostingmalware propagationmalware_activitymanualmedium-riskmedpotmonthlymssqlmysql brute forcenation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork perimeternetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_enumerationnetwork_reconnaissancenetwork_scannorth americaoceaniaopenctip0fp0f network fingerprintingp0f os fingerprintingp0f signaturespasswordpassword attackpassword attackspassword crackingpassword sprayingpassword theftpayment fraudpgp signphishingphishing attackphishing campaignphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible malware distributionpossible malware propagationpossible mirai variantpotential botnet activitypotential credential compromisepotential exploit activitypotential exploit attemptspotential intrusionpotential malware deliverypotential malware distributionprice requestprice request scamprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy accesspythonransomwarerdp attacksreconnaissancereconnaissance activityredis exploitationredis exploitation attemptredis exploitation attemptsredis honeypotremote accessremote access attackremote service exploitationremote servicesremote_access_serviceresearchedresource hijackingsansscams & fraudscannerscanner ipscannersscanning activityschedule themescheduled task abusescriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice enumerationservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitation attemptsftp exploitation attemptssftp intrusion attemptssftp probingsftp-attackshell accessshell access attemptshell access attemptssipsip attackssip brute forcesip enumerationsip scanningsippslugsmb brute forcesmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradar honeypotsoftware developmentsoftware exploitationspamsql injectionsql injection attemptssshssh attackssh attacksssh brute-forcessh monitoringssh-brute-forcesurface websuricata alertsuricata alertssyn scansystem accesssystem discoverysystem disruptiont-pott1003t1003.001t1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1199t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550t1550.002t1550.003t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1587.001t1588t1588.002t1588.006t1589t1590t1590.001t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003t1598t1598.003ta0043 - reconnaissancetannertanner activitytanner eventstanner exploit kittanner honeypot activitytanner interactionstargeting databasetariff server compromisetariff server themetariffs servertcptcp protocoltcp scantelecommunicationtelecommunicationstelnettelnet attackstelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetimeouttop10.txttopips.txttor nodetpottpotcetype osintudp port scanudp scanunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized activityunauthorized loginunauthorized login attemptunauthorized network activityunauthorized probingunauthorized-access-attemptunited kingdomunited statesunknown threat actorusus noneverified-benignvnc protocolvoidtrapvoipvoip attackvpnvpn ipvulnerability scanvultrvultr infrastructurevultr tokyovultr-platformvultr_platform_activitywazuhweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploit attemptsweb exploitationweb exploitsweb login attemptweb scannerweb shellweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb_attackweb_serverwestpac new zealandwetransfer abusewgetwordpot

Activity Timeline

1 total obs

Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

73%

Confidence

Reports

First seenJan 25, 2024

Last seenJun 10, 2026

GeolocationUS

CountryUnited States

LocationHong Kong, Michigan

ASNAS398722

OrgCensys, Inc.

Coords22.3193, 114.1690

ProxyVPN

VirusTotal

12/ 91vendors flagged

13% detection rateJun 11, 2026

WHOIS

description: IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw: NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
references: https://github.com/telekom-security/tpotce, https://jamesbrine.com.au/vultrwarsaw-redis-bruteforce-ip-list-2025-08-04/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, http://cinsscore.com/list/ci-badguys.txt

`199.45.155.104`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy