IPMediumSignal 68/100
199.45.155.110
Location
United StatesHong Kong, Kowloon
ASN
AS398722
Censys, Inc.
First Seen
Jan 25, 2024
Last Seen
Jun 12, 2026
Found in 40 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
68%
Signal Score
68 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionHong Kong, Kowloon
ASNAS398722
OrganizationCensys, Inc.
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
40 reports68% confidence
40
Source reports
68%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseackactionactive scanactive scanningadb_protocoladbhoney activityadbhoney attackadbhoney honeypotand exploitation attemptsanomalous network connectionsapacheapache attackerapi servicesaptasiaatif feedattachment phishingattackattack vectorsattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication failureauthentication-attemptsauto-generated securityautomated attackautomated attack attemptsautomated attacksautomated emailautomated threatautomated threatsautomated-attackautomated_attackbad reputationbad web botbanlist feedbase64base64 encodingbecbeningbening scannerbinary defenseblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebrute_force_attackbruteforcebulk emailc2c2 communicationc2 servercensys-benignchinachina mobilecisco asa targetedcisco attackcisco devicecisco device attackcisco device targetedcisco device targetingcisco devices targetingcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco exploitscisco_device_attackcitrix securitycloud infrastructurecloud infrastructure attackcloud servicescncode executioncode injectioncode-injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised system attemptcompromised systemsconfigconnectconpot activityconpot attackconpot honeypotcontainer securitycontent deliverycowriecowrie activitycowrie attackcowrie attackscowrie emulationcowrie honeypotcowrie interactionscowrie login attemptscowrie logscowrie sshcowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh loginscredential accesscredential attackcredential attackscredential guessingcredential harvestingcredential phishingcredential stuffingcredential-stuffingcredential_accesscredential_guessingcredential_stuffingcssctacurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase exploitation attemptdatabase login attemptdatabase probingdatabase securitydatabase_serverdcerpcddosddos attackddos attack indicatorsddos attemptddos preparationddos probeddospotdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea exploitsdionaea honeypotdionaea interactionsdionaea malware collectiondiscovery phasedistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeu cyber policieseuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit kitsexploit probingexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploitation_attemptexploited hostexternal access attemptsexternal threatextortionfattfatt analysisfatt signaturesfinfinlandfirewall evasionfranceftpftp attackftp attacksftp brute forceftp brute-forceftp scanftp scanningftp_protocolgalahgermanygithubgluttongopotgroupshackinghellpotheralding activityheralding attackshkhk abusehandlerhomehoneynet connecthoneytrap activityhoneytrap attackhoneytrap datahoneytrap eventshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scanhttp scannerhttp scanninghttp/shttp_protocolhttpshttps scanninghurricane usics securityics/scada attackidentity & access exploitationimapimap attackimap brute forceindicatorindicators of compromiseindustrial control systemsinfoinfrastructure acquisitionreconnaissanceinitial accessinitial-accessinitial_accessinitial_access_attemptinjection activityinjection attacksinternet-facing serviceinternet-wide scaninternet_wide_scanintrusion detectioniociocsiot attackiot securityiot targetediot/ics attackiot_attackip-addressipp_protocolipphoney activityipphoney honeypotipv4ipv4 addressesipv4_indicatorsjapankibanaknown malicious iplamplamp attacklamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp server attackslamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack targetinglamp vulnerability scanlamp_stack_attacklateral movementlcialinuxlinux systemslinux-server-attacklinux-server-attackslinux_server_attackslog4potlogin attacklogin attemptmailoney activitymailoney attackmailoney attacksmailoney honeypotmailoney interactionsmailoney trafficmalicious activitymalicious activity detectedmalicious code detectionmalicious emailmalicious ip activitymalicious ip listmalicious ipsmalicious login attemptsmalicious network activitymalicious payloadmalicious payload attemptmalicious payload detectionmalicious sftpmalicious softwaremalicious software detectionmalicious software targetingmalicious trafficmalicious-activitymalicious-login-attemptsmalicious_activitymalwaremalware activitymalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware distribution attemptmalware distribution attemptsmalware downloadmalware landingmalware propagationmalware_activitymalware_distribution_attemptmanualmedpotmssqlmssql brute forcemysql brute forcenetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork_intrusionnetwork_reconnaissancenetwork_scanningnorth americanull scanoceaniaopen port identificationopencanaryopenctip0fp0f fingerprintingp0f os fingerprintingp0f signaturespasswordpassword attackpassword attackspassword sprayingpassword theftpassword-guessingpayment fraudperimeter securitypgp signphishingphishing attackphishing campaignphishing trappingping of deathpolandpop3 brute forceport-scanport-scanningportscanpossible botnet activitypossible credential stuffingpossible exploit attemptpossible malware activitypossible malware distributionpossible malware dropperpossible malware propagationpossible mirai variantpotential botnetpotential compromisepotential credential theftpotential exploitpotential exploit activitypotential lateral movementpotential malware distributionpotential threat actorprice requestprice request scamprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abuseproxyproxy accesspythonrandomransomwareransomware activityraspberry-pirdp attacksrdp exploitationrdp scanreconnaissancereconnaissance activityredis exploitation attemptsredis honeypotredishoneypotredishoneypot activityredishoneypot attackregional securityremote accessremote access attemptsremote code executionremote service exploitationremote servicesremote_access_serviceresearchedresource developmentresource hijackingsansscams & fraudscannerscannersscanning activityschedule themescheduled task abusescriptscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionsserverserver exploitationserver securityservice enumerationservice probingservice scansftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp attemptssftp exploitationsftp exploitation attemptsftp probingsftp scanningsftp traffic analysissftp-attacksftp_protocolshell accessshell access attemptshell access attemptssipsip attackssip brute forcesip scanningsip vulnerability probingsip vulnerability scansip_protocolsippslugsmb attackssmb brute forcesmb_protocolsmtpsmtp attackersmtp attackssmtp brute forcesmtp probesmtp probingsmtp scansmtp scanningsmtp traffic analysissmtp_protocolsnaresocial engineeringsocradar honeypotsoftware exploitationsourcespamsql injectionsql injection attemptsql injection attemptssql-injectionsshssh attackssh attacksssh monitoringssh scanssh-brute-forcessh_protocolsurface websuricata alertsuricata alertssynsyn scansystem accesssystem disruptiont-pott1003t1003.001t1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1055t1056t1057t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1072t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1192t1195t1203t1204t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1539t1550t1550.002t1550.003t1552.001t1555t1555.005t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1583t1583.001t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.002t1590t1590.001t1590.004t1590.006t1592t1595t1595.001t1595.002t1595.003t1598t1598.003tannertanner activitytanner attacktanner exploitationtanner exploitstanner interactionstargeting databasetariff server compromisetariff server themetariffs servertcptcp port scanningtcp protocoltcp scantelecommunicationstelnet attackstelnet attemptstelnet scantelnet threattelnet-brute-forcetelnet_protocolthreat actorthreat actor activitythreat detectionthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpottpotceudp port scanudp port scanningudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized-access-attemptunited kingdomunited statesunknown actorunknown threat actorusus ip addressus noneus sourceuservalid accountsverified-benignvnc protocolvoidtrapvoipvoip attackvoip servicesvpnvpn ipvulnerability scanvulnerability-scanvultrvultr infrastructureweak credentialsweb apisweb app attackweb application attackweb application attacksweb application probingweb application scanningweb applicationsweb attackweb attacksweb developmentweb exploitweb exploitationweb hostingweb infrastructureweb login attemptweb scannerweb servicesweb shellweb shell uploadweb shell uploadsweb spamweb technologiesweb trafficweb-application-attackweb-attackweb_application_attackweb_attackweb_serverwetransfer abusewgetwordpotxmasxmas scan
Activity Timeline
Jun 12Jun 12
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
68
SIGNAL
Signal Score
68%
Confidence
40
Reports
First seenJan 25, 2024
Last seenJun 12, 2026
GeolocationUS
CountryUnited States
LocationHong Kong, Kowloon
ASNAS398722
OrgCensys, Inc.
Coords22.3193, 114.1690
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
- raw
- NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: AS398722 Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
- references
- https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://blocklist.greensnow.co/greensnow.txt, https://www.binarydefense.com/banlist.txt, https://lists.blocklist.de/lists/all.txt, https://rules.emergingthreats.net/blockrules/compromised-ips.txt, http://cinsscore.com/list/ci-badguys.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen today
Appeared in 40 threat reports