IOC Radar
IPMediumSignal 67/100

199.45.155.65

Location
United StatesUnited States
Hong Kong, Kowloon
ASN
AS398722
Censys, Inc.
First Seen
Jan 25, 2024
Last Seen
Jun 19, 2026
Jan 25
First Seen
880d ago
Jun 19
Last Seen
5d ago
38
Reports
source reports
67%
Confidence
medium
Found in 38 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
67%
Signal Score
67 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

88 techniques

Network Information

CountryUSUnited States
RegionHong Kong, Kowloon
ASNAS398722
OrganizationCensys, Inc.

IP Category

VPN
VPN exit node

Feed Intelligence Summary

38 reports67% confidence
38
Source reports
67%
Confidence score
Category tags
abuseaccess controlaccount compromiseactive scanactive scanningadbadb scanningadbhoney activityadbhoney honeypotanomalous network connectionsapacheapache attackeraptasiaatif feedattackattacker-ipaustraliaauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbankingbanlist feedbeningbening scannerbinary defenseblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec2c2 communicationc2 servercanadacensys-benignchinachina mobilecisco asacisco devicecisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescitrix brute forcecitrix securitycloud infrastructurecloud infrastructure attackcloud servicescncolumnscommand & controlcommand and controlcommand executioncommand injectioncommon vulnerabilitiescommunication protocolcompany limitedcompromise attemptcompromised credentialscompromised hostcompromised hostscompromised systemsconpotconpot activityconpot honeypotconpot ics attackconpot ics attacksconpot ics/scada probingcowriecowrie activitycowrie attackscowrie capturecowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh interactioncredential accesscredential attackcredential attackscredential brute forcecredential compromise attemptcredential guessingcredential harvestingcredential stuffingcredential-stuffingcredit card servicesctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase enumerationdatabase securitydatabase-serverddosddos attackddos attack indicatorsdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean ipsdigitalocean platformdionaeadionaea activitydionaea attacksdionaea capturedionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversal probediscovery phasedistributed attacksdnsdns attackdoselasticpot activityelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeuropeexecutable fileexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal access attemptsexternal threatfailed login attemptsfattfatt detectionsfatt signaturesfilefin scanfinancefinancial servicesfinancial technologyfinlandfrancefraud voipftpftp attacksftp brute forceftp brute-forcegalahgermanygithubhackingheralding activityheralding attackshkhk abusehandlerhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttphttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttpshurricane usicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet-facinginternet-facing assetsinternet-facing serviceinternet-wide observationinternet-wide scanintrusion detectioniociocsiot securityiot targetediot/ics attackip-address-iocipmi scanningipphoney activityipphoney honeypotipv4it infrastructurejapankill-chain exploitationkill-chain reconnaissancelamplamp attacklamp attackslamp exploit attemptlamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack exploitationlamp stack targetinglamp vulnerability scanlateral movementlcialinux serverslinux systemslinux-server-attacklinux-systemlinux_server_attacksloginlogin attacklogin attemptlogin attemptslogin failurelow-riskmailoney activitymailoney email attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious file transfermalicious infrastructuremalicious ip activitymalicious loginmalicious login attemptsmalicious payload detectionmalicious python scriptsmalicious scanmalicious script executionmalicious softwaremalicious ssh activitymalicious trafficmalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware hostingmalware propagationmalware_activitymanualmssqlmssql brute forcenetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-devicenetwork_enumerationnorth americanull scanoceaniaosintp0fp0f network fingerprintingp0f os fingerprintingp0f signaturespassword attackpassword attackspayment processingpgp signphishingphishing attackphishing trapping of deathpolandport-scanningportscanpossible botnet activitypossible exploit probingpossible malware distributionpossible malware hostingpossible mirai variantpossible vulnerability scanpotential compromisepotential malware deliverypotential vulnerability probingprocess injectionprotocol abuseprotocol exploitationprotocol-abusepublic cloud targetingpythonransomwareransomware activityrdp attacksreconnaissancereconnaissance activityredisredis exploitation attemptredis honeypotremote accessremote access attackremote code executionremote service exploitationremote servicesresearchedresource developmentresource hijackingrtbhsansscams & fraudscannerscannersscanning activityscripting attackssecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer exploitationsentrypeer interactionssentrypeer p2p attackserver exploitationservice discoveryservice enumerationservice scanservice scanningsftpsftp access attemptsftp activitysftp attacksftp attemptsftp exploitation attemptsftp intrusion attemptssftp probingsftp scanningsftp-attackshell access attemptssingaporesip attackssip brute forcesip scanningslugsmb brute forcesmtpsmtp attacksmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware developmentspamsql injectionsql injection attemptssql injection probesshssh attackssh attacksssh brute-forcessh monitoringssh-brute-forcesurface websuricata alertsuricata alertssyn scansystem accesst-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1587.001t1588t1589t1589.002t1590t1590.001t1590.004t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploit detectiontanner exploit kittanner interactionstanner web attacktargeting databasetcp port scanningtcp protocoltcp scantelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontimeouttop10.txttopips.txttor nodetpotttpsudp port scanudp port scanningudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptunauthorized probingunauthorized-access-attemptunited kingdomunited statesunknown threat actorusus abuseus based sourceus nonevalid accountsverified-benignvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvultrwazuhweak credentialswealth managementweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploitationweb scannerweb shellweb shell detectionweb spamweb trafficweb-application-attackweb-serverweb_attackxmas scan

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
67
SIGNAL
Signal Score
67%
Confidence
38
Reports
First seenJan 25, 2024
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationHong Kong, Kowloon
ASNAS398722
OrgCensys, Inc.
Coords22.3193, 114.1690
VPN

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw
NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: AS398722 Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 5 days ago
Appeared in 38 threat reports