IPMediumSignal 75/100

`199.45.155.68`

Location

United States

Hong Kong, Sai Kung

ASN

AS398722

Censys, Inc.

First Seen

Jan 25, 2024

Last Seen

Jun 12, 2026

Jan 25

First Seen

869d ago

Jun 12

Last Seen

yesterday

Reports

source reports

75%

Confidence

medium

Found in 41 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

75%

Signal Score

75 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

89 techniques

Network Information

Country

United States

RegionHong Kong, Sai Kung

ASNAS398722

OrganizationCensys, Inc.

Feed Intelligence Summary

41 reports75% confidence

Source reports

75%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningactor listadbhoney activityadbhoney exploitsadbhoney honeypotanomalous network connectionsapacheapache attackeraptasiaattackattacker-ipaustraliaauthentication abuseauthentication attacksauthentication attemptsauto-generated securityautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botbanner grabbing attemptbeningbening scannerblock listblock.txtblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcebruteforcec2c2 communicationc2 servercensys-benignchinachina mobilecisco asacisco asa targetingcisco attackcisco brute forcecisco devicecisco device attackcisco device attackscisco device targetingcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescloud infrastructurecloud infrastructure attackcloud servicescncode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommon vulnerabilitiescommunication protocolcompany limitedcompromised credentialscompromised hostcompromised hostscompromised systemsconfiguration manipulationconfiguration modificationconnectconnected devicesconpotconpot activityconpot attackconpot exploitationconpot honeypotcowriecowrie activitycowrie attackcowrie attackscowrie detectioncowrie honeypotcowrie interactionscowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-stuffingcron injectionctadaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase access attemptdatabase attackdatabase attacksdatabase brute forcedatabase probingdatabase securityddosddos attackddos preparationdecoy systemdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean platformdionaeadionaea activitydionaea attackdionaea attacksdionaea capturedionaea detectiondionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdiscovery phasedistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenumerationeu cyber policieseuropeexecutable fileexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploited hostexploitsexternal access attemptsexternal scanexternal threatexternal-threatfailed login attemptsfattfatt detectionsfatt signaturesfilefin scanfinlandfirewall detectionfrancefraud voipftpftp attacksftp brute forceftp brute-forceftp protocolftp scanninggermanygithubgroupshackingheralding activityheralding behaviorhkhk abusehandlerhoneynet connecthoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttp/shurricane usicmpics securityics/scada attackidentity & access exploitationimapimap attackindicatorindicators of compromiseindustrial control systemsindustrial iotinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinitial access attemptsinitial access vectorinjection activityinjection attacksinternet of thingsinternet-facinginternet-facing serviceinternet-wide scanintrusion detectioniociocsiot analyticsiot applicationsiot device targetingiot platformsiot securityiot targetediot/ics attackipphoney activityipphoney honeypotipv4ipv4 port scanningipv4 scanningipv4-iocjapankfsensor honeypotkill-chain exploitationkill-chain reconnaissancelamplamp attacklamp exploitlamp exploit attemptslamp exploitationlamp exploitation attemptlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack exploitationlamp stack targetinglamp vulnerability scanninglateral movementlateral movement techniqueslinuxlinux malwarelinux serverslinux systemslinux-server-attacklinux_server_attackslogin attemptlogin attemptslogin_attemptlow-riskmailoney activitymailoney attackmailoney detectionmailoney eventsmailoney honeypotmailoney interactionsmalaysiamalicious activitymalicious activity detectedmalicious code injectionmalicious emailmalicious file transfermalicious ip activitymalicious ip listmalicious network activitymalicious payload detectionmalicious softwaremalicious software detectionmalicious trafficmalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware download attemptsmalware installationmalware propagationmalware scanningmalware_activitymanualmass scanning activitymasscanmisp threatmodule loadingmssqlmysql brute forcenetworknetwork attacksnetwork device attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_activitynetwork_enumerationnmapnorth americanull scanoceaniaopen port detectionopen threatopenctiopportunistic attackeros fingerprintingosintotx pulsenametip0fp0f network fingerprintingp0f signaturespassword attackpassword attackspassword crackingpgp signphishingphishing attackphishing trapphp injection attemptsping of deathpinyinpla unitpolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible malware distributionpossible malware propagationpossible mirai variantpotential botnetpotential credential compromisepotential credential theftpotential exploit activitypotential exploit attemptspotential intrusionpotential malicious activitypotential malwarepotential malware distributionpotential vulnerability probingprivilege escalationprocess injectionprotocol exploitationprotocol-abusepythonransomwarercerdp attacksrdp protocolrdp scanningreconnaissancereconnaissance activityredisredis honeypotredishoneypot activityregional securityremote accessremote service exploitationremote servicesreplication attackresearchedresource hijackingrtbhsansscams & fraudscannerscanner ipsscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice enumerationservice scanservice scanningservice version detectionsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp intrusion attemptsftp probingsftp-attackshell access attemptssipsip attackssip brute forcesip scansip scanningsip vulnerability scanslaveofslugsmart devicessmb brute forcesmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware exploitationsourcespamsql injectionsql injection attemptssshssh attackssh attacksssh brute-forcessh key injectionssh monitoringssh protocolssh-brute-forcestealth scansurface websuricata alertssweep scansynsyn scansystem accesst-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1040t1041t1046t1047t1048t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1065t1068t1071t1071.001t1076t1077t1078t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.003t1505.004t1555t1555.003t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1587.001t1588t1589t1590t1590.001t1590.003t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner interactionstargeting databasetcptcp port scanningtcp protocoltcp scantelecommunicationstelnet attackstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionti advisorytimeouttop10.txttopips.txttor nodetpottpotcetsocudp port scanudp port scanningudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized scanningunauthorized-access-attemptunit coverunited statesunknown threat actorusus abuseus noneverified-benignvnc protocolvoidtrapvoipvoip attackvulnerability scanvultrvultr cloud infrastructurevultr infrastructurevultr-platformweak credentialsweb app attackweb applicationweb application attackweb application attacksweb application scanweb application scanningweb attackweb attacksweb exploitweb exploitationweb exploitsweb scannerweb shellweb shell detectionweb shell uploadsweb spamweb trafficweb-application-attackweb_attackwindows malwarexmas scan

Activity Timeline

1 total obs

Jun 12Jun 12

Threat Activity Heatmap

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

75%

Confidence

Reports

First seenJan 25, 2024

Last seenJun 12, 2026

GeolocationUS

CountryUnited States

LocationHong Kong, Sai Kung

ASNAS398722

OrgCensys, Inc.

Coords22.3193, 114.1690

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
raw: NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
references: https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

`199.45.155.68`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy