IPMediumSignal 67/100

`199.45.155.89`

Location

United States

Hong Kong, Kowloon

ASN

AS398722

Censys, Inc.

First Seen

Jan 25, 2024

Last Seen

Jun 3, 2026

Jan 25

First Seen

870d ago

Jun 3

Last Seen

10d ago

Reports

source reports

67%

Confidence

medium

Found in 41 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

67%

Signal Score

67 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

91 techniques

Network Information

Country

United States

RegionHong Kong, Kowloon

ASNAS398722

OrganizationCensys, Inc.

IP Category

⊕

VPN

VPN exit node

Feed Intelligence Summary

41 reports67% confidence

Source reports

67%

Confidence score

Category tags

abuseaccessaccess controlaccount compromiseactive reconnaissanceactive scanactive scanningadb scanningadbhoney activityadbhoney attackadbhoney honeypotamerican expressanomalous network connectionsapacheapache attackeraptasiaatif feedattackattacker ipattacker-ipaustraliaauthentication attacksauthentication brute forceauto-generated securityautomated attackautomated attacksautomated botnetautomated threatautomated-attackbad reputationbad web botbanlist feedbeningbening scannerbinary defenseblock listblock.txtblocklist_allblog spambotnetbotnet activitybotnet-activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcec2c2 communicationc2 servercensys-benignchinachina mobilecisco asacisco attackscisco brute forcecisco devicecisco device targetedcisco device targetingcisco exploit attemptcisco exploitation attemptcisco exploitation attemptscisco exploitscisco network devicesclosecloud environmentcloud infrastructurecloud infrastructure attackcloud servicescloud_infrastructurecncode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommon vulnerabilitiescommunication protocolcompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnectconnected devicesconpotconpot activityconpot attackconpot honeypotconpot ics attacksconpot ics exploitationconpot interactioncowriecowrie activitycowrie attackcowrie attackscowrie datacowrie honeypotcowrie interactioncowrie interactionscowrie logscowrie sshcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential-stuffingcredential_accesscross-site scripting attemptctacvedaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata harvestingdata store exposuredata theftdatabase attackdatabase attacksdatabase probingdatabase securitydatabase server attackdatabase-serverddosddos attackddos probedecoy systemdefense evasiondenial of servicedenial-of-service attemptdevice managementdictionary attackdigital oceandionaeadionaea activitydionaea attackdionaea attacksdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackelasticpot activityelasticpot attackselasticpot honeypotelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit public-facing applicationexploit scanexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal access attemptsexternal threatexternal_threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinlandfrancefraud voipftogftpftp attackftp attacksftp brute forceftp brute-forceftp scanninggeckogermanygithubgroupshackinghelloheralding activityheralding attacksheralding probeshkhk abusehandlerhoneynet connecthoneypot detectionhoneytrap activityhoneytrap attackhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp exploitationhttp probinghttp request anomalieshttp scannerhttp scanninghttp/shttpshuaweihurricane usics securityidentity & access exploitationimapimap attackindicatorindicators of compromiseindustrial control systemsindustrial iotinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinjection activityinjection attacksintel macinternet facinginternet of thingsinternet-facinginternet-facing serviceinternet-wide scaninternet_scannersintrusion detectioniociocsiot analyticsiot applicationsiot platformsiot securityiot targetediot/ics attackip-address-iocipmi scanningipphoney activityipphoney honeypotipv4ipv4 activityipv4 port scanningipv4 scanningjapankhtmlknown attacker ipsknown malicious iplamplamp attacklamp attackslamp exploit attemptlamp exploit attemptslamp exploitationlamp exploitation attemptslamp server attacklamp server targetlamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack targetinglamp vulnerability exploitationlamp vulnerability scanlateral movementlcialinuxlinux serverlinux serverslinux systemslinux x8664linux-server-attacklinux-systemlinux_server_attackslogin attemptmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious activity detectedmalicious file transfermalicious ip activitymalicious ip listmalicious login attemptsmalicious payloadmalicious payload detectionmalicious scanmalicious sftpmalicious sftp activitymalicious sip activitymalicious softwaremalicious software detectionmalicious software targetingmalicious ssh activitymalicious trafficmalicious-login-attemptsmalicious_activitymalwaremalware activitymalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmalware_activitymanualmobilemobile securitymssqlmssql brute forcemysql brute forcenation-state activitynetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-devicenetwork_reconnaissancenetwork_scannetworkscanningnorth americaoceaniaopenctios xp0fp0f fingerprintingp0f network fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trappolandport-scanningportscanpossible botnet activitypossible exploit attemptpossible malicious activitypossible malware activitypossible malware distributionpossible malware dropperpossible malware propagationpossible mirai variantpotential credential compromisepotential credential theftpotential exploitpotential malicious activitypotential malware deploymentpotential malware distributionpotential malware propagationprivilege escalationprocess injectionprotocol abuseprotocol exploitationprotocol-abusepythonransomwarerdp scanningreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot attackredishoneypot activityremote accessremote access attacksremote access attemptsremote code executionremote servicesresearchedresource hijackingrtbhsansscams & fraudscannerscannersscanning activityscriptscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attacksentrypeer attackssentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer targetingserver exploitationservice enumerationservice scanservice scanningsftpsftp access attemptsftp access attemptssftp activitysftp attacksftp attackssftp attemptsftp exploitation attemptsftp-attacksipsip attackssip brute forcesip scanningsip vulnerability probingslugsmart devicessmb brute forcesmb exploitationsmtpsmtp attackersmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsshssh attackssh attacksssh monitoringssh-brute-forcesurface websuricata alertssynt-pott1005t1016t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1053.005t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1065t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1505.002t1505.004t1550.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1589t1589.002t1590t1590.001t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner activitytanner attacktanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstargeting databasetcptcp protocoltcp scantcp/23telecommunicationtelecommunicationstelnet scanningtelnet threattelnet-brute-forcethreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventionthreat_intelligencetimeouttop10.txttopips.txttor nodetpottpotceubuntuudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunauthorized login attemptsunauthorized network activityunauthorized-access-attemptunauthorized_access_attemptunidentified attackerunited kingdomunited statesunknown threat actorusus abuseus noneverified-benignvnc protocolvoipvoip attackvpnvpn ipvulnerability scanvultrvultr cloud infrastructurevultr infrastructurevultr_platform_activityweak credentialsweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitationweb scannerweb serverweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb-serverweb_attackwestpac new zealandwindows nt

Activity Timeline

1 total obs

Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

67%

Confidence

Reports

First seenJan 25, 2024

Last seenJun 3, 2026

GeolocationUS

CountryUnited States

LocationHong Kong, Kowloon

ASNAS398722

OrgCensys, Inc.

Coords22.3193, 114.1690

VPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning DigitalOcean Toronto (CA) honeypot
raw: NetRange: 199.45.154.0 - 199.45.155.255 CIDR: 199.45.154.0/23 NetName: CENSY NetHandle: NET-199-45-154-0-1 Parent: NET199 (NET-199-0-0-0-0) NetType: Direct Allocation OriginAS: AS398722 Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/199.45.154.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN

`199.45.155.89`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy