IPMediumSignal 54/100
45.142.154.93
Location
Hong KongChai Wan, Yau Tsim Mong
ASN
AS9465
Allcloud US
First Seen
Jul 22, 2025
Last Seen
Jun 10, 2026
Jul 22
First Seen
323d ago
Jun 10
Last Seen
today
20
Reports
source reports
54%
Confidence
medium
8/91
VirusTotal
detections
Found in 20 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
54%
Signal Score
54 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryHong Kong
Hong KongRegionChai Wan, Yau Tsim Mong
ASNAS9465
OrganizationAllcloud US
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
20 reports54% confidence
20
Source reports
54%
Confidence score
Category tags
abuseaccount compromiseactive scanactive scanningadb brute forceadbhoney honeypotaptasiaattackattacker-ipaustraliaauthentication attackauthentication attemptautomated attackautomated attacksautomated threatautomated-attackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute-force attackbrute_forcebruteforcec2 communicationchinacisco attackcisco brute forcecisco devicecisco device scanningcisco exploit attemptcisco exploitationcisco exploitation attemptcisco exploitation attemptscisco network devicescisco targetedcloud infrastructurecloud infrastructure attackcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon vulnerabilitiescommunication protocolcompromise attemptcompromised credentialscompromised credentials attemptcompromised hostconpot honeypotcontainer securitycowriecowrie activitycowrie attackscowrie datacowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential attackscredential brute forcecredential brute-forcingcredential guessingcredential harvestingcredential stuffingcredential-harvestingcredential-stuffingcurldata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos probeddospotdecoy systemdenial of servicedevice managementdictionary attackdigital oceandigitalocean platformdionaea activitydionaea attacksdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdiscovery phasedistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenumerationenv-huntingeuropeexfiltrationexploitexploit attemptexploit attemptsexploit public-facing applicationexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of privilegeexploitation of vulnerabilityexploited hostexternal access attemptsexternal threatextortionfailed login attemptsfattfatt detectionsfatt signaturesfilefinlandfranceftpftp attackftp attacksftp brute forceftp brute-forcegalahgermanygluttongopothackinghellpothkhoneynet connecthoneytrap activityhoneytrap datahoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttp/shttpsicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinitial access activityinjection activityinjection attacksinternet facing systemsinternet-facinginternet-facing serviceinternet-wide scanintrusion detectioniociocsiot securityiot targetediot/ics attackipphoney honeypotipv4 addresseskibanaknown malicious iplamplamp attacklamp exploit attemptlamp exploitationlamp exploitation attemptslamp server attacklamp server targetinglamp stacklamp stack attacklamp stack attackslamp stack targetedlamp stack targetinglateral movementlcialinux serverslinux systemslinux-server-attacklinux_server_attackslog4potlogin attemptmailoney activitymailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious network activitymalicious payloadmalicious softwaremalicious trafficmalicious-login-attemptsmalwaremalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmalware_activitymedpotmonthlymssqlmssql brute forcemysql brute forcenetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnginxnorth americaoceaniaosint enrichmentp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingperimeter securityphishingphishing attackphishing trappolandport-scanningportscanpossible exploit attemptpossible malware distributionpossible malware dropperpossible malware propagationpossible mirai variantpotential malware infectionprivilege escalationprocess injectionprotocol exploitationprotocol-abuseproxyproxy accessransomwarerdp attacksreconnaissanceredis exploitation attemptsredis honeypotremote accessremote access attemptremote service exploitationremote servicesresearchresearchedresource hijackingscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationserver securityservice enumerationservice scanservice scanningsftp access attemptsftp access attemptssftp activitysftp attacksftp attemptsftp-attackshell accessshell access attemptsip brute forcesip scanningsip vulnerability scansippsmb brute forcesmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradar honeypotsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh-brutessh-brute-forcesuricata alertsuricata alertssystem accesssystem disruptionsystem reconnaissancet-pott1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204.002t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1547t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1590t1590.001t1590.004t1590.005t1590.006t1592t1592.002t1595t1595.001t1595.002t1595.003tannertanner eventstanner interactionstargeting databasetcp port scanningtcp protocoltcp scantelecommunicationstelnet attackstelnet threattelnet-brute-forcethreat actorthreat detectionthreat intelligencethreat intelligence feedtor nodetpottpotceudp port scanudp port scanningudp scanunauthorized accessunauthorized access attemptunauthorized loginunauthorized login attemptunauthorized-access-attemptunited kingdomunited statesunknown threat actorunsolicited emailvnc protocolvoidtrapvoipvoip attackvulnerability scanweak credentialsweb app attackweb application attackweb application attacksweb application scanningweb attackweb attacksweb exploitweb exploitationweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb shell uploadsweb spamweb trafficweb-application-attackweb_attackwgetwordpot
Activity Timeline
Jun 10Jun 10
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
54
SIGNAL
Signal Score
54%
Confidence
20
Reports
First seenJul 22, 2025
Last seenJun 10, 2026
GeolocationHK
CountryHong Kong
LocationChai Wan, Yau Tsim Mong
ASNAS9465
OrgAllcloud US
Coords22.3193, 114.1690
Proxy
WHOIS
- description
- IPv4 hosts detected port scanning DigitalOcean London (UK) honeypot
- raw
- inetnum: 45.142.152.0 - 45.142.155.255 netname: HK-HDTIDC-20190819 country: HK org: ORG-HL172-RIPE admin-c: LZ2228-RIPE tech-c: LZ2228-RIPE status: ALLOCATED PA mnt-by: MAINT-HDTIDCCLOUD-HK mnt-by: RIPE-NCC-HM-MNT created: 2023-12-22T14:59:16Z last-modified: 2023-12-22T14:59:16Z source: RIPE organisation: ORG-HL172-RIPE org-name: HDTIDC LIMITED country: HK org-type: LIR address: 20/F, Full WIN COMMERCIAL CENTRE, 573 NATHAN ROAD address: 99799 address: YAU MA TEI address: HONG KONG phone: +852-30696943 admin-c: LZ2228-RIPE tech-c: LZ2228-RIPE abuse-c: ACRO29722-RIPE mnt-ref: MAINT-HDTIDCCLOUD-HK mnt-by: RIPE-NCC-HM-MNT mnt-by: MAINT-HDTIDCCLOUD-HK created: 2018-03-22T10:28:40Z last-modified: 2020-12-16T13:13:25Z source: RIPE # Filtered person: Dale Law address: FLAT/RM B-01 20/F, Full WIN COMMERCIAL CENTRE, 573 NATHAN ROAD, YAU MA TEI, HONGKONG phone: +852-30696943 nic-hdl: LZ2228-RIPE mnt-by: MAINT-HDTIDCCLOUD-HK created: 2018-03-22T10:28:39Z last-modified: 2020-01-08T10:41:37Z source: RIPE # Filtered route: 45.142.154.0/24 origin: AS9465 mnt-by: MAINT-HDTIDCCLOUD-HK created: 2025-07-11T02:52:59Z last-modified: 2025-07-11T02:52:59Z source: RIPE
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 10 months ago · Last seen today
Appeared in 20 threat reports