Check an IP Address, Domain Name, Subnet, or ASN

199.45.154.136 was found in our database!

Confidence Level

27%

Low?

Geolocation

🇺🇸

United States

ISPCensys, Inc.

ASNAS398722

Activity Timeline

First seenJan 22, 2026, 03:51 AM

Last seen2h ago

194Sessions

327Events

Protocol Breakdown

HTTPS

88 / 142

DOCKER

3 / 48

IMAP

35 / 41

HTTP

20 / 20

SMTP

5 / 17

SSH

7 / 12

SMB

8 / 10

MSSQL

8 / 8

TELNET

6 / 8

MONGODB

4 / 7

SIP

4 / 6

RTSP

2 / 4

POSTGRES

3 / 3

REDIS

1 / 1

199.45.154.136 has a threat confidence score of 27%. This IP address from United States (AS398722, Censys, Inc.) has been observed in 194 honeypot sessions targeting HTTPS, DOCKER, IMAP, HTTP, SMTP and 9 other protocols. First observed on January 22, 2026, most recently active March 12, 2026.

Behaviors

Classified behavioral patterns observed

Rtsp Options Probe

low2x

Client sends RTSP OPTIONS requests to check supported methods and confirm that an RTSP service is exposed, then disconnects without attempting authentication or stream setup. This pattern is typically associated with automated reconnaissance or internet-wide scanning rather than active stream access.

Mongodb Version Probe

low1x

Client connects to a MongoDB instance and issues isMaster followed by buildinfo, indicating an attempt to identify server role, capabilities, and software version. This pattern is commonly associated with automated discovery or fingerprinting of exposed MongoDB services rather than normal application activity.

Https Root Path Request

info7x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Http Root Path Request

info6x

Identifies HTTP requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration.

Smtp Censys Tls Capability Probe

info5x

SMTP interaction identified as an internet-wide scanning probe originating from Censys infrastructure. The client announces itself via EHLO www.censys.io and issues a STARTTLS request to verify TLS upgrade support and collect service capability metadata. This pattern reflects automated reconnaissance and exposure mapping rather than direct exploitation, but still represents active external probing of the SMTP service.

Http Bad Request Route Probe

info1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Docker Get Method231 Docker Bad Request Uri132 Smtp Ehlo Greeting14 Smtp Starttls Upgrade Request14 Smtp Ehlo Censys Scanner Identifier14 Http Method Get8 Https Path Root7 Mongodb Ismaster7 Mongodb Buildinfo4 Sip Call Id Alphanumeric Entropy4 Rtsp Options2 Http Path Bad Request2 Https Path Bad Request2 Redis Ping1 Redis Info Uppercase1 Redis Nonexistent Command1

Related Threats

Explore related threat intelligence

WHOIS Lookup

IP Address	Confidence	Events
199.45.154.157	29%	352
199.45.154.153	29%	399
199.45.154.155	29%	271
199.45.155.111	28%	265
199.45.155.74	26%	308

IP Address	Confidence	Events
130.12.180.86	91%	27,915
92.118.39.63	100%	33,156
130.12.180.75	91%	28,101
130.12.180.101	91%	28,181
165.227.102.246	100%	1,242