Check an IP Address, Domain Name, Subnet, or ASN

45.142.154.30 was found in our database!

Confidence Level

81%

Very High?

Geolocation

🇭🇰

Hong Kong

ISPAGOTOZ PTE. LTD.

ASNAS9465

Activity Timeline

First seenJan 21, 2026, 08:11 AM

Last seen4h ago

183Sessions

277Events

Protocol Breakdown

MONGODB

49 / 88

HTTPS

51 / 51

SMTP

27 / 45

HTTP

14 / 42

SIP

10 / 14

IMAP

10 / 10

POSTGRES

9 / 9

SSH

6 / 8

MSSQL

2 / 4

TELNET

2 / 3

FTP

2 / 2

SMB

1 / 1

45.142.154.30 has a very high threat confidence level of 81%, originating from Hong Kong, on the AGOTOZ PTE. LTD. network (9465). It has been observed across 183 sessions targeting MONGODB, HTTPS, SMTP, HTTP, SIP and 7 other protocols, First observed on January 21, 2026, most recently active March 6, 2026.

Behaviors

Classified behavioral patterns observed

Mongodb Version Probe

low1x

Client connects to a MongoDB instance and issues isMaster followed by buildinfo, indicating an attempt to identify server role, capabilities, and software version. This pattern is commonly associated with automated discovery or fingerprinting of exposed MongoDB services rather than normal application activity.

Https Root Path Request

info4x

Identifies HTTPS requests targeting the web server root path ("/"), typically used for initial service discovery, host validation, or baseline content inspection prior to deeper enumeration

Smtp Tls Capability Probe

info3x

Automated SMTP interaction performing a minimal capability check by issuing EHLO followed by a STARTTLS upgrade request and immediately terminating the session. This pattern is commonly associated with internet-wide scanners, security research crawlers, or opportunistic bots verifying whether an SMTP service supports encrypted communication. The absence of authentication attempts or message submission indicates reconnaissance or service fingerprinting rather than active abuse.

Ftp Tls Upgrade

info1x

FTP session where the client issues AUTH TLS to upgrade the connection to Transport Layer Security. This reflects protocol-level encryption negotiation prior to further interaction.

Http Bad Request Route Probe

info1x

Identifies HTTP GET requests directly targeting the /bad-request path, indicating automated or manual probing of application error-handling routes rather than legitimate navigation flow.

Primitives

Individual actions observed

Mongodb Ismaster88 Smtp Ehlo Greeting20 Smtp Starttls Upgrade Request9 Https Path Root4 Mongodb Buildinfo4 Smb Srvsvc Rpc Bind2 Ftp Auth Tls1 Ftp User Probe1 Http Method Get1 Smb Samr Rpc Bind1 Smb Ipc Share Access1 Http Path Bad Request1

Related Threats

Explore related threat intelligence

🇭🇰More threats fromHong Kong ASMore threats fromAGOTOZ PTE. LTD.MONGODBMore threats targetingMONGODB HTTPSMore threats targetingHTTPS SMTPMore threats targetingSMTP HTTPMore threats targetingHTTP SIPMore threats targetingSIP IMAPMore threats targetingIMAP POSTGRESMore threats targetingPOSTGRES SSHMore threats targetingSSH MSSQLMore threats targetingMSSQL TELNETMore threats targetingTELNET FTPMore threats targetingFTP SMBMore threats targetingSMB { }Browse allAttack Patterns

WHOIS Lookup

IP Address	Confidence	Events
45.142.154.12	95%	368
45.142.154.37	87%	342
45.142.154.45	89%	402
45.142.154.29	93%	290
45.142.154.106	90%	381

IP Address	Confidence	Events
103.144.28.85	100%	1,040
172.110.223.55	99%	34,258
103.242.13.47	97%	1,925
101.36.125.241	84%	9
101.36.108.134	100%	716