IOC Radar
IPMediumSignal 87/100

167.248.133.130

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys, Inc.
First Seen
Jan 25, 2022
Last Seen
Feb 12, 2026
Jan 25
First Seen
1610d ago
Feb 12
Last Seen
131d ago
17
Reports
source reports
87%
Confidence
medium
Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
87%
Signal Score
87 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

29 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys, Inc.

Feed Intelligence Summary

17 reports87% confidence
17
Source reports
87%
Confidence score
Category tags
abuseack scanactive scanningapplication layer protocolbotnetbrute forcebrute force attackcensys-benigncommand and controlcommunication protocolcredential accesscredential stuffingdata exfiltrationdatabase attacksddos attackdecoy systemdistributed attacksfin port scanfin scanfirewall detectionftpftp brute forcehttp brute forcehttp scannerindicatorkfsensor honeypotmalicious softwaremalwaremalware capturemasscanmassive scanningnetworknetwork discoverynetwork enumerationnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnmapnorth americanull port scannull scanoperating system detectionos credential dumpingpassword attackspossible reconnaissanceprocess injectionprotocol exploitationreconnaissancereconnaissance activityremote accessremote servicesresearchedsansscannerservice version detectionssh attacksweep scansyn port scansyn scansystem discoveryt1016t1018t1021t1021.001t1040t1046t1053t1055t1059t1068t1071.001t1076t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1486t1496t1499.002t1499.003t1563t1565t1595t1595.001t1595.002t1595.003telnet threatthreat intelligencetsecudp port scanunauthorized accessunited statesverified-benignweb trafficxmas port scanxmas scanzmap

Activity Timeline

1 total obs
Feb 12Feb 12

Threat Activity Heatmap

· Peak: 2026-02-12
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
87
SIGNAL
Signal Score
87%
Confidence
17
Reports
First seenJan 25, 2022
Last seenFeb 12, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys, Inc.
Coords42.2809, -83.7489

VirusTotal

Not checked

WHOIS

description
HoneyNet Event: 167.248.133.130 connected: 1 times over ports: 1521 Tags: P0f,1521
raw
NetRange: 167.248.133.0 - 167.248.133.255 CIDR: 167.248.133.0/24 NetName: CENSY NetHandle: NET-167-248-133-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-08-21 Updated: 2024-08-09 Ref: https://rdap.arin.net/registry/ip/167.248.133.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 4 months ago
Appeared in 17 threat reports