IPMediumSignal 100/100
167.94.138.108
Location
United StatesAnn Arbor, Michigan
ASN
AS398324
Censys, Inc
First Seen
Jan 25, 2022
Last Seen
May 23, 2026
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys, Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
32 reports99% confidence
32
Source reports
99%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive scanactive scanningadbhoney honeypotadministrative accessagentalertapplication layer protocolaptasiaattackattack attemptattack preparatoryattack surface discoveryattack vectorsaustraliaauthentication attemptsauto-generated securityautomated attackbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationcanadacensys-benigncertcins activecloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecode executioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompromised hostcompromised hostsconnect scanconpot honeypotcontainer securitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential guessingcredential harvestingcredential stuffingcurlcvecyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdenial of servicedictionary attackdigital oceandigitalocean environmentdionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationet dropexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal reconnaissanceexternal scanexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall evasionftpftp attackftp attacksftp brute forcegalahgluttongopothackinghellpothoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationids evasionimapindicatorindicators of compromiseindustrial control systemsinfected systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet facing systemsinternet of thingsinternet-facinginternet-facing assetsinternet-wide scaninternet_scannersintrusion detectioniociot botnetiot securityiot/ics attackipphoney honeypotipv4ipv4 activityipv4 addressesipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_activityjapankfsensor honeypotkibanalateral movementlisted sourcelog4potmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious file transfermalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmanualmass port scanmasscan activitymedpotmelbourne regionmirai botnetmssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_discoverynetwork_enumerationnetwork_scanningnetworkscanningnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port enumerationoperating systemoperating system securityos credential dumpingos detectionos fingerprintingp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingphishingphishing attackphishing trappingping of deathpoor reputationportpossible exploit attemptspossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threatpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobing activityprocess injectionprotoprotocol exploitationproxyproxy accessransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingsansscanscannerscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionshell accessshell access attemptsip attackssippsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationspamsql injectionsql injection attemptsql injection attemptsssh attackssh attacksssh monitoringstealthstealth scansuricata alertsuricata alertssuspected malicious activitysweep scansynsyn port scansyn scansystem discoverysystem disruptiont1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1571t1572t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeted scantargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencetokyotor nodetorontotpottsecudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunauthorized network activityunauthorized probingunauthorized scanningunidentified source ipunited statesunited states of americaunknown threat actorusverified-benignversion detectionvnc protocolvoipvoip attackvulnerability scanvultr infrastructure targetedvultr-platformweb application attackweb application attacksweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwindow scanwordpotxmasxmas port scanxmas scan
Activity Timeline
May 23May 23
Threat Activity Heatmap
· Peak: 2026-05-23LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
32
Reports
First seenJan 25, 2022
Last seenMay 23, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys, Inc
Coords42.2809, -83.7489
Proxy
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
- raw
- NetRange: 167.94.138.0 - 167.94.138.255 CIDR: 167.94.138.0/24 NetName: CENSY NetHandle: NET-167-94-138-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2021-09-13 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/167.94.138.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 1 month ago
Appeared in 32 threat reports