IPMediumSignal 70/100
167.94.138.155
Location
United StatesAnn Arbor, Michigan
First Seen
Jan 25, 2022
Last Seen
May 28, 2026
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionAnn Arbor, Michigan
OrganizationCensys, Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
30 reports70% confidence
30
Source reports
70%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningadbhoney activityadbhoney honeypotadministrative accessagentalertamerican expressaptasiaattackattack attemptattack detectionattack preparatoryattack surface discoveryattack vectorsaustraliaauthentication attemptsauthentication bruteforceauto-generated securityautomated attackautomated attacksbad ip'sbad reputationbad web botbanner grabbing attemptblacklist candidateblacklist ipblacklisted ipblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2 communicationc2 servercanadacensys-benignchina mobilecins activecisco devicecisco device targetingcisco exploit attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnect scanconpot activityconpot honeypotcontainer securitycowriecowrie activitycowrie attackscowrie detected activitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute forcingcredential brute-forcingcredential compromise attemptscredential guessingcredential harvestingcredential stuffingcredential_accessctacurlcvedata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdenial of servicedevice managementdigital oceandigitalocean environmentdionaea activitydionaea attacksdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationet dropeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal network scanexternal scanexternal threatexternal threat actorexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall evasionfrancefraud ordersfraud voipftpftp attackftp attacksftp brute forceftp brute-forcefull connect scangalahgithubgluttongopothackinghellpotheralding activityheralding attemptshk abusehandlerhoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpshuaweiicmpics securityidentity & access exploitationids evasionimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access vectorinitial_access_attemptinjection activityinjection attacksinternal scaninternet facing systemsinternet of thingsinternet-facinginternet-facing assetsinternet-wide scaninternet_scannersintrusion detectioniociot botnetiot securityiot targetediot/ics attackipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_addressjapankfsensor honeypotkibanalamplamp attacklamp exploit attemptlamp exploitation attemptlamp exploitation attemptslamp server targetlamp stack targetinglateral movementlisted sourcelog4potlogin attemptmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious login attemptsmalicious network activitymalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious-activitymalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmanualmass port scanmass scanningmass scanning activitymasscanmasscan activitymassive scanningmedpotmelbourne regionmicrosoft technologiesmirai botnetmssqlnation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-scanningnetwork_enumerationnetwork_intrusionnetwork_scannetwork_scanningnetworkscanningnmapnmap scannmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port enumerationopen port identificationopen proxyoperating systemoperating system detectionoperating system securityopportunistic attackeros detectionos fingerprintingp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trappingping of deathpolandpoor reputationportpossible botnet activitypossible exploit attemptspossible malicious activitypossible reconnaissancepossible vulnerability probingpotential credential compromisepotential exploit targetingpotential intrusionpotential intrusion attemptpotential malwarepotential malware propagationpotential reconnaissance activitypotential threatpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionproduction environmentprotoprotocol exploitationproxyproxy accessproxy protocolpythonransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance activityredis honeypotredishoneypot activityremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrpcrtbhsansscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscanning hostsscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionsftpsftp access attemptsftp attacksftp attackssftp attemptsshell accessshell access attemptshell commandsipsip attackssip brute forcesip scansip scanningsip vulnerability scansippslugsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringstealthstealth scansurface websuricata alertsuricata alertssweep scansynsyn port scansyn scansystem discoverysystem disruptiont1003t1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1205t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.005t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner detected activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationtelecommunicationstelnet attackstelnet attemptstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat_intelligencetimeouttor nodetorontotpottpotcetsecudp port scanudp scanunattributed activityunauthenticated access attemptsunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized scanningunited statesunited states of americaunknown threat actorunsolicited network probeusus nonevalid accountsverified-benignvnc protocolvoice over ipvoipvoip attackvulnerability scanvultr cloud infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activityweb application attackweb application attacksweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb trafficwestpac new zealandwgetwordpotxmasxmas port scanxmas scan
Activity Timeline
May 28May 28
Threat Activity Heatmap
· Peak: 2026-05-28LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
70
SIGNAL
Signal Score
70%
Confidence
30
Reports
First seenJan 25, 2022
Last seenMay 28, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
OrgCensys, Inc
Coords37.7510, -97.8220
Proxy
VirusTotal
Not checked
WHOIS
- description
- Scans hitting the server at TCP port 445 SMB. Same IP should not appear more than once in 96 hours in our lists S3#.
- raw
- NetRange: 167.94.138.0 - 167.94.138.255 CIDR: 167.94.138.0/24 NetName: CENSY NetHandle: NET-167-94-138-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2021-09-13 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/167.94.138.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
- references
- https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://example.com, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 16 days ago
Appeared in 30 threat reports