IPMediumSignal 100/100

`167.94.138.96`

Location

United States

Ann Arbor, Michigan

ASN

AS398324

Censys, Inc

First Seen

Jan 25, 2022

Last Seen

May 26, 2026

Jan 25

First Seen

1609d ago

May 26

Last Seen

27d ago

Reports

source reports

99%

Confidence

medium

Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

90 techniques

Network Information

Country

United States

RegionAnn Arbor, Michigan

ASNAS398324

OrganizationCensys, Inc

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

32 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseaccess controlaccount compromiseackack scanactive scanactive scanningadbhoney honeypotagentalertapacheapache attackeraptasiaattackattack attemptattack preparatoryattack surface discoveryattack vectorsaustraliaauthentication attemptsauthentication failureauto-generated securityautomated activityautomated attackbad reputationbotnetbotnet activitybotnet activity detectionbrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptsbrute-forcec2c2 communicationcanadacensys-benigncertcins activecloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecode executioncommand & controlcommand and controlcommand executioncommand injectioncommunication protocolcompromised hostconnect scanconpot honeypotcontainer securitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcurlcvecyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos probeddospotdecoy systemdenial of servicedigital oceandigitalocean environmentdionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackdockerdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationenumeration activityet dropeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal scanexternal threatexternal-threatexternal_threatextortionfailed loginfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall detection probefranceftpftp attackftp attacksftp brute forcefull connect scangalahgluttongopothackinghellpothoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet-facinginternet-wide scanintrusion detectioniociot securityiot/ics attackipphoney honeypotipv4ipv4 activityipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_activityircjapankfsensor honeypotkibanalateral movementlisted sourcelog4potlogin attemptmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmanualmasscanmassive scanningmedpotmelbourne regionmssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_discoverynetwork_enumerationnetwork_scannetwork_scanningnetworkscanningnmapnorth americanull port scannull scanoceaniaopen port detectionopen port discoveryoperating system detectionopportunistic attackeros detectionos fingerprintingos fingerprinting attemptp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingphishingphishing attackphishing trappingping of deathpoor reputationportpossible exploit attemptspossible malicious activitypossible reconnaissancepossible vulnerability scanningpotential exploit targetingpotential intrusion attemptpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprocess injectionprotoprotocol exploitationproxyproxy accessransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingsansscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice discoveryservice enumerationservice probingservice scanservice version detectionshell accessshell access attemptsip attackssippsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationsql injectionsql injection attemptsql injection attemptsssh attackssh attacksssh monitoringstealthstealth scansuricata alertsuricata alertssweep scansynsyn port scansyn scansystem disruptiont1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1053t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1205t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.003t1590.005t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligencetokyotor nodetorontotpottsecudp port scanudp scanunattributed activityunauthorized accessunauthorized activityunauthorized login attemptunauthorized probingunauthorized scanningunited statesunited states of americaunknown threat actorusverified-benignvnc protocolvoipvoip attackvulnerability scanvultr infrastructure targetedvultr-platformvultr_platform_activityweb application attackweb application attacksweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell detectionweb shell uploadweb trafficwgetwordpotxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs

May 26May 26

Threat Activity Heatmap

· Peak: 2026-05-26

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenJan 25, 2022

Last seenMay 26, 2026

GeolocationUS

CountryUnited States

LocationAnn Arbor, Michigan

ASNAS398324

OrgCensys, Inc

Coords42.2809, -83.7489

Proxy

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
raw: NetRange: 167.94.138.0 - 167.94.138.255 CIDR: 167.94.138.0/24 NetName: CENSY NetHandle: NET-167-94-138-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2021-09-13 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/167.94.138.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN

`167.94.138.96`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey