IPMediumSignal 62/100

`167.94.145.18`

Location

United States

Ann Arbor, Michigan

ASN

AS398705

Censys, Inc.

First Seen

Nov 19, 2021

Last Seen

Jun 19, 2026

Nov 19

First Seen

1677d ago

Jun 19

Last Seen

5d ago

Reports

source reports

62%

Confidence

medium

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

62%

Signal Score

62 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

101 techniques

Network Information

Country

United States

RegionAnn Arbor, Michigan

ASNAS398705

OrganizationCensys, Inc.

IP Category

⟲

Proxy

Proxy server

⊕

VPN

VPN exit node

Feed Intelligence Summary

29 reports62% confidence

Source reports

62%

Confidence score

Category tags

abuseaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningactor listadbhoney honeypotadminadministrative accessaerospace & defenseagentalertaptasiaattackattack attemptattack preparatoryattack surface discoveryattack vectorsattack_vectorattacker ipaustraliaauthentication attacksauthentication attemptsauto-generated securityautomated activityautomated attackautomated attacksautomated-attackbad reputationbad web botbankingbanner grabbing attemptblacklist candidateblacklist ipblacklisted ipblacklisted ip addressblock listbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationcanadacensys-benigncertchina mobilecins activecloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycommunication technologiescompany limitedcompromised hostcompromised hostscompromised systemcompromised systemsconnect scanconpot honeypotconsumer goodscontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential guessingcredential harvestingcredential stuffingcredential theftcredit card servicescurlcvecyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcomdcom exploitationddosddos attackddos attacksddos probeddospotdedecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydenial of servicedigital oceandigitalocean environmentdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationet dropeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal network scanexternal scanexternal threatexternal-scanningexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin scanfinancefinancial servicesfinancial technologyfirewall detectionfirewall evasionfrancefraudfraud ordersfraud voipfraudulent activityftpftp attackftp attacksftp brute forceftp brute-forcefull connect scangalahgermanygluttongopothackinghellpothk abusehandlerhoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure discoveryinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet facing systemsinternet of thingsinternet-facinginternet-facing assetsinternet-wide scaninternet_scannersintrusion detectioniociocsiot botnetiot securityiot targetediot/ics attackipphoney honeypotipqsipv4ipv4 activityipv4 addressesipv4 port scanningipv4 scanipv4 scanningipv4 threatsipv4-iocipv4_activityipv4_addressipv4_scanit infrastructurejapankibanalateral movementlisted sourcelog4potmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious communication blockingmalicious file transfermalicious ipmalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious network trafficmalicious scanmalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmalware-related botnet activitymanualmass scanning activitymasscanmasscan activitymediamedpotmelbourne regionmicrosoft technologiesmilitary operationsmiraimirai botnetmisp threatmobile carriersmobile networksmssqlnational securitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_discoverynetwork_enumerationnetwork_scannetwork_scanningnetworkscanningnmapnmap scannmap scan detectednorth americanull scanoceaniaopen port detectionopen port identificationopen portsopen proxyopen threatoperating systemoperating system securityopportunistic attackeros detectionos fingerprintingotx pulsenametip0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpayment processingpgp signphishingphishing attackphishing trappingping of deathpinyinpla unitpoor reputationportportscanpossible botnet infectionpossible exploit attemptspossible malicious activitypossible reconnaissancepossible vulnerability probingpotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobable vulnerability assessmentprocess injectionprotoprotocol exploitationproxyproxy accessproxy detectionproxy protocolransomwarerdprdp attacksrdp exploitationrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingretail traderpcrtbhsansscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionshell accessshell access attemptsip attackssip scansippsipvicious attacksmbsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware developmentsoftware exploitationspamspammingsql injectionsql injection attemptsshssh attackssh attacksssh exploitationssh monitoringssh scanstealthstealth scansuricata alertsuricata alertssuspected malicious activitysweep scansynsyn port scansyn scansystem disruptiont1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1029t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1205t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1567.001t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.003t1590.005t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcptcp protocoltcp scanningtcp-scanningtelecom servicestelecommunicationstelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligenceti advisorytimeouttokyotor detectiontor nodetorontotpottsectsocudpudp port scanudp-scanningunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunauthorized network activityunauthorized probingunit coverunited statesunknown threat actorunsolicited port accessusus abuseus noneverified-benignversion detectionvnc protocolvoipvoip attackvpnvpn detectionvulnerability scanvultrvultr cloud infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activitywealth managementweb app attackweb application attackweb application attacksweb attackweb attacksweb exploitationweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwinwindow scanwindowswordpotxmasxmas scanzmap

Activity Timeline

1 total obs

Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

Minimal

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

62%

Confidence

Reports

First seenNov 19, 2021

Last seenJun 19, 2026

GeolocationUS

CountryUnited States

LocationAnn Arbor, Michigan

ASNAS398705

OrgCensys, Inc.

Coords42.2809, -83.7489

ProxyVPN

VirusTotal

Not checked

WHOIS

description: IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw: NetRange: 167.94.145.0 - 167.94.146.255 CIDR: 167.94.146.0/24, 167.94.145.0/24 NetName: CENSY NetHandle: NET-167-94-145-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398705 Organization: Censys, Inc. (CENSY) RegDate: 2021-09-13 Updated: 2023-08-05 Ref: https://rdap.arin.net/registry/ip/167.94.145.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN

`167.94.145.18`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey