IOC Radar
IPMediumSignal 60/100

167.94.145.20

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398705
Censys, Inc.
First Seen
Nov 19, 2021
Last Seen
Jun 19, 2026
Nov 19
First Seen
1676d ago
Jun 19
Last Seen
4d ago
29
Reports
source reports
60%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

96 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398705
OrganizationCensys, Inc.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

29 reports60% confidence
29
Source reports
60%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningactor listadbhoney honeypotadminadministrative accessaptasiaattackattack attemptattack preparatoryattacker ipaustraliaauthentication attacksauthentication attemptsauto-generated securityautomated activityautomated attackautomated-attackbad reputationbad web botblacklist candidateblacklist ipblacklisted ipblacklisted ip addressblock listbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationcanadacensys-benigncertchina mobilecloud environmentcloud infrastructurecloud infrastructure attackcloud providercloud servicescloud_infrastructurecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon password attackscommunication protocolcommunication securitycompany limitedcompromised hostcompromised hostscompromised systemcompromised systemsconnect scanconpot honeypotcontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential bruteforcingcredential guessingcredential harvestingcredential stuffingcredentialaccesscurlcvecyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcomdcom exploitationddosddos attackddos attacksddos probeddospotdedecoy systemdenial of servicedigital oceandigitalocean environmentdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal network scanexternal scanexternal threatexternal-scanningexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall evasionfirewall probingfrancefraud ordersfraud voipftpftp attackftp attacksftp brute forceftp brute-forcegalahgermanygluttongopothackinghellpothk abusehandlerhoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationimapinbound scanindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access vectorinitial_access_attemptinjection activityinjection attacksinternal scaninternet facing systemsinternet of thingsinternet-facinginternet-facing assetsinternet-wide scaninternet_scannersintrusion detectioninvalid login attemptsiociocsiot botnetiot securityiot targetediot/ics attackipphoney honeypotipv4ipv4 activityipv4 addressesipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_activityipv4_addressjapankibanalateral movementlog4potloginattackmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious communication blockingmalicious file transfermalicious ipmalicious ip activitymalicious ip listmalicious ipv4malicious network activitymalicious scanmalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmalware propagation attemptmalware scanningmalware-related botnet activitymanualmass scanningmassive scanningmedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmisp threatmssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork-reconnaissancenetwork_discoverynetwork_enumerationnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmap scannorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port enumerationopen port identificationopen proxyopen threatoperating systemoperating system detectionoperating system securityopportunistic attackeros detectionos fingerprintingotx pulsenametip0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapping of deathpinyinpla unitportscanpossible botnet activitypossible botnet infectionpossible exploit attemptspossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpossible vulnerability scanningpotential attack vectorpotential intrusion attemptpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprocess injectionprotocol exploitationproxyproxy accessproxy protocolransomwarerdprdp attacksrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrpcrtbhsansscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionshell accessshell access attemptsipsip attackssippsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringstealthstealth scansuricata alertsuricata alertssweep scansynsyn port scansyn scansystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1029t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1082t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcptcp protocoltcp scantcp scanningtcp-scanningtelecommunicationstelnettelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligenceti advisorytimeouttokyotor nodetorontotpottsectsocudpudp port scanudp scanudp-scanningunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized probingunit coverunited statesunknown threat actorusus abuseus noneverified-benignvnc protocolvoipvoip attackvulnerability scanvultrvultr cloud infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activityweb app attackweb application attackweb application attacksweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwinwindowswordpotxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 19Jun 19

Threat Activity Heatmap

· Peak: 2026-06-19
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
29
Reports
First seenNov 19, 2021
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398705
OrgCensys, Inc.
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Melbourne (Australia) honeypot
raw
NetRange: 167.94.145.0 - 167.94.146.255 CIDR: 167.94.146.0/24, 167.94.145.0/24 NetName: CENSY NetHandle: NET-167-94-145-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398705 Organization: Censys, Inc. (CENSY) RegDate: 2021-09-13 Updated: 2023-08-05 Ref: https://rdap.arin.net/registry/ip/167.94.145.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references
https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 4 days ago
Appeared in 29 threat reports