IOC Radar
IPMediumSignal 43/100

167.94.145.82

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398705
Censys, Inc.
First Seen
Jan 25, 2022
Last Seen
Jun 18, 2026
Jan 25
First Seen
1610d ago
Jun 18
Last Seen
5d ago
27
Reports
source reports
43%
Confidence
medium
Found in 27 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
43%
Signal Score
43 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

74 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398705
OrganizationCensys, Inc.

Feed Intelligence Summary

27 reports43% confidence
27
Source reports
43%
Confidence score
Category tags
abuseaccess controlack scanactive scanactive scanningapacheapache attackerattackaustraliaauto-generated securitybad reputationbad web botbotnetbotnet activitybotnet activity detectedbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationcensys-benigncertcode executioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompromised hostconnect scancowrie honeypotcowrie interactionscowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase attacksdatabase securityddosddos attackddos probededecoy systemdenial of servicedionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attackseuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploitation activityexploitation attemptexploitation of vulnerabilityexploited hostexternal network scanexternal threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin port scanfin scanfirewall detectionfirewall evasionftpftp attackftp attacksftp brute forcegermanyhackinghoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanningicmpidentity & access exploitationindicatorinfected systeminformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksintrusion detectionlateral movementmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious communicationmalicious domainsmalicious file transfermalicious ipsmalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware downloadmalware propagationmanualmass port scannetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port enumerationos detectionos fingerprintingp0fp0f fingerprintingp0f network fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attacksphishingphishing attackphishing trapping of deathpossible vulnerability scanpotential intrusion attemptpotential reconnaissance activitypotential threatpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprocess injectionprotocol exploitationransomwarereconnaissancereconnaissance activityremote accessremote access attackremote code executionremote servicesresearchedresource hijackingsansscannerscanning activitysecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsservice detectionservice discoveryservice enumerationservice scanservice version detectionsip attackssmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsoftware exploitationsql injection attemptssh attackssh attacksssh monitoringstealth scansuricata alertssynsyn port scansyn scant1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1027t1040t1046t1053t1055t1059t1059.003t1059.004t1059.005t1059.006t1059.007t1068t1071t1071.001t1071.004t1076t1078t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1486t1496t1497t1499.001t1499.002t1499.003t1505t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1588.002t1589t1589.001t1589.002t1590t1590.001t1590.002t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scanningtelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottsecudp port scanunauthorized accessunauthorized probingunauthorized scanningunited statesunsolicited network probeusverified-benignvoipvoip attackvulnerability scanweb application attackweb application attacksweb exploitationweb shell attemptweb shell detectionweb shell uploadweb trafficwindow scanxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 18Jun 18

Threat Activity Heatmap

· Peak: 2026-06-18
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
43
SIGNAL
Signal Score
43%
Confidence
27
Reports
First seenJan 25, 2022
Last seenJun 18, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398705
OrgCensys, Inc.
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
raw
NetRange: 167.94.145.0 - 167.94.146.255 CIDR: 167.94.145.0/24, 167.94.146.0/24 NetName: CENSY NetHandle: NET-167-94-145-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398705 Organization: Censys, Inc. (CENSY) RegDate: 2021-09-13 Updated: 2023-08-05 Ref: https://rdap.arin.net/registry/ip/167.94.145.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
references
https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 5 days ago
Appeared in 27 threat reports