IPMediumSignal 74/100
162.142.125.131
Location
United StatesAnn Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Jan 21, 2021
Last Seen
Jun 10, 2026
Found in 30 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
30 reports74% confidence
30
Source reports
74%
Confidence score
Category tags
abuseaccount compromiseackack scanactive reconnaissanceactive scanactive scanningactor listadbhoney honeypotapacheapache attackerasiaattackattack attemptattack surface discoveryattack vectorsattacker ipaustraliaauthentication attemptsauto-generated securityautomated activityautomated attackautomated threatbad reputationbanner grabbing attemptblacklisted ipblacklisted ip addressbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationcanadacensys-benigncertcloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompromised hostcompromised hostscompromised systemconnect scanconpot honeypotcontainer securitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute forcecredential brute-forcingcredential harvestingcredential stuffingcredential_attackcurlcvecyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdenial of servicedictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackexternal scanexternal scanningexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall evasionfranceftpftp attackftp attacksftp brute forcegalahgluttongopothackinghellpothoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationids evasionimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access preparationinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet facing assetinternet facing assetsinternet wide scaninternet-facinginternet-facing assetsinternet-wide scaninternet_scaninternet_scannersintrusion detectioniociot securityiot/ics attackip-addressesipphoney honeypotipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_addressjapankfsensor honeypotkibanalateral movementlog4potmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious communication blockingmalicious file transfermalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmalware-related botnet activitymanualmass port scanningmass scanning activitymasscanmasscan activitymedpotmelbourne regionmisp threatmssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnmap scannmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port identificationopen threatopen_port_discoveryopportunistic attackopportunistic attackeros detectionos fingerprintingotx pulsenametip0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword_attackphishingphishing attackphishing trapping of deathpinyinpla unitpossible botnet infectionpossible exploit attemptspossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprobing activityprocess injectionprotocol exploitationproxyproxy accessransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingsansscanscannerscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationshell accessshell access attemptsip attackssippsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationsql injectionsql injection attemptsql injection attemptsssh attackssh attacksssh monitoringstealthstealth scanstealth scan techniquessuricata alertsuricata alertssynsyn port scansyn scansystem disruptiont1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1029t1040t1041t1046t1053t1055t1059t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.003t1590.005t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationstelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat-intelligencethreat_intelligenceti advisorytokyotor nodetorontotpottsectsocudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunauthorized network activityunauthorized probingunauthorized scanningunit coverunited kingdomunited statesunited states of americaunknown threat actorunsolicited network probeunsolicited port accessusverified-benignvnc protocolvoipvoip attackvulnerability scanvultr cloud infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activityweb application attackweb application attacksweb attackweb brute forceweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwindow scanwordpotxmasxmas port scanxmas scan
Activity Timeline
Jun 10Jun 10
Threat Activity Heatmap
· Peak: 2026-06-10LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
30
Reports
First seenJan 21, 2021
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords42.2809, -83.7489
Proxy
VirusTotal
Not checked
WHOIS
- raw
- NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 17 days ago
Appeared in 30 threat reports