IPMediumSignal 80/100
162.142.125.132
Location
United StatesAnn Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Jan 21, 2021
Last Seen
Jun 10, 2026
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
80%
Signal Score
80 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
28 reports80% confidence
28
Source reports
80%
Confidence score
Category tags
abuseaccount compromiseackack scanactive scanactive scanningactor listadbadbhoney honeypotapacheapache attackerapplication layer protocolapplication scanningasiaattackattack attemptattack surface discoveryattack vectorsattacker ipaustraliaauthentication attemptsauto-generated securityautomated activityautomated attackautomated threatbad reputationbad web botbanner grabbing attemptblacklisted ip addressbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationc2 servercanadacensys-benigncloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompromised hostcompromised hostsconnect scanconpot honeypotcontainer securitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential harvestingcredential stuffingcurlcvecyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos probeddospotdecoy systemdenial of servicedigital oceandigitalocean environmentdigitalocean infrastructuredionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdropperelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationenumeration activityenumeration attempteuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal network scanexternal reconnaissanceexternal scanexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall evasionfranceftpftp attackftp attacksftp brute forcegalahgluttongopothackinghellpothoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet facing assetinternet facing assetsinternet wide scaninternet-facinginternet-facing assetsinternet-wide scaninternet_scaninternet_scannersintrusion detectioniociot securityiot/ics attackip-addressesipphoney honeypotipv4ipv4 addressesipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_addressjapankfsensor honeypotkibanalateral movementlog4potmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmanualmass port scanmass scanningmass scanning activitymasscanmasscan activitymassive port scanmedpotmelbourne regionmisp threatmobilemobile securitymssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port identificationopen portsopen threatopen_port_discoveryopportunistic attackopportunistic attackeros credential dumpingos detectionos fingerprintingotx pulsenametip0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingphishingphishing attackphishing trapping of deathpinyinpla unitpossible exploit attemptspossible reconnaissance activitypossible vulnerability probingpotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threatpotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanningprobing activityprocess injectionprotocol exploitationproxyproxy accessransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingsansscannerscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationshell accessshell access attemptsip attackssippsmb brute forcesmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptsssh attackssh attacksssh monitoringstealthstealth scansuricata alertsuricata alertssuspected malicious activitysynsyn port scansyn scansystem discoverysystem disruptiont1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1053t1055t1059t1059.003t1059.004t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1202t1203t1204t1204.002t1210t1486t1490t1496t1497.001t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.003t1590.005t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeted scantargeting databasetcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat-intelligencethreat_intelligenceti advisorytokyotor nodetorontotpottsectsocudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunauthorized probingunit coverunited kingdomunited statesunited states of americaunknown threat actorusverified-benignvnc protocolvoipvoip attackvulnerability scanvultr infrastructure targetedvultr-platformvultr_platform_activityweb application attackweb application attacksweb attackweb brute forceweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwordpotxmasxmas port scanxmas scanzmap
Activity Timeline
Jun 10Jun 10
Threat Activity Heatmap
· Peak: 2026-06-10LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
80
SIGNAL
Signal Score
80%
Confidence
28
Reports
First seenJan 21, 2021
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords42.2809, -83.7489
Proxy
VirusTotal
Not checked
WHOIS
- raw
- NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 5 years ago · Last seen 18 days ago
Appeared in 28 threat reports