IPMediumSignal 72/100

`162.142.125.141`

Location

United States

Ann Arbor, Michigan

ASN

AS398324

Censys Inc

First Seen

Jan 21, 2021

Last Seen

Apr 21, 2026

Jan 21

First Seen

1982d ago

Apr 21

Last Seen

66d ago

Reports

source reports

72%

Confidence

medium

Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

72%

Signal Score

72 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

77 techniques

Network Information

Country

United States

RegionAnn Arbor, Michigan

ASNAS398324

OrganizationCensys Inc

Feed Intelligence Summary

29 reports72% confidence

Source reports

72%

Confidence score

Category tags

abuseaccess controlaccount compromiseaccount takeover attemptsackack scanactive reconnaissanceactive scanactive scanningapacheapache attackerapplication layer protocolasiaattackattack surface discoveryattack vectorsattacker ipaustraliaauthentication attemptsauto-generated securityautomated activityautomated attackbad reputationblacklisted ipblacklisted ip addressbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsc2canadacensys-benigncertcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon password attackscommunication protocolcommunication securitycompromised hostcompromised hostsconnect scancowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute forcecredential brute-forcingcredential bruteforcingcredential guessingcredential harvestingcredential stuffingcredential_attackcvecyberattackdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase securityddosddos attackddos attack indicatorsddos attacksdecoy systemdenial of servicedictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdirectory traversal probedistributed attacksdnsdns attackencryptionenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploitationexploitation activityexploitation attemptexploitation attemptsexploited hostexternal attackexternal reconnaissanceexternal scanexternal threatexternal_threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall detection probefirewall probingfranceftpftp attacksftp brute forcehackinghoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshttp attackhttp brute forcehttp probehttp probinghttp scannerhttp scanninghttpsicmpicmp scanidentity & access exploitationimapindicatorindicators of compromiseinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet facing assetinternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-wide scaninternet_scaninternet_scannersintrusion detectioninvalid login attemptsiociot botnetiot securityiot/ics attackip-addressesipv4ipv4 addressesipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4_addressjapankfsensor honeypotlateral movementlogin attackmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip listmalicious ipsmalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmalware propagation attemptmalware-related botnet activitymanualmass port scanmass scanningmasscanmasscan activitymelbourne regionmirai botnetmssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen_port_discoveryopportunistic attackeros detectionos fingerprinting attemptp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword_attackphishingphishing attackphishing trapping of deathpossible botnet activitypossible botnet infectionpossible malicious activitypossible reconnaissance activitypossible vulnerability probingpotential attack vectorpotential exploit targetingpotential intrusionpotential intrusion attemptpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability probingpotential vulnerability scanprocess injectionprotocol exploitationransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance activityremote accessremote access attackremote code executionremote servicesresearchedresource hijackingsansscanscannerscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsip attackssmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsocial engineeringsocradarsoftware exploitationsql injectionsql injection attemptsql injection attemptssql injection probessh attackssh attacksssh monitoringstealthstealth scanstealth scan techniquessuricata alertsuricata alertssynsyn port scansyn scansystem accesst1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.004t1027t1040t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.002t1078.004t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1213t1486t1496t1499.001t1499.002t1499.003t1505t1505.002t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeted scantargeting databasetcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationstelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligencetokyotor nodetorontotpottsecudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized probingunited kingdomunited statesunited states of americaunknown threat actorusverified-benignversion detectionvnc protocolvoipvoip attackvulnerability scanvultr cloud infrastructurevultr infrastructure targetedvultr_platform_activityweb application attackweb application attacksweb attackweb exploitationweb exploitsweb shell attemptweb shell detectionweb shell uploadweb trafficxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs

Apr 21Apr 21

Threat Activity Heatmap

· Peak: 2026-04-21

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

72%

Confidence

Reports

First seenJan 21, 2021

Last seenApr 21, 2026

GeolocationUS

CountryUnited States

LocationAnn Arbor, Michigan

ASNAS398324

OrgCensys Inc

Coords42.2809, -83.7489

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
raw: NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN

`162.142.125.141`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey