IPMediumSignal 72/100

`162.142.125.235`

Location

United States

Ann Arbor, Michigan

ASN

AS398324

Censys Inc

First Seen

Jan 21, 2021

Last Seen

Jun 10, 2026

Jan 21

First Seen

1981d ago

Jun 10

Last Seen

15d ago

Reports

source reports

72%

Confidence

medium

Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

72%

Signal Score

72 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

88 techniques

Network Information

Country

United States

RegionAnn Arbor, Michigan

ASNAS398324

OrganizationCensys Inc

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

28 reports72% confidence

Source reports

72%

Confidence score

Category tags

abuseaccount compromiseaccount takeover attemptsackack scanactive reconnaissanceactive scanactive scanningactor listadbhoney honeypotagentalertapplication layer protocolapplication scanningasiaattackattack attemptattack surface discoveryattack vectorsattacker ipaustraliaauthentication abuseauthentication attacksauthentication attemptsauto-generated securityautomated activityautomated attackbad reputationbanner grabbing attemptblacklisted ip addressblock listbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationc2 servercanadacensys-benignchina mobilecins activecloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon password attackscommunication protocolcompany limitedcompromised devicecompromised hostcompromised hostscompromised systemconnect scanconpot honeypotcontainer securitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute forcecredential brute-forcingcredential bruteforcingcredential guessingcredential harvestingcredential stuffingcredential_attackcurlcvecyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos probeddospotdecoy systemdenial of servicedictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationenumeration attemptet dropeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackexternal network scanexternal reconnaissanceexternal scanexternal scanningexternal threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall probingfranceftpftp attackftp attacksftp brute forcegalahgluttongopothackinghellpothk abusehandlerhoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpicmp scanics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_access_attemptinjection activityinjection attacksinternal scaninternet facing assetinternet facing assetsinternet wide scaninternet-facinginternet-facing assetsinternet-wide scaninternet_scaninternet_scannersintrusion detectioninvalid login attemptsiociot securityiot/ics attackip-addressesipphoney honeypotipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4_addressjapankfsensor honeypotkibanalateral movementlisted sourcelog4potlogin attackmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious communication blockingmalicious file transfermalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmalware propagation attemptmanualmass scanningmass scanning activitymasscanmassive port scanmedpotmelbourne regionmisp threatmssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port identificationopen threatopen_port_discoveryos detectionos fingerprintingotx pulsenametip0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword_attackpgp signphishingphishing attackphishing trappingping of deathpinyinpla unitpoor reputationportpossible botnet activitypossible exploit attemptspossible reconnaissancepossible reconnaissance activitypossible vulnerability scanningpotential attack vectorpotential intrusionpotential intrusion attemptpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanningprobing activityprocess injectionprotoprotocol exploitationproxyproxy accessransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingsansscannerscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity probingsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationshell accessshell access attemptsip attackssippsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsoftware exploitationspamsql injectionsql injection attemptsql injection attemptsssh attackssh attacksssh monitoringstealth scanstealth scan techniquessuricata alertsuricata alertssynsyn port scansyn scansystem accesssystem disruptiont1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1029t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1082t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationstelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat-intelligencethreat_intelligenceti advisorytokyotor nodetorontotpottsectsocudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized probingunit coverunited kingdomunited statesunited states of americaunknown threat actorusus abuseus noneverified-benignvnc protocolvoipvoip attackvulnerability scanvultr cloud infrastructurevultr infrastructure targetedvultr_platform_activityweb application attackweb application attacksweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwordpotxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs

Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

72%

Confidence

Reports

First seenJan 21, 2021

Last seenJun 10, 2026

GeolocationUS

CountryUnited States

LocationAnn Arbor, Michigan

ASNAS398324

OrgCensys Inc

Coords42.2809, -83.7489

Proxy

VirusTotal

Not checked

WHOIS

raw: NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN

`162.142.125.235`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey