IPMediumSignal 65/100
167.248.133.125
Location
United StatesAnn Arbor, Michigan
ASN
AS398324
Censys, Inc.
First Seen
Jan 25, 2022
Last Seen
Jun 19, 2026
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys, Inc.
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
32 reports65% confidence
32
Source reports
65%
Confidence score
Category tags
360 f.c.u.abuseaccess attemptsaccount compromiseactive scanactive scanningadbadbhoney honeypotaerospace & defenseandroidapplication layer protocolasiaattackattack surface discoveryaustraliaauthentication attacksauthentication failureauto-generated securityautomotive manufacturingbad reputationbad web botbanco santander colombiabankingbarclays bank plcblock listbotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebruteforcec2 communicationcensys-benignchina mobilecitizens trust companycivil servicescloud infrastructurecloud infrastructure attackcloud servicescode executioncode injectioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommercial sexcommercial spamcommon web exploitscommunication protocolcompany limitedcompromised hostcompromised systemsconfigconpot honeypotcontainer securitycowriecowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential harvestingcredential stuffingcredit card servicescurlcvecyber securitydata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attack indicatorsddos probeddospotdecoy systemdefensedefense contractingdefense logisticsdefense systemsdefense technologydelhidenial of servicedigital oceandiners club internationaldionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversaldirectory traversal attemptdistributed attacksdnsdns attackdockerdropperelasticpot honeypotelasticsearchelasticsearch monitoringelectronics manufacturingencryptionenergyenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefin scanfinancefinance and insurancefinancial servicesfinancial technologyfirst security bankftpftp attackftp attacksftp brute forcegalahgluttongopotgovernment technologygreat western bankgurgaonhackinghellpothk abusehandlerhoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicici bank canadaicmpics securityidentity & access exploitationidsillegal servicesimapindiaindicatorindicators of compromiseindustrial automationindustrial control systemsindustrial iotindustrial productioninformation gatheringinfrastructure scanninginitial accessinjection activityinjection attacksinput validationinternet-facingintrusion detectioniociot attackiot securityiot/ics attackipphoney honeypotipsipv4ipv4 addressesipv4 threatsjpmorgan chase bankkfsensor honeypotkibanalateral movementlfiload balancerlog4potlogberg trust corp.loginlogin attemptsmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip activitymalicious network activitymalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmanufacturing technologymedia & entertainmentmedpotmilitary operationsmobilemobile securitymobile threatmssqlmysql brute forcenational securitynetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork monitoringnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service discoverynetwork service scanningnetwork traffic analysisnetwork-based attack attemptsnextraynoidanorth americanull scanoceaniaopen port detectionos credential dumpingp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpayment processingpgp signphishingphishing attackphishing trapphpportscanprobingprocess injectionprocess manufacturingprotocol exploitationproxyproxy accesspublic administrationpublic infrastructurepublic policyquality controlransomwareransomware activityrdp attacksrdp scanningreconnaissanceredis honeypotregulatory agenciesremote accessremote access attackremote access attemptremote code executionremote servicesresearchedresource hijackingrfisansscannerscannersscanningscanning activityscripting attackssecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserverserver exploitationservice discoveryservice enumerationservice probingservice scanshell accessshell access attemptsip attackssippslugsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsociete generalesoftware exploitationspainspamspam advertisementspam advertisement campaignsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringsupply chain attacksupply chain managementsurface websuricata alertsuricata alertssyn scansystem discoverysystem disruptiont1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1046t1053t1055t1056t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1199t1202t1203t1204t1204.002t1210t1486t1490t1496t1497.001t1499.001t1499.002t1499.003t1505t1505.002t1505.004t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1583t1588t1588.002t1588.006t1589t1590t1592t1595t1595.001t1595.002t1595.003t1598t1598.003t1600t1608tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp/23tcp/3306tcp/80telecommunicationstelnettelnet attackstelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedtimeouttor nodetpottsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunauthorized probingunited statesunited states of americaunited workers f.c.u.unsolicited communicationunsolicited contactunsolicited contentusus abuseus noneverified-benignvnc protocolvoipvoip attackvulnerability scanvultrwafwaf bypasswealth managementweb app attackweb application attackweb application attacksweb attackweb exploitationweb exploitsweb login attemptweb scannerweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwebscanwebscannerwestpac banking corporationwgetwordpotxmas scanxss
Activity Timeline
Jun 19Jun 19
Threat Activity Heatmap
· Peak: 2026-06-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
32
Reports
First seenJan 25, 2022
Last seenJun 19, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys, Inc.
Coords37.7510, -97.8220
Proxy
VirusTotal
Not checked
WHOIS
- description
- Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
- raw
- NetRange: 167.248.133.0 - 167.248.133.255 CIDR: 167.248.133.0/24 NetName: CENSY NetHandle: NET-167-248-133-0-1 Parent: NET167 (NET-167-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-08-21 Updated: 2024-08-09 Ref: https://rdap.arin.net/registry/ip/167.248.133.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
- references
- https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-12/, https://jamesbrine.com.au, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-11/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-09/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-08/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-07/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-04/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-03-03/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-01/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-02-28/, https://jamesbrine.com.au/digitaloceantoronto-portscan-bruteforce-ip-list-2026-02-26/, https://jamesbrine.com.au/vultrparis-portscan-bruteforce-ip-list-2026-02-25/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-02-25/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-25/, https://jamesbrine.com.au/vultrtokyo-portscan-bruteforce-ip-list-2026-02-23/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-02-22/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-02-22/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-17/, https://jamesbrine.com.au/digitaloceanlondon-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/digitaloceansingapore-portscan-bruteforce-ip-list-2026-03-14/, https://jamesbrine.com.au/vultrmelbournetest-portscan-bruteforce-ip-list-2026-03-14/, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 years ago · Last seen 6 days ago
Appeared in 32 threat reports