IPMediumSignal 66/100

`162.142.125.248`

Location

United States

Ann Arbor, Michigan

ASN

AS398324

Censys Inc

First Seen

Jan 21, 2021

Last Seen

Jun 10, 2026

Jan 21

First Seen

1979d ago

Jun 10

Last Seen

14d ago

Reports

source reports

66%

Confidence

medium

Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

66%

Signal Score

66 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

88 techniques

Network Information

Country

United States

RegionAnn Arbor, Michigan

ASNAS398324

OrganizationCensys Inc

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

28 reports66% confidence

Source reports

66%

Confidence score

Category tags

abuseackack scanactive scanactive scanningadbadb exploitadbhoney honeypotagentalertasiaattackaustraliaauthentication attacksauto-generated securitybad reputationbanner grabbing attemptblacklisted ip addressblock listbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationcensys-benigncertchina mobilecins activecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompany limitedcompromised credentials attemptcompromised hostcompromised hostscompromised systemconnect scanconpot honeypotcontainer securitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential harvestingcredential stuffingctacurldata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos attacksddos probeddospotdecoy systemdenial of servicedictionary attackdionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdropperdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationenumeration activityet dropexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal scanexternal threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall detection probefirewall probingftpftp attackftp attacksftp brute forcegalahgluttongopothackinghellpothk abusehandlerhoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternet-facingintrusion detectioniociot securityiot/ics attackipphoney honeypotkibanalateral movementlisted sourcelog4potmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious adb activitymalicious communication blockingmalicious file transfermalicious network activitymalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmalware-related botnet activitymanualmass port scanmass scanning activitymasscanmasscan activitymedpotmobilemobile securitymssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork-based attack attemptsnmapnmap scannmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port enumerationopen portsos detectionos fingerprintingos fingerprinting attemptp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackspassword sprayingpgp signphishingphishing attackphishing trappingpoor reputationportpossible botnet infectionpossible reconnaissancepossible vulnerability probingpossible vulnerability scanningpotential attack vectorpotential exploit targetingpotential intrusion attemptpotential reconnaissance activitypotential threatpotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability scanningprobing activityprocess injectionprotoprotocol exploitationproxyproxy accessransomwarerdp attacksreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingsansscannerscanning activityscripting attackssecurity eventsecurity operationssensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice scanservice version detectionshell accessshell access attemptsip attackssippsmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationsql injectionsql injection attemptssh attackssh attacksssh monitoringstealthstealth scansuricata alertsuricata alertssynsyn port scansyn scansystem disruptiont1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1029t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.007t1064t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1082t1083t1087t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeted scantargeting databasetcp protocoltcp scanningtelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedtor nodetpottsecudp port scanunauthorized accessunauthorized access attemptunauthorized login attemptunited statesunited states of americaunsolicited network probeunsolicited port accessusus abuseus noneverified-benignvnc protocolvoipvoip attackvulnerability scanweb application attackweb application attacksweb attackweb exploitationweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwordpotxmasxmas port scanxmas scan

Activity Timeline

1 total obs

Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

66%

Confidence

Reports

First seenJan 21, 2021

Last seenJun 10, 2026

GeolocationUS

CountryUnited States

LocationAnn Arbor, Michigan

ASNAS398324

OrgCensys Inc

Coords37.7510, -97.8220

Proxy

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=suricata; threshold?1; private IPs excluded.
raw: NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
references: https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

`162.142.125.248`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey