IPMediumSignal 67/100

`162.142.125.250`

Location

United States

Ann Arbor, Michigan

ASN

AS398324

Censys Inc

First Seen

Jan 21, 2021

Last Seen

Jun 10, 2026

Jan 21

First Seen

1982d ago

Jun 10

Last Seen

16d ago

Reports

source reports

67%

Confidence

medium

Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

67%

Signal Score

67 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

91 techniques

Network Information

Country

United States

RegionAnn Arbor, Michigan

ASNAS398324

OrganizationCensys Inc

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

28 reports67% confidence

Source reports

67%

Confidence score

Category tags

abuseaccess controlackack scanactive scanactive scanningadbhoney honeypotapacheapache attackerasiaattackaustraliaauthentication attacksauto-generated securityautomated attacksbad reputationblacklisted ip addressblock listbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationcensys-benigncertchina mobilecode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcompany limitedcompromised hostcompromised systemconnect scanconpot honeypotcontainer securitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute-forcingcredential guessingcredential harvestingcredential stuffingctacurlcvedata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcddosddos attackddos participationddos probeddospotdecoy systemdenial of servicedionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenumerationexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal network scanexternal scanexternal threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionftpftp attackftp attacksftp brute forcefull connect scangalahgluttongopothackinghellpothk abusehandlerhoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationids evasionimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternal scaninternet-facingintrusion detectioniociot securityiot/ics attackipphoney honeypotkibanalateral movementlog4potlogin attemptmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious communication blockingmalicious domainmalicious file transfermalicious network activitymalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmanualmass port scanmass scanningmasscanmedpotmssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork traffic analysisnetwork-based attack attemptsnmapnorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port enumerationos detectionos fingerprintingp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackspassword sprayingpgp signphishingphishing attackphishing trappossible malicious activitypossible reconnaissancepossible reconnaissance activitypotential exploit targetingpotential intrusion attemptpotential threatpotential threat actorpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprobable vulnerability assessmentprocess injectionprotocol exploitationproxyproxy accessransomwarerdp attacksreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingsansscanscannerscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice scanservice version detectionshell accessshell access attemptshell commandsip attackssippsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationsql injectionsql injection attemptssh attackssh attacksssh monitoringstealth scansuricata alertsuricata alertssuspected malicious activitysynsyn port scansyn scansystem disruptiont1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1029t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1068t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1082t1083t1087t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1205t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590.001t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet attackstelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventiontor nodetpottsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized scanningunited statesunited states of americaunsolicited network probeusus abuseus noneverified-benignvnc protocolvoipvoip attackvulnerability scanweb application attackweb application attacksweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwordpotxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs

Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreMedium Risk

SIGNAL

Signal Score

67%

Confidence

Reports

First seenJan 21, 2021

Last seenJun 10, 2026

GeolocationUS

CountryUnited States

LocationAnn Arbor, Michigan

ASNAS398324

OrgCensys Inc

Coords37.7510, -97.8220

Proxy

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=suricata; threshold?1; private IPs excluded.
raw: NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
references: https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

`162.142.125.250`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey