IOC Radar
IPMediumSignal 75/100

162.142.125.80

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Oct 16, 2020
Last Seen
Jun 10, 2026
Oct 16
First Seen
2081d ago
Jun 10
Last Seen
18d ago
33
Reports
source reports
75%
Confidence
medium
Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

106 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

33 reports75% confidence
33
Source reports
75%
Confidence score
Category tags
abuseaccessaccess controlaccount compromiseaccount securityaccount takeover attemptsackack scanactive reconnaissanceactive scanactive scanningactor listadbhoney activityadbhoney honeypotadbhoney interactionsadminadministrative accessamerican expressanomalous network connectionsapiapplication layer protocolaptasiaattackattack attemptattack surface discoveryattacker ipaustraliaauthentication abuseauthentication attacksauthentication attemptsauthentication failureauthentication-attackauto-generated securityautomated activityautomated attackbad ip'sbad reputationbad web botblacklist candidateblacklist ipblacklisted ip addressblock listblock.txtbotnetbotnet activitybrazilbrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationc2 servercanadacensys-benigncertchina mobilecisco devicecisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommentcommon password attackscommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnect scanconpotconpot activityconpot honeypotconpot ics attackconpot ics exploitationconpot interactionscontainer securitycowriecowrie activitycowrie detected activitycowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential bruteforcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential-guessingcredential_attackcredentialaccessctacurlcvecyber threatscyberattackdaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdata store exposuredata theftdatabase attackdatabase attacksdatabase brute forcedatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attacksddos preparationddos probeddospotdecoy systemdenialdenial of servicedenial-of-servicedenial-of-service attemptdevice managementdictionary attackdictionary_attackdigital oceandigitalocean infrastructuredionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdistributed attacksdnsdns attackdockerelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationenumeration attempteu cyber policieseuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal scanexternal scanningexternal threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinancefinancial servicesfirewall detectionfirewall detection probefrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcefull connect scangalahgithubgluttongopotgroupshackinghellpotheralding activityheralding probeshk abusehandlerhomehoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshoneytrap logshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshttps scanninghuaweihunterhurricane usicmpicmp scanics securityidentity & access exploitationimapimap scanningindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access preparationinitial_access_attemptinjection activityinjection attacksinternet facing assetinternet facing assetsinternet of thingsinternet-facinginternet-facing assetsinternet-wide scaninternet_scaninternet_scannersintrusion detectioninvalid login attemptsiociot botnetiot exploit attemptsiot securityiot targetediot/ics attackip-addressesipphoney honeypotipv4ipv4 addressesipv4 port scanningipv4 scanningipv4_addressjapankfsensor honeypotkibanalamplamp attacklamp exploitlamp exploitation attemptlamp server attacklamp server targetlamp stack targetinglatamlateral movementlinuxlog4potlogin attacklogin attemptloginattackmailoney activitymailoney attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ipmalicious ip activitymalicious ip listmalicious ipv4malicious network activitymalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptsmalware downloadmalware propagationmanualmass port scanmass scanningmasscanmasscan activitymassive port scanmedia & entertainmentmedpotmelbourne regionmicrosoft technologiesmiraimirai botnetmisp threatmssqlnation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork_attacknetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnmapnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port enumerationopen port identificationopen portsopen threatopen_port_discoveryoperating systemoperating system securityopportunistic attackeros credential dumpingos detectionos fingerprintingos fingerprinting attemptotx pulsenametip0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword_attackpgp signphishingphishing attackphishing trapping of deathpinyinpla unitpngpolandpop3 scanningpossible botnet activitypossible exploit attemptspossible malware distributionpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpotential botnetpotential botnet activitypotential compromisepotential credential compromisepotential exploit targetingpotential intrusionpotential intrusion attemptpotential reconnaissance activitypotential threatpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningpotential_reconnaissanceprivilege escalationprobable vulnerability assessmentprocess injectionprotocol exploitationproxyproxy accessproxy protocolpythonrandomransomwarerdprdp attacksrdp scanningreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotregional securityremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrpcrtbhsansscams & fraudscanscannerscanner ipscannersscanning activityscriptscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserverserver exploitationserviceservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftpsftp access attemptsftp activitysftp attacksftp scanningshell accessshell access attemptsipsip attackssip brute forcesip scansip scanningsip_protocolsippslugsmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationspamsql injectionsql injection attemptsshssh attackssh attacksssh monitoringstealth scanstealth scan techniquessurface websuricata alertsuricata alertssuspected malicious activitysweep scansynsyn port scansyn scansystem accesssystem administrationsystem discoverysystem disruptiont-pott1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1205t1205 traffict1210t1486t1490t1496t1498t1498 networkt1499t1499 endpointt1499.001t1499.002t1499.003t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.003t1590.005t1592t1592.004t1595t1595.001t1595.002t1595.003ta0001 initialta0005 defenseta0040 impacttannertanner activitytanner detected activitytanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstanner web attacktargeting databasetcptcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationtelecommunicationstelnet attackstelnet scanningtelnet threatthreatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligenceti advisorytimeouttokyotop10.txttopips.txttor nodetorontotpottsectsocudp port scanudp scanudp_scanunauthorized accessunauthorized access attemptunauthorized activityunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized scanningunit coverunited kingdomunited statesunited states of americaunknown threat actorusus abuseus noneuservalid accountsvalidatorverified-benignvirustotal analysisvnc protocolvoipvoip attackvulnerability scanvultr cloud infrastructurevultr infrastructure targetedvultr_platform_activityweb application attackweb application attacksweb application scanningweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell detectionweb shell uploadweb trafficwestpac new zealandwgetwinwindowswordpotxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
33
Reports
First seenOct 16, 2020
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords42.2809, -83.7489
Proxy

VirusTotal

Not checked

WHOIS

raw
NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 18 days ago
Appeared in 33 threat reports