IOC Radar
IPMediumSignal 75/100

162.142.125.81

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Oct 16, 2020
Last Seen
Jun 10, 2026
Oct 16
First Seen
2078d ago
Jun 10
Last Seen
16d ago
33
Reports
source reports
75%
Confidence
medium
Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

99 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

33 reports75% confidence
33
Source reports
75%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningactor listadbhoney honeypotadministrative accessagentalertapi servicesapplication layer protocolasiaattackattack vectorsaustraliaauthenticationauthentication attacksauthentication attemptsauto-generated securityautomated activityautomated attackautomated attacksautomated threatsbad ip'sbad reputationbad web botblacklist candidateblacklist ipblacklisted ipblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationc2 servercanadacdn77censys-benigncertchina mobilecins activecisco devicecisco exploit attemptcisco exploitation attemptcisco exploitation attemptscitrix exploitationcitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnect scanconpotconpot honeypotcontainer securitycontent deliverycowriecowrie activitycowrie detected activitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential_accesscredential_attackcredentialaccesscurlcvecyber securitycyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attacksddos probeddospotdecoy systemdenial of servicedevice managementdictionary attackdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdshield blocke-commerceelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationet dropeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexpressexternal network scanexternal reconnaissanceexternal scanexternal scanningexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall detection probefirewall evasionfrancefraudfraud voipftpftp attackftp attacksftp brute forceftp brute-forcefull connect scangalahgithubglobalgluttongopothackinghellpotheralding activityheralding attemptshk abusehandlerhomehoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpicmp scanics securityidentity & access exploitationids evasionimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_access_attemptinjection activityinjection attacksinsaneinternet facing assetinternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-wide scanintrusion attemptintrusion detectioniociot botnetiot securityiot targetediot/ics attackip-addressesipphoney honeypotipv4ipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_addressit infrastructurejamaicajapankalikfsensor honeypotkibanalamplamp attacklamp exploitlamp exploit attemptlamp exploitation attemptlamp exploitation attemptslamp server attackslamp server targetinglamp stack targetinglateral movementlinuxlinux targetlisted sourcelog4potloginattacklvmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious activity detectedmalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious payload detectionmalicious scanmalicious softwaremalicious trafficmalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware propagationmanualmass port scanmass scanningmasscanmediummedpotmelbourne regionmicrosoft technologiesmirai botnetmisp threatmssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork monitoringnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_enumerationnetwork_intrusionnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnmap scannorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port enumerationopen port identificationopen proxyopen threatoperating systemoperating system securityopportunistic attackeros credential dumpingos detectionos fingerprintingos fingerprinting attemptotx pulsenametip0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturesparispassword attackpassword attackspassword sprayingpassword_attackpgp signphishingphishing attackphishing trapphppingping of deathpinyinpla unitpolandpoland originpoor reputationportpossible exploit attemptspossible malicious activitypossible reconnaissancepossible vulnerability scanningpotential compromisepotential intrusionpotential intrusion attemptpotential malwarepotential malware deliverypotential malware distributionpotential reconnaissance activitypotential threatpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprivilege escalationprocess injectionprotoprotocol abuseprotocol exploitationproxyproxy accessproxy protocolpythonrandomransomwarerdprdp attacksrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource developmentresource hijackingretailrpcrtbhsansscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysecurity probingsensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserverserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftpsftp access attemptssftp attacksftp exploitation attemptsshadowshell accessshell access attemptsip attackssip brute forcesip exploitationsip scanningsippslugsmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsshssh attackssh attacksssh monitoringstealth scanstealth scan techniquessurface websuricata alertsuricata alertssweep scansynsyn port scansyn scansystem accesssystem discoverysystem disruptiont-pott1003t1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1205t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1555.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner detected activitytanner eventstanner exploitstanner interactionstargeted scantargeting databasetcp protocoltcp scantcp scanningtcp/iptelecommunicationtelecommunicationstelnettelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligenceti advisorytimeouttokyotor nodetorontotpottpotcetsectsocudp port scanudp scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized login attemptsunauthorized probingunit coverunited kingdomunited statesunited states of americaunixunknown threat actorusus abuseus noneuserverified-benignvnc protocolvoipvoip attackvoip servicesvulnerability scanvultr cloud infrastructurevultr hostingvultr infrastructure targetedvultr-platformvultr_platform_activityweak credentialsweb apisweb application attackweb application attacksweb application scanningweb applicationsweb attackweb developmentweb exploitweb exploitationweb exploitsweb hostingweb infrastructureweb login attemptweb server attackweb service attacksweb servicesweb shellweb shell attemptweb shell detectionweb shell uploadweb spamweb technologiesweb trafficwgetwindow scanwindowswordpotxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
33
Reports
First seenOct 16, 2020
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

raw
NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references
https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://github.com/telekom-security/tpotce, https://redpiranha.net, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 16 days ago
Appeared in 33 threat reports