IOC Radar
IPMediumSignal 75/100

162.142.125.83

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Oct 16, 2020
Last Seen
May 30, 2026
Oct 16
First Seen
2079d ago
May 30
Last Seen
27d ago
35
Reports
source reports
75%
Confidence
medium
Found in 35 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

106 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

35 reports75% confidence
35
Source reports
75%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityaccount takeover attemptsackack scanactive reconnaissanceactive scanactive scanningactor listadb scanningadbhoney activityadbhoney honeypotadministrative accessapplication layer protocolaptasiaattackattack surface discoveryattack vectorsattacker ipaustraliaauthentication attacksauthentication attemptsauto-generated securityautomated activityautomated attackbad ip'sbad reputationbad web botblacklist candidateblacklist ipblacklisted ipblacklisted ip addressblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationc2 servercanadacdn77censys-benigncertchina mobilecisco devicecisco device targetingcisco exploit attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemcompromised systemsconfiguration manipulationconfiguration modificationconnect scanconpot activityconpot honeypotconpot ics attackscontainer securitycowrie activitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredentialaccesscron injectionctacurlcvecyber securitycyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdenial of servicedevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockere-commerceelasticpot activityelasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenumerationenumeration attempteuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexpressexternal attackexternal network scanexternal scanexternal scanningexternal threatexternal threat actorexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall probingfrancefraudfraud voipftpftp attackftp attacksftp brute forceftp brute-forcefull connect scangalahglobalgluttongopothackinghellpotheralding activityheralding attacksheralding attemptshk abusehandlerhoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationids evasionimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial access preparationinitial access vectorinjection activityinjection attacksinsaneinternal scaninternet facing assetinternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-wide scaninternet_scanintrusion detectioniociot botnetiot securityiot targetediot/ics attackip-addressesipmi scanningipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_addressjamaicajapankalikfsensor honeypotkibanalamplamp attacklamp exploitlamp exploit attemptlamp exploitation attemptslateral movementlinuxlog4potlogin attacklogin brute forceloginattacklvmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious communication blockingmalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious network activitymalicious scanmalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware downloadmalware installationmalware propagationmalware propagation attemptmanualmass scanningmasscanmasscan activitymassive port scanmassive scanningmediummedpotmelbourne regionmicrosoft technologiesmirai botnetmisp threatmodule loadingmssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_reconnaissancenetwork_scannetwork_scanningnmapnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port enumerationopen port identificationopen portsopen threatopen_port_discoveryoperating systemoperating system detectionoperating system securityopportunistic attackeros credential dumpingos detectionos fingerprintingotx pulsenametip0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapphpping of deathpinyinpla unitpossible botnet activitypossible intrusion attemptpossible malicious activitypossible reconnaissancepossible vulnerability exploitationpossible vulnerability probingpossible vulnerability scanpossible vulnerability scanningpotential attack vectorpotential brute forcepotential exploit targetingpotential intrusionpotential intrusion attemptpotential malwarepotential reconnaissance activitypotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobable vulnerability assessmentprocess injectionprotocol exploitationproxyproxy accessproxy protocolransomwareransomware activityrcerdprdp attacksrdp scanningreconnaissancereconnaissance activityredis exploitation attemptredis honeypotremote accessremote access attackremote access attemptsremote code executionremote servicesreplication attackresearchedresource hijackingretailrpcrtbhsansscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer eventssentrypeer interactionsserverserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftp access attemptsftp attacksftp attemptsshadowshell accessshell access attemptsip attackssip brute forcesip scanningsippslaveofslugsmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh key injectionssh monitoringstealth scansurface websuricata alertsuricata alertssuspected malicious activitysweep scansynsyn port scansyn scansystem accesssystem discoverysystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1029t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1205t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1505.003t1505.004t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.003t1590.005t1591t1592t1592.001t1593t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploit kittanner exploitstanner interactionstargeted scantargeting databasetcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationtelecommunicationstelnettelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligenceti advisorytimeouttokyotor nodetorontotpottpotcetsectsocudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized probingunauthorized scanningunit coverunited kingdomunited statesunited states of americaunixunknown threat actorunsolicited port accessusus abuseus noneverified-benignvnc protocolvoice over ipvoipvoip attackvulnerability scanvultr cloud infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activityweb application attackweb application attacksweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwindowswordpotxmasxmas port scanxmas scan

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
35
Reports
First seenOct 16, 2020
Last seenMay 30, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

raw
NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 27 days ago
Appeared in 35 threat reports