IOC Radar
IPMediumSignal 75/100

162.142.125.91

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Oct 16, 2020
Last Seen
May 30, 2026
Oct 16
First Seen
2077d ago
May 30
Last Seen
26d ago
33
Reports
source reports
75%
Confidence
medium
Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

104 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

33 reports75% confidence
33
Source reports
75%
Confidence score
Category tags
abuseaccessaccess attemptaccess controlaccount compromiseaccount discoveryaccount securityackack scanactive reconnaissanceactive scanactive scanningactor listadb scanningadbhoney activityadbhoney honeypotadministrative accessamerican expressamerican express companyapplication layer protocolapplication scanningaptasiaattackattack attemptattack source ipattack surface discoveryattack vectorsattacker ipattacker-ipaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated activityautomated attackbad ip'sbad reputationbad web botbanner grabbing attemptblacklist candidateblacklisted ip addressblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationc2 servercanadacensys-benigncertchinachina mobileciscocisco devicecisco exploitation attemptcisco exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommon password attackscommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemcompromised systemsconfiguration manipulationconfiguration modificationconnect scanconpotconpot activityconpot honeypotconpot ics attacksconpot ics exploitationcontainer securitycowriecowrie activitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential brute forcecredential brute-forcecredential brute-forcingcredential bruteforcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential_accesscron injectionctacurlcvecyber threatscyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attack sourceddos attacksddos probeddospotdecoy systemdenialdenial of servicedevice managementdictionary attackdigital oceandigitalocean environmentdionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot activityelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackexternal network scanexternal reconnaissanceexternal scanexternal scanningexternal threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfinancefinancial servicesfirewall detectionfirewall evasionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcegalahgithubgluttongopothackinghellpotheralding activityheralding attacksheralding probeshk abusehandlerhomehoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpshuaweiicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure discoveryinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_access_attemptinjection activityinjection attacksinternal scaninternet facing assetinternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-wide scaninternet_scaninternet_scannersintrusion detectioninvalid login attemptsiociosiot botnetiot securityiot targetediot/ics attackip-addressesipmi scanningipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressesipv4 hostsipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4_addressjapankfsensor honeypotkibanalamplamp attacklamp attackslamp server targetlamp stack targetinglatamlateral movementlcialinuxlog4potlogin attemptslogin brute forcemailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious communication blockingmalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious_activitymalwaremalware activitymalware analysismalware beaconingmalware behaviourmalware capturemalware deliverymalware detectionmalware distributionmalware distribution attemptsmalware downloadmalware installationmalware propagationmalware propagation attemptmanualmass scanningmass scanning activitymasscanmasscan activitymedpotmelbourne regionmicrosoft technologiesmirai botnetmisp threatmobile threatmodule loadingmssqlnation-state activitynetworknetwork activitynetwork attacksnetwork devicesnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork_enumerationnetwork_intrusionnetwork_reconnaissancenetwork_scannetwork_scanningnetwork_services_attacknetworkscanningnmapnmap scannmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port enumerationopen threatopen_port_discoveryoperating systemoperating system securityopportunistic attackeros credential dumpingos detectionos fingerprintingotx pulsenametip0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trapping of deathpinyinpla unitpossible apt activitypossible botnet activitypossible exploit attemptspossible malicious activitypossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpotential credential compromisepotential exploit targetingpotential intrusion attemptpotential malware deploymentpotential reconnaissance activitypotential threat activitypotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobing activityprocess injectionprotocol exploitationproxyproxy accesspythonrandomransomwareransomware activityrcerdp attacksrdp scanningreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotremote accessremote code executionremote servicesreplication attackresearchedresource hijackingrpcrtbhsansscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer eventssentrypeer interactionsserver exploitationserviceservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftpsftp access attemptsftp activitysftp attacksftp attemptssftp scanningsftp_protocolshell accessshell access attemptsingaporesipsip attackssip brute forcesip protocolsip scanningsip_protocolsippslaveofslugsmb brute forcesmb scanningsmtpsmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh key injectionssh monitoringssh_protocolstealthstealth scansurface websuricata alertsuricata alertssynsyn port scansyn scansystem discoverysystem disruptiont-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1029t1040t1041t1046t1047t1053t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1071.004t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1205t1205 traffict1210t1213t1486t1490t1496t1498t1498 networkt1499t1499 endpointt1499.001t1499.002t1499.003t1505t1505.002t1505.003t1505.004t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.002t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003ta0001 initialta0005 defenseta0040 impacttannertanner activitytanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstargeted scantargeting databasetcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationtelecommunicationstelnet attackstelnet scanningtelnet threattelnet_protocolthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligenceti advisorytimeouttokyotor nodetorontotpottpotcetsectsocudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized network activityunauthorized probingunit coverunited kingdomunited statesunited states of americaunknown threat actorusus abuseus noneuserverified-benignvnc protocolvoipvoip attackvoip security threatvulnerability scanvultr cloud infrastructurevultr infrastructure targetedvultr_platform_activityweb application attackweb application attacksweb attackweb exploitationweb exploitsweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwells fargo bankwestpac new zealandwgetwindow scanwordpotxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
33
Reports
First seenOct 16, 2020
Last seenMay 30, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

raw
NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
references
https://redpiranha.net, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://list.rtbh.com.tr/output.txt, https://example.com, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 26 days ago
Appeared in 33 threat reports