IOC Radar
IPMediumSignal 76/100

162.142.125.92

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Oct 17, 2020
Last Seen
Jun 10, 2026
Oct 17
First Seen
2076d ago
Jun 10
Last Seen
14d ago
33
Reports
source reports
76%
Confidence
medium
Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
76%
Signal Score
76 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

101 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

33 reports76% confidence
33
Source reports
76%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive reconnaissanceactive scanactive scanningadb scanningadbhoney activityadbhoney honeypotadministrative accessagentalertapplication layer protocolasiaattackattack attemptattack surface discoveryattack vectorsattacker ipaustraliaauthentication attacksauthentication attemptsauto-generated securityautomated activityautomated attackbad ip'sbad reputationbad web botblacklist candidateblacklist ipblacklisted ipblacklisted ip addressblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcec2c2 communicationc2 servercanadacensys-benigncertchina mobilecins activecisco devicecisco device targetingcisco exploit attemptcisco exploitation attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnect scanconpot activityconpot emulationconpot honeypotconpot ics attacksconpot ics exploitationconpot interactioncontainer securitycowriecowrie activitycowrie attackscowrie detected activitycowrie emulationcowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcredential accesscredential attackcredential brute forcecredential brute-forcingcredential guessingcredential harvestingcredential stuffingcredential_attackctacurlcvecyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdenial of servicedevice managementdictionary_attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaea activitydionaea attackdionaea attacksdionaea emulationdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdshield blockelasticpot activityelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringencryptionenterprise networkingenumerationet dropeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitationexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackexternal network scanexternal reconnaissanceexternal scanexternal scanningexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall detection probefirewall evasionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcefull connect scangalahgluttongopothackinghellpotheralding activityheralding attacksheralding attemptsheralding probeshk abusehandlerhoneytrap activityhoneytrap emulationhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpsicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_access_attemptinjection activityinjection attacksinternet facing assetinternet facing assetsinternet of thingsinternet-facinginternet-facing assetsinternet-wide scaninternet_scaninternet_scannersintrusion detectioniociot botnetiot securityiot targetediot/ics attackip-addressesipmi scanningipphoney activityipphoney honeypotipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 iocipv4 port scanningipv4 scanningipv4 threatsipv4-iocjapankfsensor honeypotkibanalamplamp attacklamp exploit attemptlamp exploitation attemptlamp exploitation attemptslamp stack targetinglamp vulnerability exploitationlateral movementlisted sourcelog4potmail protocol attacksmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmalicious activitymalicious file transfermalicious ip activitymalicious ip detectedmalicious ip listmalicious ipsmalicious login attemptsmalicious network activitymalicious scanmalicious softwaremalicious trafficmalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmanualmass scanningmasscanmasscan activitymedpotmelbourne regionmicrosoft technologiesmirai botnetmssqlnetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork trafficnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_enumerationnetwork_probingnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port identificationopen_port_discoveryoperating systemoperating system securityopportunistic attackeros credential dumpingos detectionos fingerprintingos fingerprinting attemptp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpassword_attackpgp signphishingphishing attackphishing trappingping of deathpoor reputationportpossible exploit attemptspossible malicious activitypossible malware distributionpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpossible vulnerability scanningpotential exploit targetingpotential malicious activitypotential malwarepotential malware propagationpotential reconnaissance activitypotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobable vulnerability assessmentprocess injectionprotoprotocol exploitationproxyproxy accessproxy protocolransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrpcrtbhsansscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer attackssentrypeer botnetsentrypeer datasentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftpsftp access attemptsftp activitysftp attacksftp intrusion attemptsftp scanningshell accessshell access attemptsipsip attackssip brute forcesip scanningsip vulnerability scansippsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringstealth scansurface websuricata alertsuricata alertssuspected malicious activitysynsyn port scansyn scansystem discoverysystem disruptiont1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1205t1210t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003t1608tannertanner activitytanner detected activitytanner eventstanner exploit kittanner exploitstanner honeypot activitytanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationstelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligencetimeouttokyotor nodetorontotpottpotcetsecudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized login attemptsunauthorized network activityunauthorized probingunauthorized scanningunited kingdomunited statesunited states of americaunknown threat actorunsolicited port accessusus abuseus noneverified-benignvnc protocolvoipvoip attackvulnerability scanvultr cloud infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activityweb application attackweb application attacksweb attackweb exploitationweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwgetwordpotxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
76
SIGNAL
Signal Score
76%
Confidence
33
Reports
First seenOct 17, 2020
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
raw
NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://example.com

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 14 days ago
Appeared in 33 threat reports