IOC Radar
IPMediumSignal 75/100

162.142.125.95

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Oct 16, 2020
Last Seen
Jun 10, 2026
Oct 16
First Seen
2075d ago
Jun 10
Last Seen
13d ago
33
Reports
source reports
75%
Confidence
medium
Found in 33 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

93 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

33 reports75% confidence
33
Source reports
75%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityaccount takeover attemptsackack scanactive reconnaissanceactive scanactive scanningadbhoney honeypotadbhoney interactionsadministrative accessagentalertamerican expressamerican express companyapacheapache attackerapplication layer protocolaptasiaattackattack attemptattack surface discoveryattack vectorsattacker ipaustraliaauthentication attacksauthentication attemptsauthentication bypassauto-generated securityautomated activityautomated attackautomated attacksautomated threat activitybad ip'sbad reputationbad web botblacklist candidateblacklist ipblacklisted ip addressblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationc2 servercanadacensys-benigncertchina mobilecins activeciscocisco devicecisco exploitation attemptcisco exploitation attemptscitrix exploitation attemptscitrix securitycloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnect scanconpot activityconpot exploitation attemptsconpot honeypotconpot interactionscontainer securitycowriecowrie activitycowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential attackcredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential_accesscredential_attack_attemptcredentialsctacvecyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase securitydcom exploitationddosddos attackddos attack indicatorsddos attacksddos probeddospotdecoy systemdenial of servicedevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaeadionaea activitydionaea attacksdionaea honeypotdionaea interactiondionaea interactionsdionaea malware collectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockerdosdshield blockelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenterprise securityenumerationenumeration attemptet dropeuropeexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexternal attackexternal network scanexternal scanningexternal threatexternal-threatexternal_threatfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall detection probefirewall evasionfrancefraud voipftpftp attackftp attacksftp brute forceftp brute-forcegalahgithubgluttongopothackinghellpotheralding activityhk abusehandlerhoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpshuaweiicmpics securityics/scada attacksidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access preparationinitial access vectorinjection activityinjection attacksinternet facing assetinternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-wide scaninternet_scaninternet_scannersintrusion detectioniociosiot botnetiot exploit attemptsiot securityiot targetediot/ics attackip-addressesipphoney honeypotipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 iocsipv4 port scanningipv4 scanningipv4 threatsipv4-iocipv4_addressipv4_attackersit infrastructurejapankfsensor honeypotkibanalamplamp attacklamp attackslamp exploitlamp exploitationlamp server targetlamp stack targetinglamp vulnerability scanninglateral movementlisted sourcelog4potlogin attackmailoney activitymailoney attacksmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious file transfermalicious ip activitymalicious ip listmalicious ipsmalicious ipv4malicious network activitymalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware detectionmalware distributionmalware distribution attemptsmalware downloadmalware propagationmalware propagation attemptmanualmass scanningmasscanmassive port scanmedpotmelbourne regionmicrosoft technologiesmirai botnetmobile threatmssqlnation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork security monitoringnetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_enumerationnetwork_intrusionnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmapnorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port enumerationopen_port_discoveryoperating systemoperating system securityopportunistic attackeros detectionos fingerprintingos fingerprinting attemptp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trappingping of deathpolandpoor reputationportpossible botnet activitypossible exploit attemptspossible malware distributionpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanningpotential botnet activitypotential credential compromisepotential intrusionpotential intrusion attemptpotential reconnaissance activitypotential threat activitypotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobable vulnerability assessmentprocess injectionprotoprotocol exploitationproxyproxy protocolpythonransomwareransomware activityrdp attacksrdp scanningreconnaissancereconnaissance activityredis honeypotremote accessremote access attackremote code executionremote servicesresearchedresource hijackingrpcrtbhsansscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftpsftp activitysftp attacksftp attackssftp attemptsftp scanningsipsip attackssip brute forcesip scanningsip vulnerability exploitationslugsmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware developmentsoftware exploitationspamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringstealth scansurface websuricata alertsuricata alertssuspected malicious activitysynsyn port scansyn scansystem accesssystem discoveryt1005t1016t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.006t1027t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.005t1059.006t1059.007t1059.008t1068t1069.001t1071t1071.001t1076t1077t1078t1078.002t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1195t1203t1204t1204.002t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploit attemptstanner exploitstanner interactionstargeting databasetcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationtelecommunicationstelnet attackstelnet scanningtelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligencetimeouttokyotokyo_japantor nodetorontotpottpotcetsecudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized network activityunited kingdomunited statesunited states of americaunknown threat actorusus abuseus noneverified-benignvnc protocolvoipvoip attackvoip securityvulnerability scanvultr cloud infrastructurevultr infrastructure targetedvultr-platformvultr_platform_activitywazuhweb application attackweb application attacksweb application scanningweb attackweb exploitationweb exploitsweb shell attemptweb shell detectionweb shell uploadweb trafficwells fargo bankwestpac new zealandwindow scanwordpotxmasxmas port scanxmas scanzmap

Activity Timeline

1 total obs
Jun 10Jun 10

Threat Activity Heatmap

· Peak: 2026-06-10
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
33
Reports
First seenOct 16, 2020
Last seenJun 10, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
raw
NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
references
https://github.com/telekom-security/tpotce, https://feeds.dshield.org/feeds/topips.txt, https://feeds.dshield.org/feeds/top10.txt, https://feeds.dshield.org/feeds/block.txt, https://jamesbrine.com.au/vultrwarsaw-sip-bruteforce-ip-list-2025-09-14/, https://jamesbrine.com.au, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 13 days ago
Appeared in 33 threat reports