IOC Radar
IPMediumSignal 69/100

162.142.125.89

Location
United StatesUnited States
Ann Arbor, Michigan
ASN
AS398324
Censys Inc
First Seen
Oct 16, 2020
Last Seen
Jun 9, 2026
Oct 16
First Seen
2078d ago
Jun 9
Last Seen
17d ago
32
Reports
source reports
69%
Confidence
medium
Found in 32 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

100 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Michigan
ASNAS398324
OrganizationCensys Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

32 reports69% confidence
32
Source reports
69%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive scanactive scanningadbhoney activityadbhoney honeypotadministrative accessamerican expressapplication layer protocolasiaattackattack attemptattack surface discoveryattack vectorsattacker ipaustraliaauthentication abuseauthentication attackauthentication attacksauthentication attemptsauto-generated securityautomated activityautomated attackbad ip'sbad reputationbad web botblacklist candidateblacklist ipblacklisted ipblacklisted ip addressblock listbotnetbotnet activitybrutebrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force attemptsbrute-forcebrute_forcec2c2 communicationc2 servercanadacdn77censys-benigncertchina mobilecisco devicecisco exploit attemptcisco exploitation attemptscloud environmentcloud infrastructurecloud infrastructure attackcloud infrastructure targetcloud providercloud servicescode executioncolumnscommand & controlcommand and controlcommand executioncommand injectioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised hostscompromised systemsconnect scanconpot activityconpot honeypotconpot ics attackconpot ics attackscontainer securitycowriecowrie activitycowrie attackscowrie honeypotcowrie interactionscowrie logscowrie ssh attackcowrie ssh attackscredential accesscredential attackcredential brute forcecredential brute-forcingcredential compromisecredential guessingcredential harvestingcredential stuffingcredential_accessctacurlcvecyber securitycyberattackdata encryptiondata exfiltrationdata store exposuredata theftdatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attack indicatorsddos attacksddos preparationddos probeddospotdecoy systemdenial of servicedevice managementdictionary attackdigital oceandigitalocean environmentdigitalocean infrastructuredionaea activitydionaea attackdionaea attacksdionaea exploitsdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware detectiondionaea malware samplesdionaea payloadsdirectory traversal attemptdistributed attacksdnsdns attackdockere-commerceelasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationeuropeexecutable fileexfiltrationexploitexploit attemptexploit attemptsexploit kit activityexploit probingexploit targetingexploitation activityexploitation attemptexploitation attemptsexploitation of vulnerabilityexploited hostexpressexternal attackexternal network scanexternal reconnaissanceexternal scanexternal scanningexternal threatexternal-threatexternal_threatextortionfailed login attemptsfattfatt analysisfatt detectionsfatt signaturesfilefinfin port scanfin scanfirewall evasionfirewall probingfrancefraudfraud voipftpftp attackftp attacksftp brute forceftp brute-forcegalahgithubglobalgluttongopothackinghellpotheralding activityhk abusehandlerhoneytrap activityhoneytrap eventshoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshoneytrap logshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpshuaweiicmpics securityidentity & access exploitationimapindicatorindicators of compromiseindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure scanninginfrastructure targetinginitial accessinitial access attemptinitial access preparationinitial access vectorinitial_access_attemptinjection activityinjection attacksinsaneinternet facing assetsinternet of thingsinternet wide scaninternet-facinginternet-facing assetsinternet-wide scaninternet_scaninternet_scannersintrusion detectioniociot botnetiot securityiot targetediot/ics attackip-addressesipphoney honeypotipv4ipv4 activityipv4 addressesipv4 indicatorsipv4 iocipv4 scanningipv4 threatsipv4-iocipv4_addressjamaicajapankalikfsensor honeypotkibanalamplamp attacklamp exploitlamp server attacklamp server targetlamp stack targetinglateral movementlinuxlog4potlvmailoney activitymailoney attacksmailoney email spoofingmailoney eventsmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious file transfermalicious ip activitymalicious ip detectedmalicious ipsmalicious ipv4malicious network activitymalicious network trafficmalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalicious_activitymalwaremalware activitymalware analysismalware behaviourmalware capturemalware deliverymalware delivery attemptmalware distributionmalware downloadmalware propagationmalware scanningmanualmass port scanmass port scanningmass scanningmediummedpotmelbourne regionmicrosoft technologiesmirai botnetmodbus scanningmssqlnation-state activitynetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probenetwork probingnetwork protocolnetwork reconnaissancenetwork reconnaissance activitynetwork scannetwork scanningnetwork scanning activitynetwork securitynetwork service discoverynetwork service scanningnetwork servicesnetwork traffic analysisnetwork-based attack attemptsnetwork-discoverynetwork_enumerationnetwork_intrusionnetwork_reconnaissancenetwork_scannetwork_scanningnetworkscanningnmap scannorth americanull port scannull scanoceaniaopen port detectionopen port discoveryopen port enumerationopen port identificationopen portsopen_port_discoveryoperating systemoperating system securityopportunistic attackeros credential dumpingos detectionos fingerprintingp0fp0f fingerprintingp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trapphpping of deathpossible exploit attemptspossible malicious activitypotential attack vectorpotential credential compromisepotential intrusion attemptpotential malicious activitypotential threatpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanprivilege escalationprobable vulnerability assessmentprobing activityprocess injectionprotocol exploitationproxyproxy accessproxy protocolpythonransomwareransomware activityrdprdp attacksrdp scanningreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityredishoneypot activityremote accessremote access attackremote code executionremote servicesresearchedresource hijackingretailrpcrtbhs7comm scanningsansscada attacksscams & fraudscanscannerscanner ipscanner ipsscannersscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer detectionsentrypeer eventssentrypeer interactionssentrypeer p2p attackserverserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionservice_enumerationsftpsftp access attemptsftp activitysftp attacksftp attemptssftp intrusion attemptsftp scanningshadowshell accessshell access attemptsipsip attackssip brute forcesip scansip scanningsip vulnerability scansippslugsmb brute forcesmb scanningsmtpsmtp attacksmtp attackssmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradarsoftware exploitationsourcespamsql injectionsql injection attemptsql injection attemptssshssh attackssh attacksssh monitoringssh scanstealthstealth scanstealth scan techniquessurface websuricata alertsuricata alertssuspected malicious activitysynsyn port scansyn scansystem discoverysystem disruptiont1005t1016t1016.001t1016.002t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1053t1053.005t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.003t1078.004t1083t1087t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1199t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.002t1590.003t1590.005t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner eventstanner exploitstanner interactionstanner web attacktargeting databasetcp protocoltcp scantcp scanningtcp/iptcp_scantelecommunicationtelecommunicationstelnettelnet attackstelnet threatthreat actorthreat detectionthreat feedthreat intelligencethreat intelligence feedthreat preventionthreat-intelligencethreat_intelligencetimeouttokyotor nodetorontotpottpotcetsecudp port scanudp scanudp_scanunattributed activityunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized activityunauthorized login attemptunauthorized network activityunauthorized probingunited kingdomunited statesunited states of americaunixunknown threat actorunsolicited network probeusus abuseus noneverified-benignvnc protocolvoipvoip attackvoip securityvulnerability scanvultr infrastructure targetedvultr-platformvultr_platform_activityweb application attackweb application attacksweb attackweb exploitationweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwestpac new zealandwgetwindow scanwindowswordpotxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Jun 9Jun 9

Threat Activity Heatmap

· Peak: 2026-06-09
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
32
Reports
First seenOct 16, 2020
Last seenJun 9, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Michigan
ASNAS398324
OrgCensys Inc
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
raw
NetRange: 162.142.125.0 - 162.142.125.255 CIDR: 162.142.125.0/24 NetName: CENSY NetHandle: NET-162-142-125-0-1 Parent: NET162 (NET-162-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2020-06-12 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/162.142.125.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN
references
https://github.com/telekom-security/tpotce, https://example.com, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 5 years ago · Last seen 17 days ago
Appeared in 32 threat reports