IOC Radar
IPMediumSignal 75/100

172.220.160.206

Location
United StatesUnited States
Wilkesboro, North Carolina
ASN
AS20115
Spectrum
First Seen
Mar 12, 2025
Last Seen
Nov 27, 2025
Mar 12
First Seen
456d ago
Nov 27
Last Seen
196d ago
12
Reports
source reports
75%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
75%
Signal Score
75 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

31 techniques

Network Information

CountryUSUnited States
RegionWilkesboro, North Carolina
ASNAS20115
OrganizationSpectrum

Feed Intelligence Summary

12 reports75% confidence
12
Source reports
75%
Confidence score
Category tags
abuseaccess controlactive scanningattackblacklist ipbotnetbrute forcebrute force attackcommand and controlcommunication protocolcompromised credentialsconpot honeypotconpot ics exploitationcowrie activitycowrie honeypotcowrie ssh attackscowrie ssh honeypotcredential accesscredential stuffingdata exfiltrationdatabase securityddos attacksdecoy systemdionaea activitydionaea honeypotdionaea malware analysisdionaea malware collectiondistributed attackselasticpot attackselasticpot honeypotelasticsearch monitoringftp brute forceheralding probeshttp scannerics securityindicatorindustrial control systemsinternet of thingsintrusion detectioniot botnetiot/ics attackmalicious activitymalicious scanmalicious softwaremalwaremalware behaviourmalware capturemirai botnetnetworknetwork attacksnetwork intrusionnetwork scanningnetwork securitynorth americapassword attacksprocess injectionproxy protocolreconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotresearchedresource hijackingscanscannerscanning activitysecurity policysentrypeer activitysentrypeer attackssentrypeer botnetsftp access attemptsftp attacksip brute forcesip scanningssh attackssh monitoringt1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.004t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1592t1595t1595.001t1595.002t1595.003tannertanner exploit kittanner honeypot activitytcp protocoltelecommunicationsthreat actorthreat intelligencethreat preventiontpottpotceunauthorized access attemptunited statesusvoipvoip attackweb traffic

Activity Timeline

1 total obs
Nov 27Nov 27

Threat Activity Heatmap

· Peak: 2025-11-27
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
75
SIGNAL
Signal Score
75%
Confidence
12
Reports
First seenMar 12, 2025
Last seenNov 27, 2025
GeolocationUS
CountryUnited States
LocationWilkesboro, North Carolina
ASNAS20115
OrgSpectrum
Coords36.1359, -81.1573

VirusTotal

Not checked

WHOIS

description
2025-04-07T04:48:17.126Z Honeypot : Tanner : Source: 172.220.160.206 : Port: 80 Post Data: {'version': '0.6.0', 'response': {'message': {'sess_uuid': 'f581840d-d6c3-4c6f-8a37-b876b87fb801', 'detection': {'version': '0.6.0', 'order': 1, 'name': 'index', 'type': 1}}}}
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 6 months ago
Appeared in 12 threat reports