IOC Radar
IPMediumSignal 100/100

206.168.34.161

Location
United StatesUnited States
Ann Arbor, Illinois
First Seen
Mar 29, 2024
Last Seen
Mar 23, 2026
Mar 29
First Seen
815d ago
Mar 23
Last Seen
92d ago
26
Reports
source reports
99%
Confidence
medium
Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
99%
Signal Score
100 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

97 techniques

Network Information

CountryUSUnited States
RegionAnn Arbor, Illinois
OrganizationCensys, Inc.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

26 reports99% confidence
26
Source reports
99%
Confidence score
Category tags
abuseaccess controlaccount compromiseaccount securityackack scanactive scanningadbhoney honeypotadministrative accessamerican expressamerican express companyanomalous network connectionsasiaattackaustraliaauthentication attacksauthentication bypassauto-generated securitybad web botblacklist candidateblacklist ipblacklisted ipblock listblock.txtbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationchina mobileciscocisco devicecloud infrastructurecloud infrastructure attackcloud servicescode executioncolumnscommand and controlcommand executioncommand injection attemptcommunication protocolcommunication securitycompany limitedcompromised hostcompromised systemsconnect scanconpot activityconpot honeypotconpot ics attackscowriecowrie activitycowrie detected activitycowrie honeypotcowrie interactionscowrie ssh attackcowrie ssh attackscredential accesscredential brute-forcingcredential harvestingcredential stuffingcurldaily_sourcesdata encryptiondata exfiltrationdata exfiltration attemptdatabase attackdatabase attacksdatabase brute forcedatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attacksddos participationddos probeddospotdecoy systemdenial of servicedenial-of-service attemptdevice managementdictionary attackdionaeadionaea activitydionaea attackdionaea honeypotdionaea interactionsdionaea malware collectiondionaea malware samplesdirectory traversal attemptdistributed attacksdnsdockerelasticpot honeypotelasticsearchelasticsearch monitoringemailenterprise networkingenumerationeuropeexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit targetingexploitation attemptsexploitation of vulnerabilityexploited hostexternal network scanexternal scanextortionfailed login attemptsfattfatt signaturesfinfin port scanfin scanfirewall detectionfirewall evasionfirewall probingftpftp attackftp brute forceftp brute-forcefull connect scangalahgithubgluttongopothackinghellpotheralding activityhk abusehandlerhoneytrap activityhoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp request anomalieshttp scannerhttp scanninghttpshuaweihurricane usics securityimapindicatorindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection attacksinternet of thingsintrusion detectioniociosiot botnetiot targetediot/ics attackipphoney honeypotipv4kfsensor honeypotkibanalamplamp exploitation attemptlamp server targetlamp stack targetinglateral movementlog4potmailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious domainmalicious file transfermalicious ip activitymalicious ip detectedmalicious network activitymalicious scanmalicious sftp activitymalicious sip activitymalicious softwaremalicious ssh activitymalicious trafficmalwaremalware behaviourmalware capturemalware distributionmalware distribution attemptsmalware downloadmalware propagationmalware scanningmanualmass scanningmasscanmedpotmicrosoft technologiesmirai botnetmssqlnetworknetwork activitynetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork port scanningnetwork probingnetwork protocolnetwork reconnaissancenetwork scannetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnetwork_reconnaissancenmapnorth americanull port scannull scanoceaniaopen port detectionopen port identificationoperating systemoperating system securityos detectionos fingerprintingp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackpassword attackspassword sprayingpgp signphishingphishing attackphishing trappolandpossible botnet activitypossible malware distributionpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpotential attack vectorpotential credential compromisepotential intrusion attemptpotential malicious activitypotential malware distributionpotential reconnaissance activitypotential threat activitypotential vulnerability assessmentpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprobing activityprocess injectionprotocol exploitationproxyproxy accessproxy protocolpythonransomwarereconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotredis honeypot activityremote accessremote access attemptsremote servicesresearchedresource hijackingrpcrtbhscanscannerscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer activitysentrypeer botnetsentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice version detectionsftpsftp activitysftp attacksftp intrusion attemptsftp scanningshell accessshell access attemptsipsip brute forcesip scanningsip vulnerability exploitationsippslugsmtpsmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradar honeypotsoftware exploitationsql injectionsql injection attemptsshssh attackssh monitoringssh scanningstealthstealth scansurface websuricata alertsuricata alertssweep scansynsyn port scansyn scansystem disruptiont1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1027t1040t1041t1046t1047t1048t1053t1055t1056t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1065t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1105t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204.002t1205t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.002t1592t1595t1595.001t1595.002t1595.003tannertanner activitytanner detected activitytanner interactionstcp protocoltcp scantcp scanningtelecommunicationtelecommunicationstelnet threatthreat actorthreat actor activitythreat detectionthreat feedthreat intelligencethreat preventiontimeouttop10.txttopips.txttpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized login attemptunauthorized network activityunauthorized probingunauthorized scanningunited statesunited states of americaunknown groupunsolicited network probeusus abuseus noneversion detectionvnc protocolvoipvoip attackvoip securityweb application attackweb application attacksweb attackweb exploitationweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwells fargo bankwestpac new zealandwgetwindow scanwordpotxmasxmas port scanxmas scan

Activity Timeline

1 total obs
Mar 23Mar 23

Threat Activity Heatmap

· Peak: 2026-03-23
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
100
SIGNAL
Signal Score
99%
Confidence
26
Reports
First seenMar 29, 2024
Last seenMar 23, 2026
GeolocationUS
CountryUnited States
LocationAnn Arbor, Illinois
OrgCensys, Inc.
Coords37.7510, -97.8220
Proxy

VirusTotal

Not checked

WHOIS

description
Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
raw
NetRange: 206.168.32.0 - 206.168.35.255 CIDR: 206.168.32.0/22 NetName: CENSY NetHandle: NET-206-168-32-0-1 Parent: NET206 (NET-206-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/206.168.32.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN
references
https://redpiranha.net, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://github.com/telekom-security/tpotce, https://example.com, https://list.rtbh.com.tr/output.txt, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, http://cinsscore.com/list/ci-badguys.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 3 months ago
Appeared in 26 threat reports