IPMediumSignal 100/100

`206.168.34.168`

Location

United States

Ann Arbor, Illinois

First Seen

Mar 29, 2024

Last Seen

Apr 9, 2026

Mar 29

First Seen

815d ago

Apr 9

Last Seen

75d ago

Reports

source reports

99%

Confidence

medium

Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

97 techniques

Network Information

Country

United States

RegionAnn Arbor, Illinois

OrganizationCensys, Inc.

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

28 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseaccess controlaccount brute forceaccount compromiseaccount discoveryaccount securityackack scanactive scanactive scanningadbhoney honeypotadministrative accessamerican express companyapacheapache attackerapplication scanningasiaattackaustraliaauthentication attacksbad reputationbad web botblacklist candidateblacklist ipblacklisted ipblock listbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsc2c2 communicationchina mobileciscocisco attackcisco devicecisco exploit attemptcisco exploitation attemptcisco exploitation attemptscode executioncolumnscommand & controlcommand and controlcommand executioncommand injection attemptcommon credential attemptscommunication protocolcompany limitedcompromised credentialscompromised credentials attemptcompromised hostcompromised systemsconnect scanconpotconpot honeypotconpot ics exploitationconpot interactioncontainer securitycowriecowrie activitycowrie attackscowrie honeypotcowrie interactioncowrie interactionscowrie ssh attackcowrie ssh attackscowrie ssh honeypotcowrie ssh logscredential accesscredential brute-forcingcredential harvestingcredential stuffingcredentialscsvctacurldata encryptiondata exfiltrationdata store exposuredatabase attackdatabase attacksdatabase login attemptdatabase securitydcerpcdcom exploitationddosddos attackddos attacksddos participationddos probeddospotdecoy systemdenial of servicedevice managementdionaeadionaea activitydionaea exploitsdionaea honeypotdionaea interactionsdionaea malware analysisdionaea malware collectiondionaea malware samplesdirectory traversal attemptdistributed attacksdnsdns attackdockerelasticpot attackselasticpot honeypotelasticsearchelasticsearch monitoringemailencryptionenterprise networkingenumerationenumeration activitiesexecutable fileexfiltrationexploitexploit activityexploit attemptexploit attemptsexploit targetingexploitationexploitation activityexploitation attemptsexploitation of vulnerabilityexploited hostexternal network scanexternal scanextortionfailed login attemptsfattfatt signaturesfilefinfin port scanfin scanfirewall detectionfirewall evasionftpftp attackftp brute forceftp brute-forcegalahgithubgluttongopothackinghellpotheralding activityheralding attemptsheralding probeshk abusehandlerhoneytrap activityhoneytrap exploit attemptshoneytrap honeypothoneytrap interactionshong konghttp attackhttp brute forcehttp probinghttp scannerhttp scanninghttpshuaweiicmpics securityidentity & access exploitationids evasionimapindicatorindustrial control systemsinformation gatheringinformation technologyinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinternal scaninternet of thingsintrusion attemptintrusion detectioniociosiot botnetiot securityiot targetediot/ics attackipphoney honeypotkibanalamplamp attacklamp exploit attemptlamp exploitation attemptslamp stack targetinglamp vulnerability exploitationlateral movementlog4potlogin attackmailoney activitymailoney honeypotmailoney interactionsmaimon scanmalicious activitymalicious domainmalicious file transfermalicious ip activitymalicious network activitymalicious scanmalicious softwaremalwaremalware analysismalware behaviourmalware capturemalware distributionmalware distribution attemptsmalware downloadmalware propagationmanualmass port scanmasscanmasscan activitymedpotmicrosoft technologiesmirai botnetmobile threatmssqlnation-state activitynetworknetwork attacksnetwork discoverynetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork mappingnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnmapnmap scan detectednorth americanull port scannull scanoceaniaopen port detectionopen port enumerationopen port identificationoperating systemoperating system securityos detectionos fingerprintingp0fp0f network fingerprintingp0f os fingerprintingp0f passive fingerprintingp0f signaturespassword attackspassword crackingpassword sprayingpgp signphishingphishing attackphishing trapping of deathpossible compromisepossible malware distributionpossible reconnaissancepossible reconnaissance activitypossible vulnerability probingpossible vulnerability scanpotential exploit targetingpotential intrusion attemptpotential malwarepotential malware deploymentpotential reconnaissance activitypotential threatpotential vulnerability assessmentpotential vulnerability exploitationpotential vulnerability probingpotential vulnerability scanpotential vulnerability scanningprivilege escalationprocess injectionprotocol exploitationproxyproxy accessproxy protocolpythonransomwarereconnaissancereconnaissance activityredis exploitation attemptredis exploitation attemptsredis honeypotremote accessremote servicesresearchedresource hijackingrpcscanscannerscanning activityscripting attackssecurity eventsecurity operationssecurity policysensor-taggedsentrypeer attackssentrypeer botnetsentrypeer detectionsentrypeer interactionsserver exploitationservice detectionservice discoveryservice enumerationservice probingservice scanservice version detectionsftpsftp access attemptsftp activitysftp attacksftp attemptsftp scanningshell accessshell access attemptsipsip brute forcesip scanningsip vulnerability exploitationsip vulnerability scansippslugsmtpsmtp brute forcesmtp probingsmtp scanningsnaresocial engineeringsocradar honeypotsoftware exploitationsql injectionsql injection attemptsshssh attackssh monitoringstealth scansurface websuricata alertsuricata alertssuspected malicious activitysweep scansynsyn port scansyn scansystem discoverysystem disruptiont1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1027t1040t1041t1046t1047t1053t1055t1056.001t1059t1059.001t1059.003t1059.004t1059.007t1068t1069.001t1071t1071.001t1076t1077t1078t1078.001t1078.002t1078.004t1083t1087t1087.001t1087.002t1087.003t1088t1110t1110.001t1110.002t1110.003t1110.004t1133t1134t1187t1189t1190t1195t1203t1204t1204.002t1210t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505t1505.002t1550t1550.002t1550.003t1555t1562t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1587.001t1588t1588.002t1588.006t1589t1589.002t1590t1590.001t1590.002t1592t1592.004t1595t1595.001t1595.002t1595.003tannertanner exploit attemptstanner exploit kittanner honeypot activitytanner interactionstargeting databasetcp protocoltcp scantcp scanningtelecommunicationtelecommunicationstelnet threattextthreat actorthreat detectionthreat feedthreat intelligencethreat preventiontimeouttor nodetpottpotcetsecudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized login attemptunauthorized probingunauthorized scanningunited statesunited states of americaunsolicited network probeusus abuseus nonevnc protocolvoipvoip attackvulnerability scanweb application attackweb application attacksweb attackweb exploitationweb login attemptweb shellweb shell attemptweb shell detectionweb shell uploadweb trafficwells fargo bankwgetwindow scanwordpotxmasxmas port scanxmas scanxml

Activity Timeline

1 total obs

Apr 9Apr 9

Threat Activity Heatmap

· Peak: 2026-04-09

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenMar 29, 2024

Last seenApr 9, 2026

GeolocationUS

CountryUnited States

LocationAnn Arbor, Illinois

OrgCensys, Inc.

Coords41.8781, -87.6298

Proxy

VirusTotal

Not checked

WHOIS

description: Observed on T-Pot within last 24h; sensors=p0f, suricata; threshold?1; private IPs excluded.
raw: NetRange: 206.168.32.0 - 206.168.35.255 CIDR: 206.168.32.0/22 NetName: CENSY NetHandle: NET-206-168-32-0-1 Parent: NET206 (NET-206-0-0-0-0) NetType: Direct Allocation OriginAS: AS398324 Organization: Censys, Inc. (CENSY) RegDate: 2022-10-26 Updated: 2024-03-29 Ref: https://rdap.arin.net/registry/ip/206.168.32.0 OrgName: Censys, Inc. OrgId: CENSY Address: 116 1/2 S Main Street City: Ann Arbor StateProv: MI PostalCode: 48104 Country: US RegDate: 2018-08-06 Updated: 2019-08-03 Comment: https://censys.io Ref: https://rdap.arin.net/registry/entity/CENSY OrgNOCHandle: COT12-ARIN OrgNOCName: Censys Operations Team OrgNOCPhone: +1-248-629-0125 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgTechHandle: COT12-ARIN OrgTechName: Censys Operations Team OrgTechPhone: +1-248-629-0125 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/COT12-ARIN OrgAbuseHandle: CAT20-ARIN OrgAbuseName: Censys Abuse Team OrgAbusePhone: +1-248-629-0125 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/CAT20-ARIN

`206.168.34.168`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey