IOC Radar
IPMediumSignal 16/100

209.59.168.216

Location
United StatesUnited States
Lansing, Michigan
ASN
AS32244
SourceDNS
First Seen
Dec 22, 2024
Last Seen
Jun 2, 2026
Dec 22
First Seen
537d ago
Jun 2
Last Seen
10d ago
10
Reports
source reports
16%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
16%
Signal Score
16 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

38 techniques

Network Information

CountryUSUnited States
RegionLansing, Michigan
ASNAS32244
OrganizationSourceDNS

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

10 reports16% confidence
10
Source reports
16%
Confidence score
Category tags
active scanactive scanninganonymization networkanonymization network iocsanonymization network usageanonymous attack sourceanonymous proxyanonymous_proxyauthentication attemptsautomated attackbad reputationbrute forcebrute force attemptsbrute-force attackbrute_forcecommunication protocolcredential accesscredential attackcredential guessingcredential stuffingcredential_accesscredential_guessingcredential_stuffingdata encryptionencryptioneuropeevasionexploitation activityexternal proxyfinlandfranceftpftp brute forceftp_brute_forcegermanyhoneynet connecthttp brute forcehttp scannerhttp_brute_forcehttpsidentity & access exploitationindicatorindicatorsindicators of compromiseindicators_of_compromiseinformation technologyinitial_accessinternet_background_noiseiocit infrastructurelateral movementlogin attemptmalicious activitymalicious ip addressesmalicious trafficmalicious_ipsmalicious_trafficmalwaremssql_brute_forcenetworknetwork enumerationnetwork intrusionnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork_attacknetwork_enumerationnetwork_reconnaissancenorth americaopportunistic_attackerpassword attackpolandprotocol exploitationproxyproxy ip addressesproxy networkproxy_trafficrdp_brute_forcereconnaissanceremote accessremote servicesresearchedscanning activitysecurity operationssmb brute forcesmtp brute forcesmtp_brute_forcesoftware developmentssh attackssh_brute_forcet1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1046t1059t1059.001t1059.003t1059.004t1068t1071.001t1076t1077t1078t1087t1090t1090.002t1090.003t1110t1110.001t1110.002t1133t1190t1486t1499.002t1563t1564.004t1590t1590.005t1592t1595t1595.001t1595.002t1595.003tcp scantelnet threatthreat activitythreat actorthreat intelligencetortor nodetor node indicatorstor_trafficudp scanunauthorized access attemptunited statesusvpnvpn ip addressesvpn_trafficweb application scanningweb brute forceweb traffic

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
16
SIGNAL
Signal Score
16%
Confidence
10
Reports
First seenDec 22, 2024
Last seenJun 2, 2026
GeolocationUS
CountryUnited States
LocationLansing, Michigan
ASNAS32244
OrgSourceDNS
Coords42.7329, -84.5555
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Anonymization_Network indicators. Date: Apr 8, 2026. Part 2/5. For more threat intelligence visit https://ltna.com.au/cyber
raw
NetRange: 209.59.128.0 - 209.59.191.255 CIDR: 209.59.128.0/18 NetName: LIQUIDWEB NetHandle: NET-209-59-128-0-1 Parent: NET209 (NET-209-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Liquid Web, L.L.C (LQWB) RegDate: 2004-07-27 Updated: 2016-12-19 Ref: https://rdap.arin.net/registry/ip/209.59.128.0 OrgName: Liquid Web, L.L.C OrgId: LQWB Address: 4210 Creyts Rd. City: Lansing StateProv: MI PostalCode: 48917 Country: US RegDate: 2001-07-20 Updated: 2020-04-29 Ref: https://rdap.arin.net/registry/entity/LQWB ReferralServer: rwhois://rwhois.liquidweb.com:4321 OrgAbuseHandle: ABUSE551-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-800-580-4985 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE551-ARIN OrgTechHandle: IPADM47-ARIN OrgTechName: IP Administrator OrgTechPhone: +1-800-580-4985 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/IPADM47-ARIN RTechHandle: IPADM47-ARIN RTechName: IP Administrator RTechPhone: +1-800-580-4985 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/IPADM47-ARIN

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 10 days ago
Appeared in 10 threat reports