IOC Radar
IPMediumSignal 23/100

173.239.218.178

Location
United StatesUnited States
Los Angeles, California
ASN
AS62240
LogicWeb Inc
First Seen
Jul 25, 2024
Last Seen
Jun 11, 2026
Jul 25
First Seen
697d ago
Jun 11
Last Seen
11d ago
14
Reports
source reports
23%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
23%
Signal Score
23 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

33 techniques

Network Information

CountryUSUnited States
RegionLos Angeles, California
ASNAS62240
OrganizationLogicWeb Inc

IP Category

Proxy
Proxy server

Feed Intelligence Summary

14 reports23% confidence
14
Source reports
23%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney activityadbhoney honeypotantispamapacheapache attackerattackauto-generated securitybad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute-forcecommand and controlcommunication protocolconpot activityconpot honeypotconpot ics attackcowrie activitycowrie honeypotcowrie ssh attackcredential accesscredential harvestingcredential stuffingdata exfiltrationdata store exposuredatabase securityddosddos attackdecoy systemdenial of servicedionaea activitydionaea honeypotdionaea malware detectiondistributed attacksexploitation activityexploited hostftp brute forcehackingics securityidentity & access exploitationindustrial control systemsinjection activityinjection attacksiot securityiot/ics attacklog4jmailoney activitymailoney email spoofingmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork intrusion attemptsnetwork scanningnetwork securitynorth americapassword attacksphishingphishing attackphishing trapprocess injectionproxyreconnaissanceresearchedresource hijackingscannersecurity policysentrypeer activitysentrypeer botnetsentrypeer p2p attacksftp activitysftp attacksftp scanningsip brute forcesip scanningsocial engineeringspamsql injectionssh attackssh monitoringt1021t1021.001t1021.002t1040t1041t1055t1059t1059.003t1071.001t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertanner activitytanner web attacktargeting databasetelecommunicationsthreat actorthreat intelligencethreat preventiontor nodeunited statesusvoipvoip attackweb app attackweb application attackweb exploitationweb spam

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

· Peak: 2026-06-11
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
23
SIGNAL
Signal Score
23%
Confidence
14
Reports
First seenJul 25, 2024
Last seenJun 11, 2026
GeolocationUS
CountryUnited States
LocationLos Angeles, California
ASNAS62240
OrgLogicWeb Inc
Coords38.0291, -121.9620
Proxy

VirusTotal

Not checked

WHOIS

description
2025-03-21T11:12:51.057Z Honeypot : ConPot : Source: 173.239.218.178 : Port: 50100 Data Type: kamstrup_management_protocol Event Type: NEW_CONNECTION
raw
LogicWeb Inc. LOGICWEB (NET-173-239-192-0-1) 173.239.192.0 - 173.239.255.255 Private Customer LOGICWEB (NET-173-239-218-0-1) 173.239.218.0 - 173.239.218.255
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 11 days ago
Appeared in 14 threat reports