IOC Radar
IPMediumSignal 55/100

173.239.240.214

Location
United StatesUnited States
Edison, VA
ASN
AS396356
LogicWeb Inc.
First Seen
Mar 18, 2025
Last Seen
Jun 13, 2026
Mar 18
First Seen
464d ago
Jun 13
Last Seen
12d ago
14
Reports
source reports
55%
Confidence
medium
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
55%
Signal Score
55 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

31 techniques

Network Information

CountryUSUnited States
RegionEdison, VA
ASNAS396356
OrganizationLogicWeb Inc.

IP Category

Proxy
Proxy server

Feed Intelligence Summary

14 reports55% confidence
14
Source reports
55%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningactive-attackaptattackbad reputationbad web botbothammerbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute-forcecisco asacisco devicecommand and controlcommunication protocolcowrie honeypotcredential accesscredential stuffingcyberattackdaily-threat-feeddata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedenial-of-servicedevice managementdionaea honeypotdistributed attacksenterprise networkingexploitationexploitation activityexploited hostftpftp brute-forcehackinghoneytrap honeypothttp scanneridentity & access exploitationinformation technologyinjection activityit infrastructurelamplamp stacklinuxmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware download attemptsnetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork scanningnorth americaopen proxypassword attacksphishingprocess injectionproxyransomwarerealtime-wafreconnaissanceresearchedscannersecurity policysftp attacksftp attackssiemsocradar honeypotsoftware developmentspamssh attackssh monitoringt1016.001t1021t1021.001t1041t1046t1055t1059t1059.004t1068t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003telekom-security/tpotcethreat actorthreat detectionthreat intelligencethreat preventiontor nodeunited statesusweb app attackweb application attackweb application attacksweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 13Jun 13

Threat Activity Heatmap

· Peak: 2026-06-13
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
55
SIGNAL
Signal Score
55%
Confidence
14
Reports
First seenMar 18, 2025
Last seenJun 13, 2026
GeolocationUS
CountryUnited States
LocationEdison, VA
ASNAS396356
OrgLogicWeb Inc.
Coords39.0481, -77.4728
Proxy

VirusTotal

Not checked

WHOIS

description
Detected by Bothammer as actively attacking a WordPress site
raw
LogicWeb Inc. LOGICWEB (NET-173-239-192-0-1) 173.239.192.0 - 173.239.255.255 Private Customer NSQ-VENTURE (NET-173-239-240-0-1) 173.239.240.0 - 173.239.240.255
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 12 days ago
Appeared in 14 threat reports