IOC Radar
IPMediumSignal 94/100

202.63.241.70

Location
NepalNepal
Kathmandu, Bagmati Province
ASN
AS4007
Subisu Cablenet
First Seen
Sep 13, 2023
Last Seen
Jan 22, 2026
Sep 13
First Seen
1014d ago
Jan 22
Last Seen
152d ago
9
Reports
source reports
94%
Confidence
medium
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
94%
Signal Score
94 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryNPNepal
RegionKathmandu, Bagmati Province
ASNAS4007
OrganizationSubisu Cablenet

Feed Intelligence Summary

9 reports94% confidence
9
Source reports
94%
Confidence score
Category tags
abuseaccess controlactive scanningadbhoney honeypotapplication layer protocolasiaattackaustraliaauthentication abuseauthentication attackauthentication attemptsauthentication brute forcebotnetbrute forcebrute force attackbrute force attacksbrute force attemptbrute force attemptsbrute_forcecisco devicecisco exploitationcisco exploitation attemptscisco ioscommand and controlcommand injectioncommunication protocolcompromised credentialsconpot honeypotcowrie honeypotcredential accesscredential attackcredential brute forcecredential harvestingcredential stuffingcve scandata encryptiondata exfiltrationdatabase attackdatabase attacksdatabase exploitation attemptdatabase securitydatabase service attacksddos attackdecoy systemdenial of servicedevice managementdionaea honeypotdionaea malware analysisdistributed attacksdnselasticpot honeypotelasticsearch monitoringenterprise networkingexploitexploit kit activityexploitationexploitation attemptexploitation attemptsexternal threatfailed loginfattftpftp brute forceftp brute-forceftp_bruteforceheralding attack patternhoneytrap honeypothttp brute forcehttp scannerhttp_scanhttpshttps_scanics securityics/scada attacksindicatorindustrial control systemsinitial accessinjection attacksinternet-facingintrusion detectioniociot attacksiot device attacksiot device targetingiot/ics attackipphoney honeypotipv4ipv4 attackslamplamp vulnerability scanlateral movementlogin attackmailoney honeypotmalicious activitymalicious payload attemptmalicious softwaremalwaremalware behaviourmalware capturemalware detectionmalware distributionnepalnetworknetwork activitynetwork device attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnorth americanpoceaniap0fpassword attackpassword attacksphishingphishing attackphishing trappossible botnet activityprocess injectionprotocol exploitationpython script activityreconnaissanceredis honeypotremote accessremote access attemptsremote loginremote servicesresearchedresource hijackingscannerscanning activityscripting attackssecurity operationssecurity policysensor-taggedsentrypeer botnetsftp attacksftp attackssftp exploitationshell access attemptssip brute forcesip scanningsmtpsmtp brute forcesocial engineeringsql injection attemptssh attackssh attacksssh brute-forcessh monitoringssh_bruteforcet-pott1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1059t1059.003t1059.004t1059.007t1071t1071.001t1076t1077t1078t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1565t1566.001t1566.002t1566.003t1566.004t1595t1595.001t1595.002t1595.003tannertelecommunicationstelnet threattelnet_bruteforcethreat actorthreat detectionthreat intelligencethreat preventiontpottpotceunauthorized access attemptunauthorized loginunited statesvoipvoip attackvoip attacksweb application attackweb application attacksweb attackweb exploitationweb service attacksweb shell attemptweb spamweb traffic

Activity Timeline

1 total obs
Jan 22Jan 22

Threat Activity Heatmap

· Peak: 2026-01-22
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
94
SIGNAL
Signal Score
94%
Confidence
9
Reports
First seenSep 13, 2023
Last seenJan 22, 2026
GeolocationNP
CountryNepal
LocationKathmandu, Bagmati Province
ASNAS4007
OrgSubisu Cablenet
Coords28.0000, 84.0000

VirusTotal

Not checked

WHOIS

description
2025-07-05T03:46:38.004Z Honeypot : Heralding : Source: 202.63.241.70 : Username/Password: ADMiN/1q2w3e4r Port: 1080 Message: 2025-07-05 03:46:38.004735,0684a6ff-462e-4fc2-8661-294dcf618c0c,6b855ccf-4395-4063-a111-0290a97f2056,202.63.241.70,35452,99.18.26.19,1080,socks5,ADMiN,1q2w3e4r,
raw
inetnum: 202.63.241.0 - 202.63.241.255 netname: SUBISU_Corporate_Pool26 descr: SUBISU_Corporate_Pool26 country: NP admin-c: ATC1-AP tech-c: DS625-AP abuse-c: AS2579-AP status: ASSIGNED NON-PORTABLE mnt-by: MAINT-NP-SUBISU mnt-irt: IRT-SUBISUCABLENET-NP-NP last-modified: 2021-02-02T16:05:28Z source: APNIC irt: IRT-SUBISUCABLENET-NP-NP address: PO Box: 6626, Baluwatar address: Kathmandu address: Nepal e-mail: [email protected] abuse-mailbox: [email protected] admin-c: ATC1-AP tech-c: DS625-AP auth: # Filtered remarks: [email protected] was validated on 2025-05-07 remarks: [email protected] was validated on 2025-06-06 mnt-by: MAINT-NP-SUBISU last-modified: 2025-06-06T06:47:55Z source: APNIC role: ABUSE SUBISUCABLENETNPNP country: ZZ address: PO Box: 6626, Baluwatar address: Kathmandu address: Nepal phone: +000000000 e-mail: [email protected] admin-c: ATC1-AP tech-c: DS625-AP nic-hdl: AS2579-AP remarks: Generated from irt object IRT-SUBISUCABLENET-NP-NP remarks: [email protected] was validated on 2025-05-07 remarks: [email protected] was validated on 2025-06-06 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-06-06T06:48:19Z source: APNIC person: Amit Thapa Chhetri address: PO Box: 6626 address: katmandu country: NP phone: +977-1-4429616 fax-no: +977-1-4430572 e-mail: [email protected] mnt-by: MAINT-NP-SUBISU nic-hdl: ATC1-AP last-modified: 2008-09-04T07:29:23Z source: APNIC person: Deepak Shrestha address: Subisu Cable Net address: PO Box 6626 address: Kathmandu country: NP phone: +977-1-4429616 e-mail: [email protected] nic-hdl: DS625-AP mnt-by: MAINT-NP-SUBISU last-modified: 2008-09-04T07:50:52Z source: APNIC route: 202.63.241.0/24 origin: AS136762 descr: Subisu Cablenet PO Box 6626 Kathmandu mnt-by: MAINT-NP-SUBISU last-modified: 2018-12-13T06:37:44Z source: APNIC route: 202.63.241.0/24 origin: AS4007 descr: Subisu Cablenet PO Box 6626 Kathmandu mnt-by: MAINT-NP-SUBISU last-modified: 2018-12-13T06:32:42Z source: APNIC
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 5 months ago
Appeared in 9 threat reports