IOC Radar
IPHighVerifiedSignal 30/100

68.224.252.70

Location
United StatesUnited States
Las Vegas, Nevada
ASN
AS22773
Cox Communications
First Seen
Jul 5, 2025
Last Seen
Aug 7, 2025
Jul 5
First Seen
356d ago
Aug 7
Last Seen
323d ago
5
Reports
source reports
30%
Confidence
high
Found in 5 reports. Confidence: high. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
30%
Signal Score
30 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

30 techniques

Network Information

CountryUSUnited States
RegionLas Vegas, Nevada
ASNAS22773
OrganizationCox Communications

Feed Intelligence Summary

5 reports30% confidence
5
Source reports
30%
Confidence score
Category tags
active scanningattackbotnetbrute forcebrute force attackbrute force attackscisco asacisco devicecommand and controlcommunication protocolcowrie honeypotcredential accesscredential stuffingdata exfiltrationdecoy systemdevice managementdionaea honeypotdistributed attacksenterprise networkingexploitationftphoneytrap honeypothttp scannerindicatorlamplamp stacklinuxmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware download attemptsnetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork scanningnorth americapassword attacksprocess injectionreconnaissanceresearchedscannersftp attacksftp attacksssh attackssh monitoringt1016.001t1021t1021.001t1041t1046t1055t1059t1059.004t1068t1071.001t1078t1083t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1595t1595.001t1595.002t1595.003telekom-security/tpotcethreat actorthreat detectionthreat intelligenceunited statesweb application attacksweb traffic

Activity Timeline

1 total obs
Aug 7Aug 7

Threat Activity Heatmap

· Peak: 2025-08-07
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreLow Risk
30
SIGNAL
Signal Score
30%
Confidence
5
Reports
First seenJul 5, 2025
Last seenAug 7, 2025
Verified IOC
GeolocationUS
CountryUnited States
LocationLas Vegas, Nevada
ASNAS22773
OrgCox Communications
Coords36.1716, -115.1390

VirusTotal

Not checked

WHOIS

description
2025-07-01T02:43:31.079Z Honeypot : Ciscoasa : Source: 68.224.252.70 : Message: {'timestamp': '2025-07-01T02:43:31.079499', 'src_ip': '68.224.252.70', 'payload_printable': '"POST /+webvpn+/index.html HTTP/1.1" 200 -'}
raw
Cox Communications Inc. NETBLK-COX-ATLANTA-7 (NET-68-224-0-0-1) 68.224.0.0 - 68.231.255.255 Cox Communications NETBLK-LV-RDC-68-224-224-0 (NET-68-224-224-0-1) 68.224.224.0 - 68.224.255.255
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

high
First detected 11 months ago · Last seen 10 months ago
Appeared in 5 threat reports