IOC Radar
IPMediumSignal 23/100

68.235.46.21

Location
United StatesUnited States
Chicago, IL
ASN
AS11878
tzulo, inc.
First Seen
Oct 25, 2024
Last Seen
May 30, 2026
Oct 25
First Seen
593d ago
May 30
Last Seen
11d ago
8
Reports
source reports
23%
Confidence
medium
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
23%
Signal Score
23 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

30 techniques

Network Information

CountryUSUnited States
RegionChicago, IL
ASNAS11878
Organizationtzulo, inc.

IP Category

VPN
VPN exit node

Feed Intelligence Summary

8 reports23% confidence
8
Source reports
23%
Confidence score
Category tags
abuseaccessaccess controlaccount discoveryaccount profilingaccount takeoveractive scanactive scanningalienvault_ransomwareantispamauthenticationautomated attackbad reputationbotnetbotnet activitybrute forcebrute force attackbrute force attemptsbrute-forcebruteforcecisco devicecommand and controlcowriecredential accesscredential stuffingdata exfiltrationdata store exposureddosdenial of servicedevice managementdionaeadistributed attacksencryptionenterprise networkingexploitationexploitation activityfattfortiosftp brute forcegroupshackinghttp brute forceidentity & access exploitationinformation technologyinitial accessinjection activityipv4it infrastructurelog4jmalicious activitymalicious softwaremalwaremobile threatmonthlynetworknetwork infrastructurenetwork reconnaissancenetwork scanningnetwork securitynorth americap0fpalo alto networkspassword attackpassword attacksprocess injectionproxyransomwarereconnaissanceremote accessremote servicesresearchedscannerscriptsecurity monitoringsecurity operationssensor-taggedslugsoftware developmentspamssh attackssl vpnsurface websyn scant1021.001t1046t1055t1059t1071.001t1076t1078t1078.001t1110t1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1486t1496t1499.001t1499.002t1499.003t1555t1555.003t1563t1565t1567t1595t1595.001t1595.002t1595.003tannertcp scanthreat actorthreat intelligencetor nodetpotudp scanunauthorized accessunited statesunited states of americausvpnvpn ipweb application attackweb exploitation

Activity Timeline

1 total obs
May 30May 30

Threat Activity Heatmap

· Peak: 2026-05-30
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
23
SIGNAL
Signal Score
23%
Confidence
8
Reports
First seenOct 25, 2024
Last seenMay 30, 2026
GeolocationUS
CountryUnited States
LocationChicago, IL
ASNAS11878
Orgtzulo, inc.
Coords41.8710, -87.6289
VPN

VirusTotal

Not checked

WHOIS

description
Seen in CiscoASA honeypot logs within the configured window. request: GET /+CSCOE+/logon.html HTTP/1.1" 302 - geo: US; ASN 11878 (tzulo, inc.)
raw
NetRange: 68.235.32.0 - 68.235.63.255 CIDR: 68.235.32.0/19 NetName: TZULO NetHandle: NET-68-235-32-0-1 Parent: NET68 (NET-68-0-0-0-0) NetType: Direct Allocation OriginAS: AS11878 Organization: tzulo, inc. (TZULO) RegDate: 2010-03-10 Updated: 2012-02-24 Comment: www.tzulo.com Ref: https://rdap.arin.net/registry/ip/68.235.32.0 OrgName: tzulo, inc. OrgId: TZULO Address: 427 South LaSalle Street Address: Suite 405 City: Chicago StateProv: IL PostalCode: 60605 Country: US RegDate: 2007-03-28 Updated: 2024-11-25 Comment: https://www.tzulo.com Comment: Colocation, Dedicated Servers, Cloud/Virtual Servers, Managed Hosting Services Ref: https://rdap.arin.net/registry/entity/TZULO OrgTechHandle: NOCTZ-ARIN OrgTechName: NOC tzulo OrgTechPhone: +1-847-847-2048 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NOCTZ-ARIN OrgAbuseHandle: ABUSE1633-ARIN OrgAbuseName: Abuse tzulo OrgAbusePhone: +1-847-847-2048 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE1633-ARIN OrgNOCHandle: NOCTZ-ARIN OrgNOCName: NOC tzulo OrgNOCPhone: +1-847-847-2048 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/NOCTZ-ARIN RTechHandle: NOCTZ-ARIN RTechName: NOC tzulo RTechPhone: +1-847-847-2048 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/NOCTZ-ARIN RAbuseHandle: ABUSE1633-ARIN RAbuseName: Abuse tzulo RAbusePhone: +1-847-847-2048 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/ABUSE1633-ARIN RNOCHandle: NOCTZ-ARIN RNOCName: NOC tzulo RNOCPhone: +1-847-847-2048 RNOCEmail: [email protected] RNOCRef: https://rdap.arin.net/registry/entity/NOCTZ-ARIN
references
source over 3 count.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 11 days ago
Appeared in 8 threat reports