IOC Radar
IPMediumSignal 69/100

96.18.141.230

Location
United StatesUnited States
Gulfport, MS
ASN
AS11492
Sparklight
First Seen
Mar 14, 2025
Last Seen
Feb 21, 2026
Mar 14
First Seen
457d ago
Feb 21
Last Seen
113d ago
10
Reports
source reports
69%
Confidence
medium
1/91
VirusTotal
detections
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
69%
Signal Score
69 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

43 techniques

Network Information

CountryUSUnited States
RegionGulfport, MS
ASNAS11492
OrganizationSparklight

Feed Intelligence Summary

10 reports69% confidence
10
Source reports
69%
Confidence score
Category tags
access controlactive scanningattackbotnetbrute forcebrute force attackbrute force attemptcommand and controlcommunication protocolcompromised credentials attemptcowrie honeypotcredential accesscredential stuffingdata exfiltrationdata exfiltration attemptddos attacksdecoy systemdictionary attackdionaea honeypotdistributed attacksenumerationexploitationfailed login attemptsftp brute forcehoneytrap honeypotindicatorinternet of thingsintrusion detectioniociot botnetiot/ics attacklamplamp exploit attemptslamp exploitation attemptlateral movementmalicious activitymalicious payload attemptmalicious softwaremalwaremalware behaviourmalware capturemirai botnetnetworknetwork attacksnetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynetwork service scanningnorth americapassword attackspassword sprayingpotential malware distributionpotential malware uploadprocess injectionprotocol exploitationreconnaissanceremote accessresearchedscanscannersecurity policysftp activitysftp attackshellssh attackssh monitoringt1016t1021t1021.001t1021.002t1021.004t1040t1041t1046t1047t1055t1059t1059.004t1059.005t1059.007t1068t1071t1071.001t1071.004t1078t1078.001t1105t1110t1110.001t1110.002t1110.003t1110.004t1190t1199t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1565t1566t1566.001t1595t1595.001t1595.002t1595.003tcp protocoltelnet threatthreat actorthreat detectionthreat intelligencethreat preventionunauthorized access attemptunited statesus

Activity Timeline

1 total obs
Feb 21Feb 21

Threat Activity Heatmap

· Peak: 2026-02-21
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreMedium Risk
69
SIGNAL
Signal Score
69%
Confidence
10
Reports
First seenMar 14, 2025
Last seenFeb 21, 2026
GeolocationUS
CountryUnited States
LocationGulfport, MS
ASNAS11492
OrgSparklight
Coords30.4605, -89.0856

VirusTotal

1/ 91vendors flagged
1% detection rateJun 7, 2026

WHOIS

description
dionaea, heralding, malicious, ssh, sftp, cowrie, LAMP, honeytrap
raw
NetRange: 96.18.0.0 - 96.19.243.255 CIDR: 96.18.0.0/16, 96.19.0.0/17, 96.19.224.0/20, 96.19.192.0/19, 96.19.128.0/18, 96.19.240.0/22 NetName: CABLEONE NetHandle: NET-96-18-0-0-1 Parent: NET96 (NET-96-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: CABLE ONE, INC. (CBL1) RegDate: 2007-12-10 Updated: 2020-05-12 Ref: https://rdap.arin.net/registry/ip/96.18.0.0 OrgName: CABLE ONE, INC. OrgId: CBL1 Address: 210 East Earll Drive City: PHOENIX StateProv: AZ PostalCode: 85012 Country: US RegDate: 1996-09-25 Updated: 2025-02-14 Ref: https://rdap.arin.net/registry/entity/CBL1 ReferralServer: rwhois://rwhois.cableone.net:4321 OrgRoutingHandle: SPRAG67-ARIN OrgRoutingName: Sprague, Sean OrgRoutingPhone: +1-480-432-8080 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/SPRAG67-ARIN OrgTechHandle: NICKS3-ARIN OrgTechName: Nicksic, Joseph OrgTechPhone: +1-602-364-6445 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NICKS3-ARIN OrgAbuseHandle: COAD-ARIN OrgAbuseName: Cable One Abuse Department OrgAbusePhone: +1-877-692-2253 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/COAD-ARIN OrgTechHandle: LAB21-ARIN OrgTechName: Bedrick, Lauren Ashley OrgTechPhone: +1-702-560-5616 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/LAB21-ARIN OrgTechHandle: DUDGE5-ARIN OrgTechName: Dudgeon, West OrgTechPhone: +1-480-600-2002 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/DUDGE5-ARIN OrgTechHandle: ARIZP3-ARIN OrgTechName: Arizpe, Carlos OrgTechPhone: +1-602-364-6231 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/ARIZP3-ARIN OrgTechHandle: AEM41-ARIN OrgTechName: Morong, Alexander Eugene OrgTechPhone: +1-602-364-6401 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/AEM41-ARIN OrgNOCHandle: CONOC-ARIN OrgNOCName: Cable ONE Network Operations Center OrgNOCPhone: +1-602-763-6262 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/CONOC-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 10 threat reports