IOC Radar
IPMediumSignal 51/100

138.248.193.14

Location
United KingdomUnited Kingdom
City of Westminster, England
ASN
AS31655
GTL
First Seen
Aug 26, 2025
Last Seen
Jun 6, 2026
Aug 26
First Seen
292d ago
Jun 6
Last Seen
8d ago
13
Reports
source reports
51%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
51%
Signal Score
51 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

31 techniques

Network Information

CountryGBUnited Kingdom
RegionCity of Westminster, England
ASNAS31655
OrganizationGTL

Feed Intelligence Summary

13 reports51% confidence
13
Source reports
51%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningaptattackbad reputationbad web botbotnetbotnet activitybrute forcebrute force attackbrute-forcec2c2 communicationcommand & controlcommand and controlcompromised hostcompromised systemcowriecowrie honeypotcredential accesscredential stuffingdata exfiltrationdata store exposureddosdecoy systemdenial of servicedetected botnet activitydistributed attackseuropeexploitation activityexploited hostftp brute forcegbhackinghoneytrap honeypothttp scanningidentity & access exploitationinbound scanindicatorinjection activityintrusion detectionioclampmalicious activitymalicious softwaremalwarenetworknetwork attacksnetwork protocolnetwork scanningnetwork securitypassword attacksprocess injectionprotocol exploitationreconnaissanceresearchedscannersecurity policysftpsftp attacksshssh attackssh monitoringt1021t1040t1041t1053t1055t1059t1071t1071.001t1078t1083t1087t1105t1110.001t1110.002t1110.003t1110.004t1133t1136t1190t1203t1486t1496t1499.001t1499.002t1499.003t1565t1566t1595t1595.001t1595.002t1595.003tcp scanningtelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodeunited kingdomweb application attackweb exploitation

Activity Timeline

1 total obs
Jun 6Jun 6

Threat Activity Heatmap

· Peak: 2026-06-06
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
51
SIGNAL
Signal Score
51%
Confidence
13
Reports
First seenAug 26, 2025
Last seenJun 6, 2026
GeolocationGB
CountryUnited Kingdom
LocationCity of Westminster, England
ASNAS31655
OrgGTL
Coords51.4964, -0.1224

VirusTotal

Not checked

WHOIS

raw
inetnum: 138.248.128.0 - 138.248.255.255 netname: UK-GTL-19930901 country: GB org: ORG-GTL19-RIPE admin-c: GTRA1-RIPE tech-c: GTRA1-RIPE status: LEGACY mnt-by: MNT-GTL created: 2019-07-11T10:24:24Z last-modified: 2023-05-19T15:52:47Z source: RIPE organisation: ORG-GTL19-RIPE org-name: Gamma Telecom Limited country: GB org-type: LIR address: Arbeta, 11 Northampton Road address: M40 5BP address: Manchester address: UNITED KINGDOM phone: +443332403481 fax-no: +441618775704 abuse-c: GAC-GB mnt-ref: MNT-GTL mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: MNT-GTL created: 2013-05-14T10:35:14Z last-modified: 2025-06-12T20:55:05Z source: RIPE # Filtered role: Gamma Telecom RIPE Admin address: Arbeta, 11 Northampton Road, Manchester, M40 5BP admin-c: BS12817-RIPE tech-c: AF6377-RIPE nic-hdl: GTRA1-RIPE mnt-by: MNT-GTHL created: 2009-10-22T10:11:04Z last-modified: 2025-06-12T17:47:22Z source: RIPE # Filtered route: 138.248.128.0/17 origin: AS31655 mnt-by: MNT-GTL created: 2020-01-22T14:40:12Z last-modified: 2020-01-22T14:40:12Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 9 months ago · Last seen 8 days ago
Appeared in 13 threat reports