IOC Radar
IPMediumSignal 20/100

172.98.33.171

Location
United StatesUnited States
Dallas, Texas
ASN
AS396356
Prefixx, Inc
First Seen
Jan 5, 2024
Last Seen
Jun 4, 2026
Jan 5
First Seen
891d ago
Jun 4
Last Seen
11d ago
12
Reports
source reports
20%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
20%
Signal Score
20 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

65 techniques

Network Information

CountryUSUnited States
RegionDallas, Texas
ASNAS396356
OrganizationPrefixx, Inc

Feed Intelligence Summary

12 reports20% confidence
12
Source reports
20%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningantispamattackbad reputationbad web botbankingbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute-forcecisco asacisco devicecisco device targetedcommand and controlcowrie activitycowrie honeypotcredential accesscredential stuffingcredit card servicesdata exfiltrationdata store exposureddosdecoy systemdenial of servicedevice managementdionaea activitydionaea honeypotdistributed attacksenterprise networkingexploit attemptexploitation activityfinancefinancial servicesfinancial technologyhackinghoneytrap honeypotidentity & access exploitationindicatorinjection activitylamplamp stacklamp stack targetinglinuxlog4jmalicious activitymalicious softwaremalwaremalware behaviourmalware capturemalware download attemptsnetworknetwork infrastructurenetwork intrusion attemptsnetwork probingnetwork scanningnetwork service scanningnorth americapassword attackspayment processingprocess injectionreconnaissanceresearchedscannerscanning activitysecurity policyservice scansftp attacksftp attacksspamssh attackssh monitoringt1021t1021.001t1021.002t1021.003t1021.004t1021.005t1021.006t1021.007t1041t1046t1055t1059t1059.001t1059.004t1068t1071t1071.001t1071.004t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1588t1588.002t1588.003t1588.004t1590t1590.001t1590.002t1590.003t1590.004t1591t1591.001t1591.002t1592t1592.001t1592.002t1592.003t1592.004t1594t1595t1595.001t1595.002t1595.003t1596t1596.001t1596.002t1596.003t1596.004t1596.005t1598t1598.001t1598.003t1598.004threat actorthreat detectionthreat intelligencethreat preventiontor nodeunited statesunited states of americauswealth managementweb app attackweb application attackweb application attacksweb exploitationweb scanner

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
20
SIGNAL
Signal Score
20%
Confidence
12
Reports
First seenJan 5, 2024
Last seenJun 4, 2026
GeolocationUS
CountryUnited States
LocationDallas, Texas
ASNAS396356
OrgPrefixx, Inc
Coords37.7510, -97.8220

VirusTotal

Not checked

WHOIS

description
2025-07-01T02:11:06.178Z Honeypot : Ciscoasa : Source: 172.98.33.171 : Message: {'timestamp': '2025-07-01T02:11:06.178259', 'src_ip': '172.98.33.171', 'payload_printable': '"GET /+CSCOE+/logon.html HTTP/1.1" 302 -'}
raw
NetRange: 172.98.32.0 - 172.98.35.255 CIDR: 172.98.32.0/22 NetName: LAYERSWITCH NetHandle: NET-172-98-32-0-1 Parent: NET172 (NET-172-0-0-0-0) NetType: Direct Allocation OriginAS: AS6977 Organization: LayerSwitch, Inc (LAYER-14) RegDate: 2021-07-08 Updated: 2022-04-10 Ref: https://rdap.arin.net/registry/ip/172.98.32.0 OrgName: LayerSwitch, Inc OrgId: LAYER-14 Address: 1200 Brickell Ave Ste 1950 City: Miami StateProv: FL PostalCode: 33131 Country: US RegDate: 2021-04-02 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/LAYER-14 OrgAbuseHandle: LAYER20-ARIN OrgAbuseName: LayerSwitch Abuse OrgAbusePhone: +1-786-589-7018 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/LAYER20-ARIN OrgNOCHandle: LAYER19-ARIN OrgNOCName: LayerSwitch NOC OrgNOCPhone: +1-786-589-7018 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/LAYER19-ARIN OrgTechHandle: LAYER19-ARIN OrgTechName: LayerSwitch NOC OrgTechPhone: +1-786-589-7018 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/LAYER19-ARIN RAbuseHandle: VCA28-ARIN RAbuseName: VPN Consumer Abuse RAbusePhone: +507 838-8592 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/VCA28-ARIN
references
https://github.com/telekom-security/tpotce

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 11 days ago
Appeared in 12 threat reports