IOC Radar
IPMediumSignal 65/100

175.107.3.98

Location
PakistanPakistan
Taxila, KP
ASN
AS23888
National Telecommunication Corporation
First Seen
Feb 2, 2022
Last Seen
May 31, 2026
Feb 2
First Seen
1607d ago
May 31
Last Seen
28d ago
12
Reports
source reports
65%
Confidence
medium
Found in 12 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
65%
Signal Score
65 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

57 techniques

Network Information

CountryPKPakistan
RegionTaxila, KP
ASNAS23888
OrganizationNational Telecommunication Corporation

Feed Intelligence Summary

12 reports65% confidence
12
Source reports
65%
Confidence score
Category tags
/32 ip addressabuseaccess attemptaccount accessaccount discoveryaccount profilingaccount takeoveractive scanactive scanningaptasiaattackattack vector: networkattempted compromiseaustraliaauthenticationauthentication abuseauthentication attackauthentication attemptauthentication brute forceauthentication bypassauthentication failureauthentication: brute forceauto-generated securityautomated attackautomated threatbad reputationbad web botbankingbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebruteforcingcivil servicescommand and controlcommunication protocolcompromise credentialscompromised credentialscompromised hostcowrie honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredentialscredit card servicescyber securitydata exfiltrationdata store exposuredatabase securityddosdecoy systemdefault credentialsdenial of servicedigital oceandionaea honeypotdistributed attacksexploitexploit public-facing applicationexploitationexploitation activityexternal originexternal remote servicesfattfinancefinance and insurancefinancial servicesfinancial technologyftpgovernment technologyhackinghoneytrap honeypothttp scanneridentity & access exploitationindicatorinformation technologyinfrastructure impairmentinitial accessinjection activityinjection attacksiociot securityiot targetedit infrastructurekill-chain exploitationkill-chain reconnaissancelateral movementloginlogin attacklogin attemptlogin brute forcelogin brute-forcelogin failurelow-riskmailoney honeypotmalicious activitymalicious softwaremalwaremalware behaviourmalware capturenetworknetwork accessnetwork behaviornetwork boundarynetwork brute forcenetwork devicenetwork exploitationnetwork intrusionnetwork intrusion attemptnetwork loginnetwork login attemptnetwork logonnetwork perimeternetwork probingnetwork protocolnetwork scannetwork scanningnetwork securitynetwork security monitoringnetwork servicenetwork service exploitationnetwork service protocolnetwork service scanningnetwork sniffingnetwork trafficnetwork traffic analysisnextraynorth americaoceaniaos credential dumpingos credentials dumpingosintp0fpassword attackpassword attackspassword brute forcepassword crackingpayment processingphishingphishing attackphishing trappkprocess injectionprotocol exploitationprotocol: telnetpublic administrationpublic infrastructurepublic policyransomwarereconnaissanceregulatory agenciesremote accessremote access attackremote access protocolremote access serviceremote authenticationremote loginremote serviceremote servicesresearchedresource hijackingscannerscanning activitysecurity operationssensor-taggedsentrypeer botnetservice scansingle ip sourcesmtpsocial engineeringsoftware developmentsshssh attackssh monitoringstolen credentialst1018t1021t1021.001t1021.002t1021.004t1021.006t1040t1046t1048t1055t1059t1059.001t1059.003t1059.004t1071t1071.001t1078t1078.001t1078.002t1078.003t1078.004t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1190t1203t1486t1496t1499.001t1499.002t1499.003t1550t1550.002t1550.003t1555t1555.001t1555.002t1555.003t1555.004t1565t1566.001t1566.002t1566.003t1567t1588t1588.002t1588.004t1589t1589.002t1595t1595.001t1595.002t1595.003tannertcp/23telnet threatthreat actorthreat detectionthreat intelligencetor nodetpotunauthorized accessunauthorized loginunited statesunited states sourceus /32us based attackus ip addressus ip sourceus sourceus source ipus-based attackusa sourceuser executionvalid accountsvoip attackvulnerability scanvulnerability-exploitationwealth managementweb application attackweb exploitationweb scannerweb traffic

Activity Timeline

1 total obs
May 31May 31

Threat Activity Heatmap

· Peak: 2026-05-31
Less
More
Mon
Wed
Fri
Jun
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
65
SIGNAL
Signal Score
65%
Confidence
12
Reports
First seenFeb 2, 2022
Last seenMay 31, 2026
GeolocationPK
CountryPakistan
LocationTaxila, KP
ASNAS23888
OrgNational Telecommunication Corporation
Coords34.0676, 72.4707

VirusTotal

Not checked

WHOIS

description
Score: 85/100. Labels: abuseipdb:brute-force, abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:iot-targeted, abuseipdb:low, abuseipdb:multi-reported. 175.107.3.98 classified as automated brute-force attacker targeting SSH/Telnet credentials (medium confidence). Origin: enriched. Listed on: AbuseIPDB (brute-force, exploited-host, hacking).
raw
inetnum: 175.107.0.0 - 175.107.63.255 netname: NTCISP-PK descr: National Telecommunication Corporation descr: Corporation descr: NTC Headquarters Sector F-5/1 country: PK org: ORG-NTC3-AP admin-c: NTCA1-AP tech-c: NTCA1-AP abuse-c: AN769-AP status: ALLOCATED PORTABLE remarks: -------------------------------------------------------- remarks: To report network abuse, please contact mnt-irt remarks: For troubleshooting, please contact tech-c and admin-c remarks: Report invalid contact via www.apnic.net/invalidcontact remarks: -------------------------------------------------------- mnt-by: APNIC-HM mnt-lower: MAINT-PK-WAHEED mnt-routes: MAINT-PK-WAHEED mnt-irt: IRT-NTCISP-PK last-modified: 2020-06-22T05:24:27Z source: APNIC irt: IRT-NTCISP-PK address: Ntc Regional Hqs F-5/1 Islamabad e-mail: [email protected] abuse-mailbox: [email protected] admin-c: NTCA1-AP tech-c: NTCA1-AP auth: # Filtered remarks: [email protected] is invalid mnt-by: MAINT-PK-ZAHIR last-modified: 2025-09-04T05:18:17Z source: APNIC organisation: ORG-NTC3-AP org-name: National Telecommunication Corporation org-type: LIR country: PK address: Corporation address: NTC Headquarters Sector F-5/1 phone: +92-51-9208686 fax-no: +92-51-9201489 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:53Z source: APNIC role: ABUSE NTCISPPK country: ZZ address: Ntc Regional Hqs F-5/1 Islamabad phone: +000000000 e-mail: [email protected] admin-c: NTCA1-AP tech-c: NTCA1-AP nic-hdl: AN769-AP remarks: Generated from irt object IRT-NTCISP-PK remarks: [email protected] is invalid abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-05-14T13:08:52Z source: APNIC role: National Telecommunication Corporation administrator address: Sector F 5/1, Islamabad country: PK phone: +92-51-9208809 fax-no: +92-51-9201489 e-mail: [email protected] admin-c: NTCA1-AP tech-c: NTCA1-AP nic-hdl: NTCA1-AP mnt-by: MAINT-PK-WAHEED last-modified: 2015-07-01T04:51:22Z source: APNIC route: 175.107.2.0/23 origin: AS23888 descr: National Telecommunication Corporation Corporation. NTC Headquarters Sector F-5/1 mnt-by: MAINT-PK-AMIR last-modified: 2022-09-14T04:24:05Z source: APNIC

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 28 days ago
Appeared in 12 threat reports