IOC Radar
IPMediumSignal 85/100

38.134.105.194

Location
United StatesUnited States
Fort Worth, Texas
ASN
AS401322
NetO Corp
First Seen
Nov 12, 2025
Last Seen
Jun 2, 2026
Nov 12
First Seen
226d ago
Jun 2
Last Seen
24d ago
13
Reports
source reports
85%
Confidence
medium
Found in 13 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
85%
Signal Score
85 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

32 techniques

Network Information

CountryUSUnited States
RegionFort Worth, Texas
ASNAS401322
OrganizationNetO Corp

Feed Intelligence Summary

13 reports85% confidence
13
Source reports
85%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningaptasiaattackautomated attacksautomated threatbad reputationbotnetbotnet activitybotnet attack activitybrute forcebrute force attackbrute force attackerbrute-forcebruteforceciscocisco devicecivil servicescommand and controlcommunication protocolcowriecowrie honeypotcredential accesscredential attackscredential brute forcecredential stuffingdata encryptiondata exfiltrationdata store exposureddosddos attackdecoy systemdenial of servicedevice managementdistributed attacksencryptionenterprise networkingexploitexploit attemptexploitation activityexploited hostexternal access attemptsftpgovernment technologyhackinghoneytrap honeypothttp scannerhttp/sidentity & access exploitationindicatorinformation technologyinjection activityipv4it infrastructurelamplateral movementlinux serverslinux systemsmalicious activitymalicious softwaremalwarenetworknetwork infrastructurenetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnorth americapassword attacksportscanprocess injectionprotocol exploitationpublic administrationpublic infrastructurepublic policyreconnaissanceregulatory agenciesremote accessremote servicesresearchedresource hijackingscannerscannerssecurity operationssecurity policysentrypeer botnetservice scanservice scanningsftpsftp attacksgsingaporesipsoftware developmentspamsshssh attackssh monitoringt1021.001t1021.002t1040t1041t1046t1055t1071.001t1076t1077t1078t1090 - proxyt1110.001t1110.002t1110.003t1110.004t1133t1190t1203t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1563t1565t1590.006t1592.002t1595t1595.001t1595.002t1595.003telecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpotunited statesusvoipvoip attackvulnerability scanvulnerability-exploitationvultrweb app attackweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 2Jun 2

Threat Activity Heatmap

· Peak: 2026-06-02
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
85
SIGNAL
Signal Score
85%
Confidence
13
Reports
First seenNov 12, 2025
Last seenJun 2, 2026
GeolocationUS
CountryUnited States
LocationFort Worth, Texas
ASNAS401322
OrgNetO Corp
Coords32.7555, -97.3308

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected port scanning Vultr Tokyo (Japan) honeypot
raw
NetRange: 38.0.0.0 - 38.255.255.255 CIDR: 38.0.0.0/8 NetName: COGENT-A NetHandle: NET-38-0-0-0-1 Parent: () NetType: Direct Allocation OriginAS: Organization: Cogent Communications, LLC (COGC) RegDate: 1991-04-16 Updated: 2025-09-23 Ref: https://rdap.arin.net/registry/ip/38.0.0.0 OrgName: Cogent Communications, LLC OrgId: COGC Address: 2450 N Street NW City: Washington StateProv: DC PostalCode: 20037 Country: US RegDate: 2000-05-30 Updated: 2025-09-23 Comment: Geofeed https://geofeed.cogentco.com/geofeed.csv Ref: https://rdap.arin.net/registry/entity/COGC ReferralServer: rwhois://rwhois.cogentco.com:4321 OrgTechHandle: IPALL-ARIN OrgTechName: IP Allocation OrgTechPhone: +1-877-875-4311 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/IPALL-ARIN OrgAbuseHandle: COGEN-ARIN OrgAbuseName: Cogent Abuse OrgAbusePhone: +1-877-875-4311 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/COGEN-ARIN OrgNOCHandle: ZC108-ARIN OrgNOCName: Cogent Communications OrgNOCPhone: +1-877-875-4311 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/ZC108-ARIN
references
https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 7 months ago · Last seen 24 days ago
Appeared in 13 threat reports