IPMediumSignal 80/100

`38.248.14.48`

Location

United States

Atlanta, Georgia

ASN

AS395931

Real Time Cloud Services, LLC

First Seen

Jan 3, 2026

Last Seen

Jun 11, 2026

Jan 3

First Seen

171d ago

Jun 11

Last Seen

13d ago

Reports

source reports

80%

Confidence

medium

Found in 26 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

80%

Signal Score

80 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

49 techniques

Network Information

Country

United States

RegionAtlanta, Georgia

ASNAS395931

OrganizationReal Time Cloud Services, LLC

IP Category

⟲

Proxy

Proxy server

Feed Intelligence Summary

26 reports80% confidence

Source reports

80%

Confidence score

Category tags

abuseaccess controlactive scanactive scanningapacheapache attackeraptasiaattackattacker ipattacker ip: confirmedattacker-ipaustraliaauthentication attackauthentication attemptauthentication attemptsbad reputationbad web botblacklisted ipblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute force attemptsbrute-forcebruteforcec2ciscocisco devicecisco device attackcode executioncode injectioncommand & controlcommand and controlcommand executioncommunication protocolcompromised hostcompromised ip addressconnected devicesconpotconpot honeypotcowriecowrie datacowrie honeypotcowrie ssh attackscredential accesscredential harvestingcredential stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase securityddosddos attackddos attacksdecoy systemdenial of servicedevice managementdhcpdhcp attackdionaeadionaea honeypotdistributed attackselasticpot honeypotelasticsearchelasticsearch attackelasticsearch monitoringemailencryptionenterprise networkingexploitexploitation activityexploitation attemptsexploited hostexternal threatfattfileftpftp brute forceftp brute-forcehackinghoneytrap honeypothttp attackhttp brute forcehttp scannerhttp scanninghttpsics securityidentity & access exploitationimapimap brute forceindiaindustrial control systemsindustrial iotinformation gatheringinjection activityinjection attacksinternet of thingsintrusion detectioniociot analyticsiot applicationsiot botnetiot platformsiot securityiot targetediot/ics attackipphoney honeypotkill-chain exploitationkill-chain reconnaissancelamplamp stack attacklateral movementlateral movement attemptldapldap brute forcelogin attemptlow-riskmailoney honeypotmalicious activitymalicious activity detectedmalicious file transfermalicious ipmalicious network activitymalicious probemalicious softwaremalicious trafficmalwaremalware behaviourmalware capturememcached attackmiraimirai botnetmssqlmssql brute forcemysql brute forcenetworknetwork attacksnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork monitoringnetwork probingnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork traffic analysisnorth americantpntp amplificationoceaniaopenctioracleoracle brute forceosintp0fpassword attackpassword attackspassword sprayingphishingphishing attackphishing trapping of deathpossible botnet nodepossible malware infectionpossible mirai variantpostgrespostgres brute forceprocess injectionprotocol exploitationproxyqhoneypot detectionransomwarereconnaissanceredisredis brute forceredis honeypotredishoneypotredishoneypot activityremote accessremote access attemptremote access attemptsremote loginremote servicesresearchedresource hijackingscanscannerscripting attackssecurity policysensor-taggedsentrypeer botnetsentrypeer sip attacksserver exploitationservice scansftpsftp access attemptssftp activitysftp attacksipsip vulnerability scansmart devicessmbsmb brute forcesmtpsmtp brute forcesnmpsocial engineeringsocks5socks5 proxysocradar honeypotspamsql injectionsshssh attackssh monitoringt1021t1021.001t1021.002t1021.004t1040t1041t1046t1055t1056t1059t1059.003t1059.004t1059.005t1059.007t1068t1071t1071.001t1076t1077t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1505.004t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1588t1588.002t1589t1592t1595t1595.001t1595.002t1595.003tannertargeting databasetcptcp protocoltelecommunicationstelnettelnet threattftpthreat actorthreat detectionthreat intelligencethreat preventiontor nodetpottraffic anomalyudp port scanunauthorized access attemptsunauthorized login attemptsunited statesusvalid accountsvncvnc protocolvoidtrapvoipvoip attackvulnerability scanweb app attackweb application attackweb attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs

Jun 11Jun 11

Threat Activity Heatmap

· Peak: 2026-06-11

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Minimal

3mo

Minimal

Threat ScoreHigh Risk

SIGNAL

Signal Score

80%

Confidence

Reports

First seenJan 3, 2026

Last seenJun 11, 2026

GeolocationUS

CountryUnited States

LocationAtlanta, Georgia

ASNAS395931

OrgReal Time Cloud Services, LLC

Coords37.7510, -97.8220

Proxy

VirusTotal

Not checked

WHOIS

description: Observed authentication attempts via telnet against Cowrie/Heralding honeypots in Australia. Total events observed: 3. Sensors involved: Cowrie. Target ports: 23. Source country: US. ASN(s): 395931. Organisation(s): ACECLOUD-01. Usernames observed (masked): a***n. Passwords observed (masked): a***n.
raw: NetRange: 38.0.0.0 - 38.255.255.255 CIDR: 38.0.0.0/8 NetName: COGENT-A NetHandle: NET-38-0-0-0-1 Parent: () NetType: Direct Allocation OriginAS: Organization: Cogent Communications, LLC (COGC) RegDate: 1991-04-16 Updated: 2025-09-23 Ref: https://rdap.arin.net/registry/ip/38.0.0.0 OrgName: Cogent Communications, LLC OrgId: COGC Address: 2450 N Street NW City: Washington StateProv: DC PostalCode: 20037 Country: US RegDate: 2000-05-30 Updated: 2025-09-23 Comment: Geofeed https://geofeed.cogentco.com/geofeed.csv Ref: https://rdap.arin.net/registry/entity/COGC ReferralServer: rwhois://rwhois.cogentco.com:4321 OrgTechHandle: IPALL-ARIN OrgTechName: IP Allocation OrgTechPhone: +1-877-875-4311 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/IPALL-ARIN OrgAbuseHandle: COGEN-ARIN OrgAbuseName: Cogent Abuse OrgAbusePhone: +1-877-875-4311 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/COGEN-ARIN OrgNOCHandle: ZC108-ARIN OrgNOCName: Cogent Communications OrgNOCPhone: +1-877-875-4311 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/ZC108-ARIN
references: https://purplesynapz.com/, https://voidvendor.com/intel, https://github.com/telekom-security/tpotce, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://redpiranha.net

`38.248.14.48`

MITRE ATT&CK TTPs

Network Information

IP Category

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey