2.3.0.12 Threat Intelligence and Host Information

Apr 05, 2025 ipinfopage

General

IP Address

2.3.0.12

IPv4 Address

Location

🇫🇷 Billom, France

Network

AS3215

Orange

Threat Score

75/100

Critical

0pgtwhu0report1b@ssl.com2ndcorintnthians4:8-9443

Attack Intelligence

MITRE ATT&CK Techniques

T1001 - Data Obfuscation, T1003.008 - /etc/passwd and /etc/shadow, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1010 - Application Window Discovery, T1012 - Query Registry, T1018 - Remote System Discovery, T1023 - Shortcut Modification, T1027.002 - Software Packing, T1027 - Obfuscated Files or Information, T1029 - Scheduled Transfer, T1031 - Modify Existing Service, T1033 - System Owner/User Discovery, T1035 - Service Execution, T1036 - Masquerading, T1040 - Network Sniffing, T1043 - Commonly Used Port, T1045 - Software Packing, T1047 - Windows Management Instrumentation, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056.001 - Keylogging, T1056 - Input Capture, T1057 - Process Discovery, T1059.002 - AppleScript, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1063 - Security Software Discovery, T1064 - Scripting, T1065 - Uncommonly Used Port, T1068 - Exploitation for Privilege Escalation, T1070 - Indicator Removal on Host, T1071.001 - Web Protocols, T1071.002 - File Transfer Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1074 - Data Staged, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1088 - Bypass User Account Control, T1089 - Disabling Security Tools, T1091 - Replication Through Removable Media, T1094 - Custom Command and Control Protocol, T1095 - Non-Application Layer Protocol, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1106 - Native API, T1107 - File Deletion, T1110.002 - Password Cracking, T1112 - Modify Registry, T1114 - Email Collection, T1119 - Automated Collection, T1120 - Peripheral Device Discovery, T1129 - Shared Modules, T1132 - Data Encoding, T1133 - External Remote Services, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1155 - AppleScript, T1158 - Hidden Files and Directories, T1176 - Browser Extensions, T1179 - Hooking, T1183 - Image File Execution Options Injection, T1185 - Man in the Browser, T1189 - Drive-by Compromise, T1203 - Exploitation for Client Execution, T1204 - User Execution, T1210 - Exploitation of Remote Services, T1215 - Kernel Modules and Extensions, T1218 - Signed Binary Proxy Execution, T1428 - Exploit Enterprise Resources, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1457 - Malicious Media Content, T1485 - Data Destruction, T1491 - Defacement, T1497 - Virtualization/Sandbox Evasion, T1505.001 - SQL Stored Procedures, T1518.001 - Security Software Discovery, T1518 - Software Discovery, T1543 - Create or Modify System Process, T1547 - Boot or Logon Autostart Execution, T1553.002 - Code Signing, T1553 - Subvert Trust Controls, T1559 - Inter-Process Communication, T1560 - Archive Collected Data, T1562.003 - Impair Command History Logging, T1562 - Impair Defenses, T1563 - Remote Service Session Hijacking, T1564 - Hide Artifacts, T1566 - Phishing, T1568.002 - Domain Generation Algorithms, T1568 - Dynamic Resolution, T1573 - Encrypted Channel, T1574.002 - DLL Side-Loading, T1574 - Hijack Execution Flow, T1583.001 - Domains, T1583.005 - Botnet, T1583 - Acquire Infrastructure, T1584.005 - Botnet, T1595 - Active Scanning, T1598 - Phishing for Information, TA0002 - Execution, TA0003 - Persistence, TA0004 - Privilege Escalation, TA0005 - Defense Evasion, TA0006 - Credential Access, TA0007 - Discovery, TA0008 - Lateral Movement, TA0009 - Collection, TA0011 - Command and Control, TA0034 - Impact, TA0040 - Impact

Geographic Location

Country

France

City

Billom

Region

Auvergne-Rhone-Alpes

Coordinates

45.7268, 3.3359

Network Information

ASN

AS3215

Organization

Orange

Network

AS3215 Orange

Country: France
Network:
Noticed: 50 times
Protocols Attacked: Anonymous Proxy
Countries Attacked: Australia, Belgium, Brazil, Canada, Chile, China, Germany, Guatemala, Hong Kong, Hungary, Ireland, Japan, Kenya, Luxembourg, Mexico, Moldova Republic of, Morocco, Netherlands, Peru, Poland, Russian Federation, Singapore, Slovakia, Spain, Taiwan, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America, Virgin Islands British
Passive DNS Results: lfbn-cle-1-1-12.w2-3.abo.wanadoo.fr

Disclaimer

This page contains threat intelligence information for the IPv4 address 2.3.0.12 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.