23.82.12.34 Threat Intelligence and Host Information
ipinfopage
General
This page contains threat intelligence information for the IPv4 address 23.82.12.34 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.
🟠 Elevated — 60/100
Geographic Location
Host and Network Information
- View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
- Country: United States
- Noticed: 15 times
- Protocols Attacked: SSH
- Open Ports: 1022, 443, 53, 80, 8080, 8444
- Tor Node: No
- Associated Malware Samples: 73
Tags
- accept
- agent
- alexa top
- all search
- artemis
- asyncrat
- attacker
- authority
- ave maria
- bambernek
- bambernek gen
- bank
- blacklist
- blacklist http
- body
- body length
- bradesco
- catalog file
- cisco umbrella
- citadel
- ck id
- class
- click
- cobalt strike
- communicating
- connection
- connections ip
- covid19
- critical
- cyber threat
- date
- detection list
- done adding
- emotet
- engineering
- error
- falcon sandbox
- files domain
- files related
- final url
- general
- generator
- headers
- hostname
- html info
- http
- httphttps
- http response
- hybrid
- imphash
- infy
- injector
- inmortal
- installcore
- ip address
- ip summary
- kb body
- kraken
- local
- look
- mail spammer
- main
- malicious
- malicious site
- malicious url
- maltiverse
- malware
- malware site
- matsnu
- meta tags
- million
- miner
- mirai
- mitre att
- mon oct
- name verdict
- nanocore
- netsky
- none file
- nymaim
- otx octoseek
- passive dns
- pattern match
- pehash
- phishing
- phishing site
- phishtank
- ponmocup
- pony
- pulse pulses
- pulses none
- pykspa
- qakbot
- quasar rat
- ramnit
- ransomware
- redline stealer
- refresh
- related tags
- restart
- root ca
- safe site
- sample
- samples
- scan endpoints
- server
- service
- sha1
- sha256
- show technique
- simda
- site
- span
- spyware
- ssl certificate
- status code
- stealer
- strings
- summary
- suppobox
- tag count
- team
- team malware
- team phishing
- temp
- threat report
- tinba
- title
- tools
- type textplain
- unique
- united
- unknown
- url http
- urls
- url summary
- vawtrak
- verify
- vph808
- whois
- whois record
- zbot
- zeus
MITRE ATT&CK TTPs
- T1027 - Obfuscated Files or Information
- T1059 - Command and Scripting Interpreter
- T1071 - Application Layer Protocol
- T1100 - Web Shell
- T1105 - Ingress Tool Transfer
- T1140 - Deobfuscate/Decode Files or Information
- T1560 - Archive Collected Data
Passive DNS
- 100flowers.com
Attack Log References
Whois Information
NetRange: 23.81.48.0 - 23.83.63.255
CIDR: 23.81.128.0/17, 23.82.0.0/16, 23.81.64.0/18, 23.83.0.0/18, 23.81.48.0/20
NetName: LU
NetHandle: NET-23-81-48-0-2
Parent: NET23 (NET-23-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Leaseweb USA, Inc. (LU)
RegDate: 2013-05-06
Updated: 2022-06-27
Ref: https://rdap.arin.net/registry/ip/23.81.48.0
OrgName: Leaseweb USA, Inc.
OrgId: LU
Address: 9480 Innovation Dr
City: Manassas
StateProv: VA
PostalCode: 20109
Country: US
RegDate: 2010-09-13
Updated: 2024-11-25
Comment: www.leaseweb.com
Ref: https://rdap.arin.net/registry/entity/LU
OrgTechHandle: LEASE-ARIN
OrgTechName: Leaseweb ARIN
OrgTechPhone: +1-571-814-3777
OrgTechEmail: netops@us.leaseweb.com
OrgTechRef: https://rdap.arin.net/registry/entity/LEASE-ARIN
OrgAbuseHandle: LUAD3-ARIN
OrgAbuseName: Leaseweb US abuse dept
OrgAbusePhone: +1-571-814-3777
OrgAbuseEmail: abuse@us.leaseweb.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/LUAD3-ARIN
OrgNOCHandle: LEASE-ARIN
OrgNOCName: Leaseweb ARIN
OrgNOCPhone: +1-571-814-3777
OrgNOCEmail: netops@us.leaseweb.com
OrgNOCRef: https://rdap.arin.net/registry/entity/LEASE-ARIN
NetRange: 23.82.8.0 - 23.82.15.255
CIDR: 23.82.8.0/21
NetName: LEASEWEB-USA-WDC-02-23-82-8-0
NetHandle: NET-23-82-8-0-1
Parent: LU (NET-23-81-48-0-2)
NetType: Reallocated
OriginAS:
Organization: Leaseweb USA, Inc. (LU)
RegDate: 2020-10-01
Updated: 2022-06-27
Comment: Please send all abuse notifications to the following email address: abuse@us.leaseweb.com. To ensure proper processing of your abuse notification, please visit the website www.leaseweb.com/abuse for notification requirements. All police and other government agency requests must be sent to subpoenas@us.leaseweb.com.
Ref: https://rdap.arin.net/registry/ip/23.82.8.0
OrgName: Leaseweb USA, Inc.
OrgId: LU
Address: 9480 Innovation Dr
City: Manassas
StateProv: VA
PostalCode: 20109
Country: US
RegDate: 2010-09-13
Updated: 2024-11-25
Comment: www.leaseweb.com
Ref: https://rdap.arin.net/registry/entity/LU
OrgTechHandle: LEASE-ARIN
OrgTechName: Leaseweb ARIN
OrgTechPhone: +1-571-814-3777
OrgTechEmail: netops@us.leaseweb.com
OrgTechRef: https://rdap.arin.net/registry/entity/LEASE-ARIN
OrgAbuseHandle: LUAD3-ARIN
OrgAbuseName: Leaseweb US abuse dept
OrgAbusePhone: +1-571-814-3777
OrgAbuseEmail: abuse@us.leaseweb.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/LUAD3-ARIN
OrgNOCHandle: LEASE-ARIN
OrgNOCName: Leaseweb ARIN
OrgNOCPhone: +1-571-814-3777
OrgNOCEmail: netops@us.leaseweb.com
OrgNOCRef: https://rdap.arin.net/registry/entity/LEASE-ARIN