IPLowSignal 0/100
202.12.27.33
Location
JapanFujisawa, Kanagawa
ASN
AS7500
WIDE
First Seen
May 11, 2023
Last Seen
May 6, 2026
May 11
First Seen
1129d ago
May 6
Last Seen
38d ago
2
Reports
source reports
0%
Confidence
low
0/91
VirusTotal
detections
Found in 2 reports. Confidence: low. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags
Network Information
CountryJapan
JapanRegionFujisawa, Kanagawa
ASNAS7500
OrganizationWIDE
Feed Intelligence Summary
2 reports0% confidence
2
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched
Activity Timeline
May 6May 6
Threat Activity Heatmap
· Peak: 2026-05-06LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated
This indicator, an IPv4 address identified as 202.12.27.33, has been thoroughly reviewed and categorized with a low-risk profile. Its 'Whitelisted' status and an exceptional score of 0.0 unequivocally confirm that it does not currently pose a threat to our systems or data. This classification indicates that the IP address is considered benign and is not associated with any malicious activity or known cyber campaigns. While it appears in general threat intelligence feeds, these entries are primar…
Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
2
Reports
First seenMay 11, 2023
Last seenMay 6, 2026
GeolocationJP
CountryJapan
LocationFujisawa, Kanagawa
ASNAS7500
OrgWIDE
Coords35.6897, 139.6895
WHOIS
- raw
- inetnum: 202.12.27.0 - 202.12.27.255 netname: NSPIXP-2 descr: root DNS server country: JP org: ORG-WA3-AP admin-c: AK3 tech-c: AK3 abuse-c: AW907-AP status: ASSIGNED PORTABLE mnt-by: APNIC-HM mnt-routes: MAINT-JP-WIDE mnt-irt: IRT-WIDE-JP last-modified: 2020-06-22T05:50:44Z source: APNIC irt: IRT-WIDE-JP address: Keio University address: 5322 Endo Fujisawa 252-8520 e-mail: [email protected] abuse-mailbox: [email protected] admin-c: JM46-AP tech-c: AK27-AP auth: # Filtered remarks: [email protected] was validated on 2025-03-02 remarks: [email protected] was validated on 2025-06-26 mnt-by: MAINT-JP-WIDE last-modified: 2025-06-26T01:16:35Z source: APNIC organisation: ORG-WA3-AP org-name: WIDE org-type: LIR country: JP address: Murai Lab Keio University address: 5322 Endo, Fujisawa-shi phone: +81-466-49-3529 fax-no: +81-466-49-1101 e-mail: [email protected] mnt-ref: APNIC-HM mnt-by: APNIC-HM last-modified: 2023-09-05T02:14:46Z source: APNIC role: ABUSE WIDEJP country: ZZ address: Keio University address: 5322 Endo Fujisawa 252-8520 phone: +000000000 e-mail: [email protected] admin-c: JM46-AP tech-c: AK27-AP nic-hdl: AW907-AP remarks: Generated from irt object IRT-WIDE-JP remarks: [email protected] was validated on 2025-03-02 remarks: [email protected] was validated on 2025-06-26 abuse-mailbox: [email protected] mnt-by: APNIC-ABUSE last-modified: 2025-06-26T01:17:11Z source: APNIC person: Akira Kato address: Keio University address: Graduate School of Media Design address: 4-1-1 Hiyoshi, Kohoku, Yokohama 223-8526 country: JP phone: +81 45 564 2490 fax-no: +81 45 564 2503 e-mail: [email protected] nic-hdl: AK3 mnt-by: MAINT-JP-WIDE last-modified: 2013-08-24T00:01:43Z source: APNIC route: 202.12.27.0/24 origin: AS7500 descr: WIDE Murai Lab Keio University 5322 Endo, Fujisawa-shi mnt-by: MAINT-JP-WIDE last-modified: 2017-09-05T00:52:23Z source: APNIC
- references
- palantirfoundry.com • https://edenglobalpartners.palantirfoundry.com/, 247seekscenter.com • ns-1986.awsdns-56.co.uk: | 365-notifcation.com, ETPRO TROJAN Win32/Oderoor Checkin • ET INFO DYNAMIC_DNS Query to *.dyndns. Domain, Domain ET WEB_CLIENT SUSPICOUS Possible automated connectivity check (www.google.com), ET POLICY Internal Host Retrieving External IP via ipchicken.com - Possible Infection, platform.twitter.co • rm.twitter.co • upload.twitter.co • http://2fsyndication.twitter.co/, http://legal.twitter.co • http://mobile.twitter.co/, ec2-44-228-94-74.us-west-2.compute.amazonaws.com • defender.palantirfoundry.com, https://embaxter.palantirfoundry.com • https://amgistudios.palantirfoundry.com, https://ametrine-containers.palantirfoundry.com • https://amfp.palantirfoundry.com, https://ameteklms.palantirfoundry.com • https://ametrine-compute.palantirfoundry.com, https://amiable-constellation.palantirfoundry.com • https://amplifi.palantirfoundry.com, https://oscar.palantirfoundry.com/ • https://replica.palantirfoundry.com/, https://statemed.palantirgov.com/workspace/settings/notifications • https://cchbc.palantirfoundry.com, https://test-1.washington.palantircloud.com • https://tarn.palantirgov.com • https://stateplatform.palantirgov.com, https://imperium-dev-1.palantircloud.com • https://hii.palantirgov.com • https://genoa.washington.palantircloud.com, tsystems.palantirfoundry.com • https://statemed.palantirgov.com • https://statecms.palantirgov.com, https://replica.palantirfoundry.com/ • https://spacejam.palantirfoundry.com/ •, https://pl.pornhub.mrst.one/ • hotamateurpornsite.xxx • squirting.porn • https://de-pornhub.mrst.one/, Hostname: hcl-dna-sandbox.palantirfoundry.com, https://www.hyundaitx.com/, ETPRO TROJAN Win32/Tofsee.AX google.com connectivity check, https://remote.downloadnow-1.com/, Alerts: injection_runpe deletes_self persistence_autorun stealth_file antivirus_virustotal infostealer_ftp, Alerts: infostealer_mail network_smtp persistence_ads recon_programs injection, Monitored Target - Spawned process "iexplore.exe" w/commandline "SCODEF:5860 CREDAT:275457 /prefetch:2" (Show Process) source, Monitored Target: Queries DNS server details "www.hyundaitx.com" source Network Traffic T1071.004, Palantir/ Hyuandi coexist | Confirmed Targets transportation was a Hyuandi SUV |, ipad-steals-app-ideas_1_.jpg - MD5 6dd66b729a649dec250b24533a58a996, https://www.virustotal.com/graph/g03fce3ad62f74ad59bbcda71bfdde96da39417641c9a470f99adfa9b14a7724c, trojan.vtflooder/vflooder FileHash-SHA256 e8d7208330c634fad06d1b12bfea92435cdd7e63d01fde5ed8f3493b9deefad4, Crowdsourced IDS rules: Matches rule MALWARE-CNC Win.Trojan.Occamy variant outbound connection, Crowdsourced IDS rules: Matches rule ET INFO Generic HTTP EXE Upload Outbound, Crowdsourced IDS rules: Matches rule (stream_tcp) data sent on stream not accepting data, Crowdsourced YARA rules: Matches rule UPX from ruleset UPX by kevoreilly, https://fixupx.com/Yoda4ever/status/1819058165264404527, Malicious IP: 1.3.6.1 ASNone Generic.Malware has also been named in ransomware and other highly malicious attacks., http://borpatoken.com/ borpatoken.com, Sourced: https://twitter.com/ootiosum/status/1812208222150726029a4dmHAxV0M0QIHawADl4Qr4kDegUI-QEQAA&usg=AOvVaw37yALadqlgoR9_xlQ5B4Hm, This IP carried out Apache Log4j RCE attempt(s) (also known as CVE-2021-44228 or Log4Shell). @parthmaniar on Twitter, For more information, or to report interesting/incorrect findings, give me a shoutout on @parthmaniar on Twitter., analytics.x.com | https://analytics.x.com | https://localhost.twitter.com:3443, X Vercel Servers, FileHash-MD5: b7e1dc2c46a9b972943a08b09c4dd6db, FileHash-SHA1: d20959337b099526ed5250b60d9250ab865a7c6c, FileHash-SHA256: 7b749ef9d91c1f0fe7513ece148409f2254317be8b0487603a2b333ebbb927ae, Yara: RansomWin32Betisrypt , TrojanClickerWin32NightClick , TrojanDropperWin32Jscrpt , TrojanWin32Notepices TrojanClickerWin32NightClick, apple.twitter.com | https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js | vine.co | appleid.cdn-apple.com, Vtapi: scanter.comwww.twitter.comx.com, IDS Detections: ETPRO TROJAN Possible Win32/Zbot.AHJ CnC Traffic ET SMTP Abuseat.org Block Message, IDS Detections: ET TROJAN Pushdo v3 Checkin ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain, Crypt3.BWVY: FileHash-SHA256 9235583481d06530ef1ce04fa4f9a3bf3b6735dcdef0486cf6181c7868c9c249, Crypt3.BWVY: FileHash-SHA1 4c60cf6b7e2981f1c05c5a34f880c6020923014c, Crypt3.BWVY: FileHash-MD5 947f28c8ab697548aca370c080187e6e
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
lowFirst detected 3 years ago · Last seen 1 month ago
Appeared in 2 threat reports