IOC Radar
IPMediumSignal 0/100

4.2.2.2

Location
United StatesUnited States
Independence, Kansas
ASN
AS3356
Level 3, LLC
First Seen
Feb 23, 2022
Last Seen
Jan 28, 2026
Feb 23
First Seen
1570d ago
Jan 28
Last Seen
135d ago
2
Reports
source reports
0%
Confidence
medium
Found in 2 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
0%
Signal Score
0 / 100
IDS Rule
No
Threat Context
Tags

Network Information

CountryUSUnited States
RegionIndependence, Kansas
ASNAS3356
OrganizationLevel 3, LLC

Feed Intelligence Summary

2 reports0% confidence
2
Source reports
0%
Confidence score
Category tags
indicatornetworkresearched

Activity Timeline

1 total obs
Jan 28Jan 28

Threat Activity Heatmap

· Peak: 2026-01-28
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), identified as `4.2.2.2`, has been thoroughly assessed and is categorized as benign. With a score of 0.0 and an explicit "Yes" whitelist status, this IP address poses no immediate threat to organizational security. Its inclusion in certain threat intelligence feeds primarily reflects its common use as a public DNS resolver rather than any malicious association. Therefore, its presence in network logs or security tools does not indicate hostile behavior or compr…

Threat ScoreLow Risk
0
SIGNAL
Signal Score
0%
Confidence
2
Reports
First seenFeb 23, 2022
Last seenJan 28, 2026
GeolocationUS
CountryUnited States
LocationIndependence, Kansas
ASNAS3356
OrgLevel 3, LLC
Coords32.7831, -96.8065

VirusTotal

Not checked

WHOIS

description
AHS Endpoint SCANID: S-Phu25Pdtc6Q Thor Lite Scan (Custom Rules)
raw
NetRange: 4.0.0.0 - 4.127.255.255 CIDR: 4.0.0.0/9 NetName: LVLT-ORG-4-8 NetHandle: NET-4-0-0-0-1 Parent: NET4 (NET-4-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Level 3 Parent, LLC (LPL-141) RegDate: 1992-12-01 Updated: 2019-07-17 Ref: https://rdap.arin.net/registry/ip/4.0.0.0 OrgName: Level 3 Parent, LLC OrgId: LPL-141 Address: 100 CenturyLink Drive City: Monroe StateProv: LA PostalCode: 71203 Country: US RegDate: 2018-02-06 Updated: 2024-06-17 Comment: USAGE OF IP SPACE MUST COMPLY WITH OUR ACCEPTABLE USE POLICY: Comment: https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html Comment: Comment: ADDRESSES COVERED BY THIS ORG-ID ARE NON-PORTABLE ANY ISP ANNOUNCING OR TRANSITING PORTIONS WITHIN OUR RANGES SHOULD NOT RELY ON PRESENTED LOA'S OR OLD WHOIS UNLESS THOSE RANGES ARE ALSO ACTIVELY DIRECTLY ANNOUNCED TO A LUMEN ASN. WITH ALL LOA'S THESE CONDITIONS APPLY: Comment: Comment: 1. You are permitted to route the Lumen IP prefixes listed via Public BGP to your alternate ISP from the designated ASN. Any other ASN originating the prefix listed is forbidden. Comment: 2. The Lumen IP prefixes listed can be routed via Public BGP to your alternate ISP as long as you remain an active customer with Lumen and continue to route the prefixes over at least one Lumen Internet circuit without significant traffic engineering. Comment: 3. Should your Internet services with Lumen be discontinued, Lumen reserves the right to have your alternate ISP terminate the routing of the Lumen IP prefixes without advanced notification, should you fail to do so. Comment: 4. All IP Addresses assigned or allocated by Lumen to an end-user (customer or ISP) shall be considered non-portable and will be reclaimed by Lumen upon service termination. Comment: 5. Lumen reserves the right to conduct audits to ensure the LOA conditions are being met. Comment: 6. Usage of IP space must comply with our AUP https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html Comment: Comment: Our looking glass is located at: https://lookingglass.centurylink.com/ Comment: Comment: For subpoena or court order please fax 844.254.5800 or refer to our Trust & Safety page: Comment: https://www.lumen.com/en-us/about/legal/trust-center/trust-and-safety.html Comment: Comment: For abuse issues, please email [email protected] Comment: All abuse reports MUST include: Comment: * src IP Comment: * dest IP (your IP) Comment: * dest port Comment: * Accurate date/timestamp and timezone of activity Comment: * Intensity/frequency (short log extracts) Comment: * Your contact details (phone and email) Comment: Without these we will be unable to identify the correct owner of the IP address at that point in time. Ref: https://rdap.arin.net/registry/entity/LPL-141 OrgAbuseHandle: LAC56-ARIN OrgAbuseName: L3 Abuse Contact OrgAbusePhone: +1-877-453-8353 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/LAC56-ARIN OrgRoutingHandle: RPKIR-ARIN OrgRoutingName: RPKI-ROA OrgRoutingPhone: +1-877-886-6515 OrgRoutingEmail: [email protected] OrgRoutingRef: https://rdap.arin.net/registry/entity/RPKIR-ARIN OrgTechHandle: APL7-ARIN OrgTechName: ADMIN POC LVLT OrgTechPhone: +1-877-453-8353 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/APL7-ARIN
references
https://www.virustotal.com/gui/collection/7eaf72c6d83e1a53843e882b3139de2f1adfb0694d941fc25711382f04550194/summary, https://www.virustotal.com/gui/collection/7eaf72c6d83e1a53843e882b3139de2f1adfb0694d941fc25711382f04550194/iocs, https://www.virustotal.com/graph/embed/g44bd45d852dc47059636e6dd4313a995ae2d247fe58745a6b270b46d0b330b39?theme=dark, https://viz.greynoise.io/analysis/5ba1fbf1-b14f-4ccb-b055-ed78f6154e51, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/67ab2665782e1dfbf8ec2d3c, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/681f8d9a33510abd7f7cb089 - Readable Strings, https://www.hybrid-analysis.com/sample/f6263e96056bbb4e0b750fea1d4aa466f39f52c6052ad42084d4371273d5d264, https://www.hybrid-analysis.com/sample/f6263e96056bbb4e0b750fea1d4aa466f39f52c6052ad42084d4371273d5d264/682236230d2a1dace50cac79, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/681f8d9c33510abd7f7cb0cc - EXIF Data, https://app.malcore.io/share/652553f6aec33d70a1dbbd25/681f8d8933510abd7f7caf8a - YARA Rules, https://public-dns.info/

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 4 years ago · Last seen 4 months ago
Appeared in 2 threat reports