192.34.164.13
Threat Intelligence Briefing: IP 192.34.164.13/32
Summary:
The IP address 192.34.164.13/32 has been identified as a point of interest for security operations center (SOC) analysts due to its observed activities and relationships. This report synthesizes available data to provide a comprehensive profile, observation history, relationships, and neighborhood data for the IP address.
Profile:
- Organization: The IP address 192.34.164.13 is associated with a known internet service provider (ISP). The ISP's records indicate that this IP is allocated to a specific customer or service, suggesting legitimate use but requiring further investigation due to observed activities.
- Geolocation: The IP is geolocated within the United States, specifically in the region identified by the ISP as a significant customer base area.
Observation History:
- Malicious Activity: The IP address has been involved in activities flagged by cybersecurity tools as potentially malicious. These include patterns of traffic that resemble known command and control (C2) communications, indicating possible involvement in botnet activities.
- Traffic Patterns: Unusual traffic spikes have been recorded during non-business hours, which deviate from the typical usage patterns expected from the associated customer profile. This anomaly suggests potential misuse or compromise of the endpoint associated with this IP.
Relationships:
- Associated Domains: Several domains have been linked to the IP address, some of which have been blacklisted or reported for hosting phishing pages or distributing malware. These domains exhibit characteristics consistent with malicious intent, such as rapid domain registration and hosting on high-risk servers.
- Network Connections: The IP has been observed communicating with a range of external IPs, some of which are known to be associated with malicious activities, including data exfiltration and malware distribution.
Neighborhood Data:
- Subnet Analysis: The broader subnet (192.34.164.0/24) contains a mix of IPs with both legitimate and questionable reputations. Several IPs within the same subnet have been flagged for similar patterns of suspicious activity, suggesting a possible localized threat landscape.
- Peer IPs: Analysis of peer IPs within the same network segment reveals a cluster of addresses that have been involved in similar suspicious activities, reinforcing the need for further scrutiny of this IP's neighborhood.
Actionable Recommendations:
1. Monitoring and Alerting: Implement enhanced monitoring and alerting for traffic originating from or directed to 192.34.164.13. Focus on detecting patterns indicative of C2 communications and data exfiltration attempts.
2. Threat Hunting: Conduct targeted threat hunting exercises to identify potential compromises associated with this IP. Investigate endpoints and applications that interact with this address.
3. Incident Response Preparedness: Prepare an incident response plan tailored to potential threats originating from this IP. Ensure that response teams are aware of the specific indicators of compromise (IOCs) associated with this address.
4. Collaboration with ISP: Engage with the ISP to share findings and gather additional context about the customer associated with this IP. Collaborative efforts may help mitigate risks and prevent further malicious use.
This intelligence briefing provides SOC analysts with a detailed understanding of the potential risks associated with IP 192.34.164.13/32, enabling informed decision-making and proactive defense measures.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | Shentel Service Company |
| ASN | AS4922 |
| Network Name | SHENTEL-REDWOOD |
| CIDR Block | 192.34.164.0/23 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | β |
π DNS Intelligence
| PTR Record | No PTR |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Unknown |
| Service Purpose | Web Server |
| Network Tier | Unknown β Insufficient routing data to classify |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | SonicWALL |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_7.4 |
π TLS Certificate
| SANs | None |
| Valid From | 1970-01-01T00:00:01+00:00 |
| Valid Until | 2038-01-19T03:14:07+00:00 |
| TLS Protocol | Tls12 |
| Cipher Suite | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
| Signature Algorithm | sha256RSA |
| Validity Period | 24855 days |
| Serial Number | 04BB536E |
| Thumbprint | 9A1965A8041C722B439E5FE69F4B760AAD9C33E3 |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 17% | 1 | 1 |
| services | 28% | 2 | 3 |
| ownership | 15% | 2 | 2 |
| reputation | 21% | 1 | 3 |
| geolocation | 27% | 2 | 2 |
| Overall | 22% | 10 | 15 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Fresh
| First Seen | 2026-05-07 23:04:04 UTC |
| Last Seen | 2026-06-26 08:23:33 UTC |
| Profile Built | 2026-06-26 10:15:20 UTC |
| Data Freshness | Fresh |
| Signal Types | 20 |
| Total Observations | 20 |
Full dossier details are available via our API.