Dashboard🇪🇸 Spain82.223.114.243
ABUSE.MOM
THREAT REPORT

IP Threat Report
82.223.114.243

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-30 07:30:08
First seen: 2026-03-09 23:00:06
Last seen: 2026-03-09 23:00:06
130

⛔ Verdict: BLOCK

This IP address has been classified as a source of malicious automated activity. Threat score: 130/100. Total malicious requests observed: 2.

DANGER_PATH
01

Geolocation & Classification

IP Address
82.223.114.243
Type
Residential
Country
🇪🇸 Spain
City
Madrid
ISP
arsys.es
Organization
Unknown
Autonomous System
AS8560 IONOS SE
Hit Count
2
02

Detection Signatures

SignatureDescriptionPointsSeverity
Danger strong hits: 4High-risk paths: shells, RCE vectors, exploits+100
Danger medium hits: 3Medium-risk: admin panels, config files+30
Σ = 130
03

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]
GET
/
200
Requests shown: 1 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

04

Timeline

2026-03-09 23:00:06
First malicious request detected
IP entered monitoring from server access logs
During observation
Multiple detection signatures triggered
Danger strong hits: 4 (+100), Danger medium hits: 3 (+30)
2026-03-09 23:00:06
Last malicious request observed
Total score reached: 130/100
Next cycle
IP blocked — all subsequent requests denied (HTTP 403)
Added to blocklist automatically
05

Network Provider

arsys.es
AS8560 · 🇪🇸 Spain
06

Recommendations

Actions taken & recommended

  • IP 82.223.114.243 is blocked at application level (HTTP 403)
  • Consider blocking at firewall level (iptables/CSF) to reduce server load
  • Report abuse to the network provider via their abuse contact
  • Ensure sensitive files (.env, .git, backups) are not accessible from the web

⚙️ Defensive Recommendations

Block 82.223.114.243 at the network perimeter. Implement defense-in-depth combining IP blocking with application-layer protections.

08

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (11)
PortServiceRiskDescription
22SSHLowSecure Shell — common brute force target for remote access
25SMTPMediumSMTP mail server — can be abused for spam relay
80HTTPLowHTTP web server — standard web traffic
110POP3LowService on port 110
143IMAPLowService on port 143
443HTTPSLowHTTPS web server — encrypted web traffic
465UnknownLowService on port 465
587UnknownLowService on port 587
993IMAPSLowService on port 993
995POP3SLowService on port 995
8443HTTPS-AltLowService on port 8443
KNOWN VULNERABILITIES (CVE) (30)
CVE IDLink
CVE-2020-14145NVD →
CVE-2023-51767NVD →
CVE-2025-26465NVD →
CVE-2017-8923NVD →
CVE-2022-4900NVD →
CVE-2007-3205NVD →
CVE-2023-51385NVD →
CVE-2024-3566NVD →
CVE-2023-38408NVD →
CVE-2022-31629NVD →
CVE-2008-3844NVD →
CVE-2007-2768NVD →
CVE-2016-20012NVD →
CVE-2018-15473NVD →
CVE-2022-37454NVD →
CVE-2018-20685NVD →
CVE-2023-48795NVD →
CVE-2025-32728NVD →
CVE-2013-2220NVD →
CVE-2024-5458NVD →
CVE-2022-31628NVD →
CVE-2021-41617NVD →
CVE-2020-15778NVD →
CVE-2019-6109NVD →
CVE-2018-15919NVD →
+5 more

🔴 This host has 30 known CVEs associated with its exposed services. This volume strongly suggests severely outdated software. Review each CVE in the NVD database.

DETECTED TECHNOLOGIES
postfix:postfixphp:php:7.3.33openbsd:openssh:7.4f5:nginx
Hostnames: social2wifi.shopnanabeltran.es
PTR: social2wifi.shop

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

09

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

⛔ LISTED
Spamhaus ZEN

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

10

Threat Analysis

82.223.114.243 has been assigned a threat score of 130/100 (Critical). This places it in the critical threat category. Immediate blocking is strongly advised across all network perimeters.

📊 Threat Analysis

The address 82.223.114.243 originates from Madrid, Spain, operating on the network of arsys.es. It was identified through automated analysis of incoming network traffic across monitored endpoints. Over a period of 1 days, this IP generated 2 malicious requests, averaging approximately 2 requests per day. The address is classified as residential, meaning it likely belongs to an end-user ISP connection. Malicious activity from residential IPs typically indicates device compromise or botnet membership. With a threat score of 130/100, this IP is among the most dangerous addresses in our database. Immediate and complete blocking is strongly recommended.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

11

Related Threats

🇪🇸 Top threats from Spain

82.223.49.50 (130)93.93.112.98 (100)82.223.30.175 (85)217.160.225.18 (68)217.160.155.217 (68)View all →

🏢 Same network: AS8560

87.106.147.24 (280)87.106.213.199 (265)31.70.90.11 (263)87.106.187.36 (220)66.179.255.119 (215)View all →
12

Security Intelligence

💡 WordPress-Specific Attack Vectors

WordPress sites face constant automated attacks targeting xmlrpc.php for brute force amplification, wp-login.php for credential theft, and vulnerable plugins for remote code execution. Over 90% of CMS-based attacks specifically target WordPress installations.

💡 Threat Intelligence Sharing Frameworks

Standards like STIX/TAXII, MISP, and OpenIOC enable automated sharing of threat intelligence between organizations. Collective defense through shared indicators, tactics, and procedures strengthens the entire security community against common threats.

🔍 Check Any IP Address

Share this report:
AboutDisclaimerTermsAbuse Reports Tracker
Report generated 30.05.2026 07:30
Behave or get exposed