130.12.180.108 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 130.12.180.108 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036.006 - Space after Filename, T1059.001 - PowerShell, T1071.001 - Web Protocols, T1071 - Application Layer Protocol, T1078 - Valid Accounts, T1090 - Proxy, T1102 - Web Service, T1110 - Brute Force, T1140 - Deobfuscate/Decode Files or Information, T1195.002 - Compromise Software Supply Chain, T1547.001 - Registry Run Keys / Startup Folder, T1555.003 - Credentials from Web Browsers, T1573 - Encrypted Channel, T1583.006 - Web Services, T1585 - Establish Accounts, T1586 - Compromise Accounts, T1595 - Active Scanning

• Tags: 2026-01, 2026-02, adb, Adbhoney, android, Automated, auto-updated, blacklist, blocked-ips, botnet, bruteforce, cisco, conpot, cowrie, digital ocean, dionaea, dropper, dugganusa, elasticpot, email, fatt, github, heralding, honeytrap, infostealer, ipphoney, isp-reputation, LAMP, LummaStealer RedLine…, mailoney, malicious, Malicious IP, mirai, mitre-attack, OpenCTI, p0f, pattern-32, pattern-38, portscan, Redisrhadamanthys, scan, scanner, scanners, sensor-tagged, sentrypeer, sftp, sip, ssh, ssl-enrichment, stealc, stix-2.1, supply-chain, suricata, tanner, tcp, telnet, threat-intelligence, tpot, vultr

• View other sources: Spamhaus VirusTotal

• Country: Canada
• Network:
• Noticed: 50 times
• Protocols Attacked: portscan
• Passive DNS Results: cyber-reborn.com

Malware Detected on Host

Count: 32 5b71a0fa3b5762d926cd0b4010539dc471362aeb454873ae0da6bf7e15f3e385 b275fe8b2b0be19dd4d5d20a5620670ce15d165480881743505b91d680e34d58 484cdabd18489e435b7391fd5a9c43d1b658ab37a94efa1398efe31bab9c3f30 b4811f5f075acbe9bda16a8b5ea29896ba145c3a8f134ab77adff8d4f2b419e0 65904dae1c7c71e82af385cdab6dc9187af9aca724be0a47b415faec1f2bd771 60a26b1653b9bf9c3e62fc5a431ae3b9c1817dbed06a3449856ae3f52232dffc fff04a50cf02703cadc4d7f7fbd32ea9f94cbb5bb31a9d836a17ef31f8ba559e 16abf75d8d9f192bea2b91dcb53e309df5cb17ed8baeb633ec8aa775c619f455 5d92de8b0bfb73af84a9b9e253a13581e5b9834028e8c14555ddddf83c8e709e 8818a7b3fcd28598c2ae08001bb16e1305f08fdcdd9bf346031f72eb4d48e781

Open Ports Detected

3389

Map

Whois Information

• NetRange: 130.12.180.0 - 130.12.183.255
• CIDR: 130.12.180.0/22
• NetName: PRIVATE-NETWORK
• NetHandle: NET-130-12-180-0-1
• Parent: NET130 (NET-130-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Netiface LLC (NL-846)
• RegDate: 2025-10-08
• Updated: 2025-12-20
• Comment: PRIVATE-NETWORK
• Ref: https://rdap.arin.net/registry/ip/130.12.180.0
• OrgName: Netiface LLC
• OrgId: NL-846
• Address: 6844 Bardstown Rd
• City: Louisvile
• StateProv: KY
• PostalCode: 40291
• Country: US
• RegDate: 2024-04-05
• Updated: 2025-05-18
• Ref: https://rdap.arin.net/registry/entity/NL-846
• OrgAbuseHandle: NETIF2-ARIN
• OrgAbuseName: Netiface NOC
• OrgAbusePhone: +1-216-245-7465
• OrgAbuseEmail: abuse@abusehandler.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NETIF2-ARIN
• OrgTechHandle: NETIF2-ARIN
• OrgTechName: Netiface NOC
• OrgTechPhone: +1-216-245-7465
• OrgTechEmail: abuse@abusehandler.net
• OrgTechRef: https://rdap.arin.net/registry/entity/NETIF2-ARIN
• NetRange: 130.12.180.0 - 130.12.180.255
• CIDR: 130.12.180.0/24
• NetName: LANEDONET
• NetHandle: NET-130-12-180-0-2
• Parent: PRIVATE-NETWORK (NET-130-12-180-0-1)
• NetType: Reassigned
• OriginAS:
• Organization: Virtualine Technologies (SITL-8)
• RegDate: 2025-12-19
• Updated: 2026-03-11
• Comment: Geofeed: https://omegatech.sc/geofeed.csv
• Comment: Abuse email: abuse@virtualine.org
• Ref: https://rdap.arin.net/registry/ip/130.12.180.0
• OrgName: Virtualine Technologies
• OrgId: SITL-8
• Address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ
• City: London
• StateProv:
• PostalCode: WC2H 9JQ
• Country: GB
• RegDate: 2024-09-05
• Updated: 2024-09-11
• Comment: Report your complaint:
• Comment: abuse@virtualine.org
• Ref: https://rdap.arin.net/registry/entity/SITL-8
• OrgTechHandle: VAD36-ARIN
• OrgTechName: VIRTUALINE ABUSE DEPARTMENT
• OrgTechPhone: +447458164463
• OrgTechEmail: abuse@virtualine.org
• OrgTechRef: https://rdap.arin.net/registry/entity/VAD36-ARIN
• OrgAbuseHandle: VAD36-ARIN
• OrgAbuseName: VIRTUALINE ABUSE DEPARTMENT
• OrgAbusePhone: +447458164463
• OrgAbuseEmail: abuse@virtualine.org
• OrgAbuseRef: https://rdap.arin.net/registry/entity/VAD36-ARIN