192.3.194.242 Threat Intelligence and Host Information

May 25, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 192.3.194.242 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

Tags: anna paula, associated, currc3adculo, cyber security, from email, headers, ioc, malicious, malspam email, msi file, Nextray, phishing, tuesday, utf8, zip archive
View other sources: Spamhaus VirusTotal

Country: United States
Network:
Noticed: 50 times
Protocols Attacked: SSH
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: www.mail.ysl-3.duckdns.org www.mail.ysl-2.duckdns.org www.loook.ca loook.ca example.yatzu.net paiement-direct-securise.net avira.ydns.eu enprrollos.ydns.eu esetnode32-antiviru.ydns.eu cpcontacts.support-servaicess-inc.info cpcalendars.support-servaicess-inc.info support-servaicess-inc.info

Malware Detected on Host

Count: 14 49b339c906cfa35e84b6b6a6a956f206e7ab1477febe202593e0853f92e26001 cd2787294f72fd4d23f1ed35381c42e4f3b608cf0bdff7b0f82a82192df0fa37 65e648043d64fc6b2ca0a4ecf672c0a9657edeaa373aa3a2faa50ce64ce2119d cc75b9218ff8aa79d6d6592db16849f066ecd6a6e7768682cc6922f91b584a7d 818b954a5238f63a0b5218f42de2c63c6dd54ee3e44db0882598d4e3dbc13ded f8aa63757d88b373438742dde6dc84386765866b8935d47e71704a93febcee74 c6351d7b4633c50099e89576b0f9d767bee68b23e30a170db99ed308c2faac29 0186659c5c5a9973eaa09d2c7caddced909a985d259b6a4aec5816636cc06658 4a67cc05b5f45a774fafb1da0a0e8ac0f3839a0b520c0b2346bbeeace304aa77 f7531173cfb1295eb071081c501ce1c8f3273576edab78ae993a18ce2abc0674

Map

Whois Information

NetRange: 192.3.0.0 - 192.3.255.255
CIDR: 192.3.0.0/16
NetName: CC-15
NetHandle: NET-192-3-0-0-1
Parent: NET192 (NET-192-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS36352
Organization: HostPapa (HOSTP-7)
RegDate: 2013-06-07
Updated: 2024-02-02
Comment: Geofeed https://geofeeds.oniaas.io/geofeeds.csv
Ref: https://rdap.arin.net/registry/ip/192.3.0.0
OrgName: HostPapa
OrgId: HOSTP-7
Address: 325 Delaware Avenue
Address: Suite 300
City: Buffalo
StateProv: NY
PostalCode: 14202
Country: US
RegDate: 2016-06-06
Updated: 2024-04-26
Ref: https://rdap.arin.net/registry/entity/HOSTP-7
OrgAbuseHandle: NETAB23-ARIN
OrgAbuseName: NETABUSE
OrgAbusePhone: +1-905-315-3455
OrgAbuseEmail: net-abuse-global@hostpapa.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN
OrgTechHandle: NETTE9-ARIN
OrgTechName: NETTECH
OrgTechPhone: +1-905-315-3455
OrgTechEmail: net-tech-global@hostpapa.com
OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN
RAbuseHandle: NETAB27-ARIN
RAbuseName: NETABUSE-COLOCROSSING
RAbusePhone: +1-800-518-9716
RAbuseEmail: abuse@colocrossing.com
RAbuseRef: https://rdap.arin.net/registry/entity/NETAB27-ARIN
RTechHandle: NETTE11-ARIN
RTechName: NETTECH-COLOCROSSING
RTechPhone: +1-800-518-9716
RTechEmail: support@colocrossing.com
RTechRef: https://rdap.arin.net/registry/entity/NETTE11-ARIN

Links to attack logs

****** ****** bruteforce-ip-list-2021-03-17 bruteforce-ip-list-2021-03-10 ****** ******

Share on: