192.3.80.137 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 192.3.80.137 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Tags: cyber security, ioc, malicious, Nextray, phishing

• JARM: 3fd3fd0003fd3fd21c42d42d000000307ee0eb468e9fdb5cfcd698a80a67ef

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network: AS36352 colocrossing
• Noticed: 30 times
• Protocols Attacked: telnet
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: 456.yanglia123.top us1.thefrostmu.xyz chingchong.xyz costco-redeem-annual-membership-reward.ca wocggu.xyz

Malware Detected on Host

Count: 11 a109dbb6f8a3aab39f57b63b736d9ec73577017ffffe1fae684846965db3f814 f357595ccdcd182f96f1b83c5d498fcd1e7fad3efe434528da38a7107fc8edc3 7d8edbe5bcb4386a3884d177ffb84b2ba93b7488a75a22f54494ee676d22b9c2 a30497860048822a87d2d7bb2fa4898a41b052d5484f65025e5ef7d91210486f b76ea533fe5dc244555ff5304d5ee0e88e8724b36acd17f178ca323eeedf4244 fc2157346682a050b26c1db9bd48ec3de76ca956452663d0c1300cb86abd2f66 940693a9f1a5cf08320b2e14421b985e749f9baedb47d1b8b6e9c1d017f2cfc2 acae94e95db9b8735d265257614dc64e5865a86676afda1055611461017265be 2322ea3c3da9fab338f8b2bd84f72a899a8e59990a51224b59f5ba32866da17a e7691ba122cfa29e37bad92ed12600f9022ac7ea698f0771fd2e71923a8ee882

Open Ports Detected

443 80 8888

Map

Whois Information

• NetRange: 192.3.0.0 - 192.3.255.255
• CIDR: 192.3.0.0/16
• NetName: CC-15
• NetHandle: NET-192-3-0-0-1
• Parent: NET192 (NET-192-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS36352
• Organization: HostPapa (HOSTP-7)
• RegDate: 2013-06-07
• Updated: 2024-02-02
• Comment: Geofeed https://geofeeds.oniaas.io/geofeeds.csv
• Ref: https://rdap.arin.net/registry/ip/192.3.0.0
• OrgName: HostPapa
• OrgId: HOSTP-7
• Address: 325 Delaware Avenue
• Address: Suite 300
• City: Buffalo
• StateProv: NY
• PostalCode: 14202
• Country: US
• RegDate: 2016-06-06
• Updated: 2024-04-26
• Ref: https://rdap.arin.net/registry/entity/HOSTP-7
• OrgTechHandle: NETTE9-ARIN
• OrgTechName: NETTECH
• OrgTechPhone: +1-905-315-3455
• OrgTechEmail: net-tech-global@hostpapa.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN
• OrgAbuseHandle: NETAB23-ARIN
• OrgAbuseName: NETABUSE
• OrgAbusePhone: +1-905-315-3455
• OrgAbuseEmail: net-abuse-global@hostpapa.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN
• RAbuseHandle: NETAB27-ARIN
• RAbuseName: NETABUSE-COLOCROSSING
• RAbusePhone: +1-800-518-9716
• RAbuseEmail: abuse@colocrossing.com
• RAbuseRef: https://rdap.arin.net/registry/entity/NETAB27-ARIN
• RTechHandle: NETTE11-ARIN
• RTechName: NETTECH-COLOCROSSING
• RTechPhone: +1-800-518-9716
• RTechEmail: support@colocrossing.com
• RTechRef: https://rdap.arin.net/registry/entity/NETTE11-ARIN
• NetRange: 192.3.80.0 - 192.3.80.255
• CIDR: 192.3.80.0/24
• NetName: CC-192-3-80-0-24
• NetHandle: NET-192-3-80-0-1
• Parent: CC-15 (NET-192-3-0-0-1)
• NetType: Reassigned
• OriginAS: AS36352
• Organization: RackNerd LLC (RL-872)
• RegDate: 2022-12-19
• Updated: 2022-12-19
• Ref: https://rdap.arin.net/registry/ip/192.3.80.0
• OrgName: RackNerd LLC
• OrgId: RL-872
• Address: 10602 N. Trademark Pkwy Suite 511
• City: Rancho Cucamonga
• StateProv: CA
• PostalCode: 91730
• Country: US
• RegDate: 2021-10-20
• Updated: 2022-03-02
• Comment: https://www.racknerd.com
• Comment: Support is available 24x7 at support@racknerd.com
• Comment: Report abuse to: reportabuse@racknerd.com
• Ref: https://rdap.arin.net/registry/entity/RL-872
• OrgAbuseHandle: RAD128-ARIN
• OrgAbuseName: RackNerd Abuse Department
• OrgAbusePhone: +1-888-881-6373
• OrgAbuseEmail: reportabuse@racknerd.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/RAD128-ARIN
• OrgTechHandle: RACKN3-ARIN
• OrgTechName: RackNerd NOC
• OrgTechPhone: +1-888-881-6373
• OrgTechEmail: support@racknerd.com
• OrgTechRef: https://rdap.arin.net/registry/entity/RACKN3-ARIN

Links to attack logs

****** dotoronto-telnet-bruteforce-ip-list-2021-11-22 ****** ******