192.3.80.137 Threat Intelligence and Host Information

Share on:
Apr 20, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Tags: Log4j Scanning Hosts, Nextray, agentemis, agentesla, agenttesla, alfonso stealer, alien, arkei stealer, arkeistealer, asyncrat, bashlite, bazarbackdoor, beacon, bladabindi, bokbot, breut, burkina, cloudeye, cobaltstrike, collectorgoomba, cowrie, cryptolaemus1, cyber security, darkcomet, dcrat, djvu, dofoil, fareit, flubot, fynloski, gafgyt, guloader, icedid, iceid, ioc, katana, keypass, kimsuky, level3, limerat, loki, lokibot, malicious, mirai, modiloader, nanocore, negasteal, netwire, netwire rc, njrat, parallax rat, parallaxrat, phishing, pinkslipbot, qakbot, qbot, quasarrat, raccoonstealer, racealer, recam, redline stealer, redlinestealer, redrum, remcos, remcosrat, sharik, siplog, smoke loader, snake, socelars, spymax, stealer, stop, strrat, telnet, tesla, thanos, trickbot, tycoon, virusdeck

  • View other sources: Spamhaus VirusTotal

  • Country: United States of America
  • Network: AS36352 colocrossing
  • Noticed: 12 times
  • Protcols Attacked: telnet
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: us1.thefrostmu.xyz chingchong.xyz costco-redeem-annual-membership-reward.ca wocggu.xyz

Malware Detected on Host

Count: 11 a109dbb6f8a3aab39f57b63b736d9ec73577017ffffe1fae684846965db3f814 f357595ccdcd182f96f1b83c5d498fcd1e7fad3efe434528da38a7107fc8edc3 7d8edbe5bcb4386a3884d177ffb84b2ba93b7488a75a22f54494ee676d22b9c2 a30497860048822a87d2d7bb2fa4898a41b052d5484f65025e5ef7d91210486f b76ea533fe5dc244555ff5304d5ee0e88e8724b36acd17f178ca323eeedf4244 fc2157346682a050b26c1db9bd48ec3de76ca956452663d0c1300cb86abd2f66 940693a9f1a5cf08320b2e14421b985e749f9baedb47d1b8b6e9c1d017f2cfc2 acae94e95db9b8735d265257614dc64e5865a86676afda1055611461017265be 2322ea3c3da9fab338f8b2bd84f72a899a8e59990a51224b59f5ba32866da17a e7691ba122cfa29e37bad92ed12600f9022ac7ea698f0771fd2e71923a8ee882

Open Ports Detected

22

Map

Whois Information

  • NetRange: 192.3.0.0 - 192.3.255.255
  • CIDR: 192.3.0.0/16
  • NetName: CC-15
  • NetHandle: NET-192-3-0-0-1
  • Parent: NET192 (NET-192-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS36352
  • Organization: ColoCrossing (VGS-9)
  • RegDate: 2013-06-07
  • Updated: 2013-06-07
  • Ref: https://rdap.arin.net/registry/ip/192.3.0.0
  • OrgName: ColoCrossing
  • OrgId: VGS-9
  • Address: 325 Delaware Avenue
  • Address: Suite 300
  • City: Buffalo
  • StateProv: NY
  • PostalCode: 14202
  • Country: US
  • RegDate: 2005-06-20
  • Updated: 2019-10-17
  • Ref: https://rdap.arin.net/registry/entity/VGS-9
  • OrgNOCHandle: NETWO882-ARIN
  • OrgNOCName: Network Operations
  • OrgNOCPhone: +1-800-518-9716
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN
  • OrgTechHandle: NETWO882-ARIN
  • OrgTechName: Network Operations
  • OrgTechPhone: +1-800-518-9716
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/NETWO882-ARIN
  • OrgAbuseHandle: ABUSE3246-ARIN
  • OrgAbuseName: Abuse
  • OrgAbusePhone: +1-800-518-9716
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3246-ARIN
  • NetRange: 192.3.80.0 - 192.3.80.255
  • CIDR: 192.3.80.0/24
  • NetName: CC-192-3-80-0-24
  • NetHandle: NET-192-3-80-0-1
  • Parent: CC-15 (NET-192-3-0-0-1)
  • NetType: Reassigned
  • OriginAS: AS36352
  • Organization: RackNerd LLC (RL-872)
  • RegDate: 2022-12-19
  • Updated: 2022-12-19
  • Ref: https://rdap.arin.net/registry/ip/192.3.80.0
  • OrgName: RackNerd LLC
  • OrgId: RL-872
  • Address: 10602 N. Trademark Pkwy Suite 511
  • City: Rancho Cucamonga
  • StateProv: CA
  • PostalCode: 91730
  • Country: US
  • RegDate: 2021-10-20
  • Updated: 2022-03-02
  • Comment: https://www.racknerd.com
  • Comment: Support is available 24x7 at [email protected]
  • Comment: Report abuse to: [email protected]
  • Ref: https://rdap.arin.net/registry/entity/RL-872
  • OrgTechHandle: RACKN3-ARIN
  • OrgTechName: RackNerd NOC
  • OrgTechPhone: +1-888-881-6373
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/RACKN3-ARIN
  • OrgAbuseHandle: RAD128-ARIN
  • OrgAbuseName: RackNerd Abuse Department
  • OrgAbusePhone: +1-888-881-6373
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/RAD128-ARIN

Links to attack logs

dotoronto-telnet-bruteforce-ip-list-2021-11-22