3.12.173.180 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 3.12.173.180 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1036 - Masquerading, T1057 - Process Discovery, T1059 - Command and Scripting Interpreter, T1071 - Application Layer Protocol, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1105 - Ingress Tool Transfer, T1106 - Native API, T1129 - Shared Modules, T1140 - Deobfuscate/Decode Files or Information, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1546 - Event Triggered Execution

• Tags: address, all octoseek, analyze, ascii text, august, body length, bundled, cfqirgdhj5, cfqirgdhj5 http, cfqirgdhj5 url, ck id, code, communicating, contact, contacted, contacted urls, dropped, execution, factory, february, feeds ioc, file, final url, formbook, getprocaddress, gmt connection, gopher, headers date, historical ssl, hostnames, http, http response, hybrid, iocs, ioc search, july, kb body, localappdata, malware, mitre att, new ioc, njrat, obz4usfn0, obz4usfn0 http, obz4usfn0 url, passive dns, paste, path, post, putty, ransomware, referrer, resolutions, sample, scan endpoints, screenshot, serving ip, sfqh4dt74w0 url, sha256, show technique, ssl certificate, status code, teams api, temp, threat, threat analyzer, threat roundup, ukhdaauqaaaaaac, unique, urls, urls https, vj87, whois record, whois ssl, whois whois, windir

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 6 times
• Protocols Attacked: SSH
• Passive DNS Results: staging-research.thorne.com fuid.xyz averie652.xyz dinaspowys.xyz dolgellau.xyz communitypro.xyz denhamy.xyz world.zone xtendedreality.xyz technologypro.xyz dodworth.xyz dingley.xyz pitch.zone didcot.xyz segway.xyz dealay.xyz devizes.xyz dobwalls.xyz delaboley.xyz agencypro.xyz visacards.xyz voronoid.xyz assetpro.xyz attorneypro.xyz xbulk.xyz customer-support.xyz asbulk.xyz heptaverse.xyz deepingsaintjames.xyz wirsinddasvolk.xyz spatter.xyz darlingtony.xyz darwen.xyz darenth.xyz dennyey.xyz tokendealer.xyz darvel.xyz desborough.xyz derries.xyz davenham.xyz deficonnect.xyz derbies.xyz datchet.xyz dissame.xyz denholmey.xyz darton.xyz dinnington.xyz deanshanger.xyz dingwall.xyz softwarepro.xyz daventry.xyz darfield.xyz dersingham.xyz desford.xyz davyhulmey.xyz metagonal.xyz conchology.xyz dentony.xyz daltoninfurness.xyz coronal.xyz dartmouthey.xyz deysbrook.xyz disleyen.xyz dawlish.xyz danburen.xyz darlaston.xyz contactpro.xyz dalstona.xyz deganwy.xyz dbulk.xyz computergraphics.xyz denbydaley.xyz covishield.xyz constructer.xyz dewsbury.xyz vweb.xyz hqx.xyz security-system.xyz multihedron.xyz hoya.xyz sneakernft.xyz shopgiftcards.xyz salepro.xyz metaverseindonesia.xyz multigon.xyz igors.xyz prairiedog.xyz bulkx.xyz metahedra.xyz bullapesociety.xyz idealists.xyz penelopeaveline.xyz parahedron.xyz incomepro.xyz internationalart.xyz bulkd.xyz biotatechnologies.xyz promed.xyz bitcoingiftcards.xyz upload123.xyz phonepro.xyz bookroom.xyz exponentials.xyz gvz.xyz nominative.xyz gvw.xyz expeditiously.xyz e3qar.xyz eaqar.xyz kogi.xyz rosanne.xyz radiosity.xyz fresh.xyz endemic.world bobba.world fairytales.world mtm.world winetourism.world thecovid.world leiden.rest metafora.world tokenblock.watch click.taxi drama.today peace.tennis ewatches.co app-claim.com www.blueprintcraft.co onfemme.com aloe.studio garbagetrends.style safari.supplies garbagetrend.style webynamics.software bullapesociety.social nativeamericans.social besttrading.shopping webynamix.shopping forsale.shopping colombianegocio.rocks rmmmz.rocks endorsing.rocks oisi.rocks xmaze.rocks realestate.salon colombiacasa.restaurant e3qar.rocks tawis.rocks sdubloons.rocks esrael.photos totalcric.rocks vip.place vepe.rocks niftynils.rocks kamalyat.rocks trackdown.org business.plumbing nilarts.org scout.news armourgroup.net aryasamajmandir.net wearetheones.net tatca.net tq3.net corporateamerica.net bnb.ninja theroommate.net talentfly.net ab33.net aptco.net weblash.net thebrandstore.net tgtt.net watercorp.net semid.net dibaco.net djal.net dnachart.net webtechdesign.net ddud.net scottishsociety.net tapered.net solarsupplies.net wanderingstars.net darwindigital.net weport.net aculco.net districtwater.net comsquare.net dvdpro.net witbox.net agrozone.net attos.net aureliano.net vvrv.net campulse.net virtualestates.net sunford.net shopage.net solutionforce.net thevoiceless.net cashcrop.net thewayweare.net teona.net tradeventure.net cheesecloth.net xi10.net wlit.net spook.network ebike.network threefish.net clienthosting.net southernexposure.net haveco.net speedrunners.net lilangels.net superfitness.net starmonitor.net hempower.net citytrade.net appletag.net sugarcode.net siyer.net dramaonline.net theirving.net smokeon.net zumper.net honeyspa.net apogeetech.net horsezone.net citycraft.net yibe.net morenews.net hectech.net augurio.net doname.net ancgroup.net smelltest.net anele.net dodon.net sanap.net pornvip.net peterrabbit.net investglobal.net hf66.net zphoto.net hdfriday.net zoopro.net qjay.net yeow.net lucker.net projecton.net lugira.net metahoneymoon.net cybersecurityusa.net luntu.net lentera.net mynewcar.net zona7.net bestblue.net megavoip.net gfmall.net holidate.net sg99.net superunit.net heraldnews.net packr.net lifestylepro.net mountnittany.net extremeoutdoors.net ideacentral.net haybarn.net bookevents.net elemint.net bodywatch.net squareowl.net enlightment.net nextshopper.net njcareers.net bluecommerce.net khstore.net buysellcars.net rainforestherbs.net mhgl.net rockrock.net recoveryone.net betablock.net gtmax.net getio.net fkom.net liantao.net lifepeak.net gongcai.net osmarket.net jobsit.net jpdp.net litlist.net beautycar.net gemstonerealty.net blazegames.net quotely.net ultimategoal.net parusa.net naraka.net internetinternet.net bscn.net bestlife365.net umbrellasolutions.net geckotech.net umakeit.net freshout.net uniteus.net ffdf.net meaning.ltd privategallery.net utaw.net 3xw.net growhemp.net 00s.net festum.net kofee.net 99du.net unsane.net game4you.net karmoo.net beautyflower.net elkton.net focusedlife.net evilpunks.movie rgmg.net jiaw.net spook.market fbwatch.net ffbf.net teenage.live urbanhive.net luna.marketing ruxx.net nutrahealth.life vajra.life foodchef.net fastfurious.net hakata.life god.lease other.loans healthyhippie.life biota.live finesse.ltd freak.ltd business.lighting sdubloon.live domaincrimes.info subtle.info badger.land chat.investments bestinsurance.life yyyy.life primordial.life mundoob.info e3qar.info hotmoon.info eaqar.info bullapesociety.info fujimino-kids.info fairytales.info metaclub.icu nilart.gallery tech.fund weed.holiday f1.health outperforming.graphics coop.guru skullapeclub.house ergo.expert god.holiday seo.hockey nilarts.gallery seo.furniture warranty.gold regal.gold nilarmor.games business.florist realestate.florist cetelem.email remote.engineering mbs.digital gemlock.diamonds god.creditcard book.company pitbull.company bet.creditcard betting.creditcard betting.credit god.coupons help.coach moo.company safari.community invect.cloud bullapesociety.cloud trustbitcoin.city god.camp judo.camp spook.capital hall.cafe sets.business want.business meaning.business maxing.biz mundoob.blog litter.biz eaqar.blog computerdoctor.biz tordax.biz bullapesociety.biz kidsgame.biz masterbuilders.biz stages.biz mundoob.biz iorganic.biz facebook-fintech.biz oceanyoga.biz gadiz.biz vishnuvajjala.bar papakyriakou.bar onto.biz e3qar.biz eaqar.biz skullapesociety.band parsadanishvili.bar realestate.bingo bullapesociety.art evilpunks.art northstar.agency rainbow.agency bone.academy writingmyheart.com weprosa.com westselection.com xmpath.com xibaoxiu.com winnersmethod.com xianzaichina.com xcguocheng.com xuexitouzi.com xoommed.com wetapi.com werefed.com wepolitical.com xaopu.com xinfound.com wrksys.com autrus.com welllinc.com xdesh.com xmyae.com wholefarmers.com waycatalog.com xflbets.com writesnow.com worldimprovements.com wawoi.com womenscrypto.com asuot.com xaqms.com wbiex.com asiancfa.com withinindia.com wsnsteel.com wuyuse.com westcrypt.com xinsiyue.com assurancepacific.com weekblue.com wislms.com weibofocus.com watsupbra.com akorol.com worldwideresolutions.com admissionenglish.com wwwpool.com armyworldwide.com worldoftheme.com worldmavericks.com wmestates.com waivercentre.com webinsign.com weareoxm.com adultcloth.com autoterritory.com xiayuma.com wer888.com againsttech.com alphacominc.com wekitten.com afghanistancouncil.com wanzhuanyuenan.com weizehua.com adviseusfund.com wakeuniversity.com waptry.com

Malware Detected on Host

Count: 105 50283ef22153b8239773d3362252d5e06fd24b4f99250aed5073ac539bc903f0 36a7627b54e0aea18d691543b3f277d59c2ebb67ad083d921a9db488853e4a71 3426d99df283e3038bba9d6a26e2d8441b0a3da3b1cb5c40337eb9f286985cdf b79568ba3a40c42825b9e1860cd1432d9c2201cef75ee40225a4f32270c7e650 9357334417685b6bf10d50e3d4518218801b861892474848a73e6b752f46e8ea 2f599299564919b729292dce10fe0309381acdd27a54b118c486c624c0883b7e 6089e79563c5d38fd8b6914ac8c2bafe5747dc6690334b7638bb21beaee63231 7e3bb583caab0bf109ab92ed92f912024d78c9d36132484d9f54ec80294990c0 31300b6bca30529caad212877bd87ee55f06a4164e4c2150bb6376da6c6e7ab5 d64b4fe6286f289cffdea5cf69dba66b3cea95664bf4102ae2bcc721c9fdc195

Open Ports Detected

443

CVEs Detected

CVE-2024-25142 CVE-2024-26280 CVE-2024-27906 CVE-2024-28746 CVE-2024-31869 CVE-2024-39863 CVE-2024-39877 CVE-2024-41937 CVE-2024-45034 CVE-2024-45784

Map

Whois Information

• NetRange: 3.0.0.0 - 3.127.255.255
• CIDR: 3.0.0.0/9
• NetName: AT-88-Z
• NetHandle: NET-3-0-0-0-1
• Parent: NET3 (NET-3-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: Amazon Technologies Inc. (AT-88-Z)
• RegDate: 2017-12-20
• Updated: 2022-05-18
• Ref: https://rdap.arin.net/registry/ip/3.0.0.0
• OrgName: Amazon Technologies Inc.
• OrgId: AT-88-Z
• Address: 410 Terry Ave N.
• City: Seattle
• StateProv: WA
• PostalCode: 98109
• Country: US
• RegDate: 2011-12-08
• Updated: 2024-01-24
• Comment: All abuse reports MUST include:
• Comment: * src IP
• Comment: * dest IP (your IP)
• Comment: * dest port
• Comment: * Accurate date/timestamp and timezone of activity
• Comment: * Intensity/frequency (short log extracts)
• Comment: * Your contact details (phone and email) Without these we will be unable to identify the correct owner of the IP address at that point in time.
• Ref: https://rdap.arin.net/registry/entity/AT-88-Z
• OrgAbuseHandle: AEA8-ARIN
• OrgAbuseName: Amazon EC2 Abuse
• OrgAbusePhone: +1-206-555-0000
• OrgAbuseEmail: trustandsafety@support.aws.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AEA8-ARIN
• OrgNOCHandle: AANO1-ARIN
• OrgNOCName: Amazon AWS Network Operations
• OrgNOCPhone: +1-206-555-0000
• OrgNOCEmail: amzn-noc-contact@amazon.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/AANO1-ARIN
• OrgTechHandle: ANO24-ARIN
• OrgTechName: Amazon EC2 Network Operations
• OrgTechPhone: +1-206-555-0000
• OrgTechEmail: amzn-noc-contact@amazon.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ANO24-ARIN
• OrgRoutingHandle: ARMP-ARIN
• OrgRoutingName: AWS RPKI Management POC
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-rpki-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/ARMP-ARIN
• OrgRoutingHandle: IPROU3-ARIN
• OrgRoutingName: IP Routing
• OrgRoutingPhone: +1-206-555-0000
• OrgRoutingEmail: aws-routing-poc@amazon.com
• OrgRoutingRef: https://rdap.arin.net/registry/entity/IPROU3-ARIN

Links to attack logs

****** ****** ******