38.54.96.3 Threat Intelligence and Host Information

Sep 10, 2025 ipinfopage

General

IP Address

38.54.96.3

IPv4 Address

Location

🇺🇸 United States

Network

AS174

COGENT-174

Threat Score

55/100

High Risk

BruteforceBrute-ForcecowriecybersecurityiocmaliciousNextray

Attack Intelligence

MITRE ATT&CK Techniques

T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

Geographic Location

Country

United States

City

Unknown

Region

Unknown

Coordinates

37.7510, -97.8220

Network Information

ASN

AS174

Organization

COGENT-174

Network

AS174 COGENT-174

WHOIS Information

NetRange

38.54.96.0 - 38.54.97.255

CIDR

38.54.96.0/23

NetName

LIGHTNODE-MY

NetHandle

NET-38-54-96-0-1

Parent

KAOPU-CGNT-NET-1 (NET-38-54-0-0-1)

NetType

Reassigned

OriginAS

Organization

Kaopu Cloud HK Limited (KCHL-3)

RegDate

2022-08-16

Updated

2022-08-16

Comment

Geofeed https://www.kaopucloud.com/geofeed.csv

Ref

https://rdap.arin.net/registry/entity/C08822572

OrgName

Kaopu Cloud HK Limited

OrgId

KCHL-3

Address

Malaysia,Kuala Lumpur

City

Kuala Lumpur

StateProv

PostalCode

50200

Country

OrgNOCHandle

ZC108-ARIN

OrgNOCName

Cogent Communications

OrgNOCPhone

+1-877-875-4311

OrgNOCEmail

noc@cogentco.com

OrgNOCRef

https://rdap.arin.net/registry/entity/ZC108-ARIN

Attack Logs

Date	Target Location	Protocol	Link
2023-01-15	Dotoronto	SSH	View Log

Country: United States
Network:
Noticed: 50 times
Protocols Attacked: ssh
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: weiguang.buzz mytwo.ahualu.com

Malware Detected on Host

Count: 1 b9b18cf5b1ed1a0a9530479e072fdd2f79096266577081506f9107282ba73509

Disclaimer

This page contains threat intelligence information for the IPv4 address 38.54.96.3 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.