IOC Radar
IPMediumSignal 62/100

192.3.136.217

Location
United StatesUnited States
Buffalo, New York
ASN
AS36352
HostPapa
First Seen
Nov 5, 2025
Last Seen
Jun 11, 2026
Nov 5
First Seen
217d ago
Jun 11
Last Seen
today
8
Reports
source reports
62%
Confidence
medium
15/91
VirusTotal
detections
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
62%
Signal Score
62 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryUSUnited States
RegionBuffalo, New York
ASNAS36352
OrganizationHostPapa

Feed Intelligence Summary

8 reports62% confidence
8
Source reports
62%
Confidence score
Category tags
abusech-threatfox-c2cabusech-urlhaus-c2cabuseipdbacrstealeractive scanningamadeyapkarchivearmas-colocrossingasciiasyncratauto-updatedbad reputationbadpackbankerblocked-ipsboogrbotnetbotnet activitybotnetdomainbrand weaponizationc2censyscommand & controlcommand and controlcredential harvestingcryptocurrency threatscryptojackingcyber threat advisorycyber threatsdarkclouddarkvisionratdata encryptiondata exfiltrationddosddosagentdropped-by-amadeydropped-by-phorpiexelectronic health recordselfencodedencryptionexeexecutable fileexploitation activityextortionfinancefinancial servicesgafgytgithubguloaderhackinghealth care and social assistancehealth information technologyhealthcare information systemshospital managementhtaindicatorindicators of compromiseinformation technologyinfostealerisp-reputationit infrastructurejavalnklummastealerm68kmalicious ip activitymalicious softwaremalwaremalware analysismamontmassloggermedical servicesmipsmiraimitre-attackmobile threatmozinetworknetwork probingnorth americaopendirpatient carepattern-32pattern-38phantomstealerphishing attackpowerpcpowershellprocess injectionps1purelogsstealerransomwareransomware threat intelligenceratreconnaissanceredlinerekooberemcos trojanremcosratremote accessremote servicesremusstealerresearchedresidential proxyresource hijackingrev-base64-loadersalatstealerscams & fraudscannershsocial engineeringsoftware developmentsparcssl-enrichmentssl/tls enrichmentstealcstix 2.1stix-2.1superhsupply chain attacksupply-chainsystem disruptiont1016t1016.001t1021.001t1027t1036.006t1055t1059t1059.001t1059.003t1071t1071.001t1078t1090t1102t1110t1140t1195.002t1486t1490t1496t1499.001t1547t1547.001t1555.003t1565t1566t1566.001t1566.002t1566.003t1573t1583.006t1585t1586t1595t1595.001t1595.002t1595.003team cymruthreat actor ttpsthreat-intelligencethreatfox iocstriageua-wgetunited statesusvipkeyloggerwsgidavx86xmlxworm

Activity Timeline

1 total obs
Jun 11Jun 11

Threat Activity Heatmap

Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
62
SIGNAL
Signal Score
62%
Confidence
8
Reports
First seenNov 5, 2025
Last seenJun 11, 2026
GeolocationUS
CountryUnited States
LocationBuffalo, New York
ASNAS36352
OrgHostPapa
Coords42.8864, -78.8784

VirusTotal

15/ 91vendors flagged
16% detection rateJun 11, 2026

WHOIS

raw
NetRange: 192.3.0.0 - 192.3.255.255 CIDR: 192.3.0.0/16 NetName: CC-15 NetHandle: NET-192-3-0-0-1 Parent: NET192 (NET-192-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: HostPapa (HOSTP-7) RegDate: 2013-06-07 Updated: 2024-02-02 Comment: Geofeed https://geofeeds.oniaas.io/geofeeds.csv Ref: https://rdap.arin.net/registry/ip/192.3.0.0 OrgName: HostPapa OrgId: HOSTP-7 Address: 325 Delaware Avenue Address: Suite 300 City: Buffalo StateProv: NY PostalCode: 14202 Country: US RegDate: 2016-06-06 Updated: 2025-10-05 Ref: https://rdap.arin.net/registry/entity/HOSTP-7 OrgAbuseHandle: NETAB23-ARIN OrgAbuseName: NETABUSE OrgAbusePhone: +1-905-315-3455 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN OrgTechHandle: NETTE9-ARIN OrgTechName: NETTECH OrgTechPhone: +1-905-315-3455 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN RAbuseHandle: NETAB27-ARIN RAbuseName: NETABUSE-COLOCROSSING RAbusePhone: +1-800-518-9716 RAbuseEmail: [email protected] RAbuseRef: https://rdap.arin.net/registry/entity/NETAB27-ARIN RTechHandle: NETTE11-ARIN RTechName: NETTECH-COLOCROSSING RTechPhone: +1-800-518-9716 RTechEmail: [email protected] RTechRef: https://rdap.arin.net/registry/entity/NETTE11-ARIN

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 7 months ago · Last seen today
Appeared in 8 threat reports