104.244.72.115 Threat Intelligence and Host Information

Share on:

Jan 11, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.244.72.115 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 90/100

Host and Network Information

Mitre ATT&CK IDs: T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1100 - Web Shell, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force, T1560 - Archive Collected Data, T1573.002 - Asymmetric Cryptography, T1573 - Encrypted Channel
Tags: all search, anlise, anonymizers, apple ios, as62744, ascii text, attack, authority, backdoor, badrequest, body, brian sabey, bruteforce, Bruteforce, Brute-Force, catalog file, ck id, class, click, collection, contacted, contacted urls, cowrie, critical, cyber security, dangeroussig, date, done adding, dropped, dumping, error, fali malicious, general, generator, hacking, hacktool, hallrender.com, http, hybrid, indicator, ioc, ip address, ipv4, local, login, look, malicious, mark sabey, mirai, mitre att, monitoring, Nextray, otx octoseek, passive dns, pattern match, phishing, probing, proxy avoidance, pulse as16509, pulse pulses, refresh, related nids, restart, root ca, scan endpoints, scanner, span, spyware, ssh, SSH, ssl certificate, strings, Telnet, threat, tools, tor, Tsara brashears, unknown, url http, urls, verify, webscan, webscanner, whois record, whois whois, win32, win64
Known tor exit node
View other sources: Spamhaus VirusTotal
Contained within other IP sets: blocklist_net_ua, botscout_30d, dm_tor, et_tor, haley_ssh, maxmind_proxy_fraud, sblam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits
Known TOR node
Country: Luxembourg
Network: AS53667 frantech solutions
Noticed: 50 times
Protcols Attacked: ssh
Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: tor-exit-hermes.greektor.net

Malware Detected on Host

Count: 26 c851e3145dcf942d75fe7d104d5e3c46f5d49c165ec72f78a4c149d49707192a 3fc230dc5d1de692003e1ec416f99a181f1888b9f08ef6cd9ecf423890ad2a74 3dd7811ea5769d51349b934c766225e3fd3db218bfa88baf1dbf3263dee58d8a 6163b23f37d9654f3bc384462314382e847a7f9f794a361676b31f8bbded6b68 7e22c7b59b664a1edad678c1edc502aaa9a38e14a5a052dcb86c946efd7bd0c9 f046b65739764aa74d38bfaf666094d45ad087b3bc6430c5a19c599b1735a54e 7cf34eadb163afa46e8936bc8a37c38d51a646079d39897397ab6bd3fd527f9a 25837be752586ccedb7da8ab32d563a7baa799d91ca69067f0b8acc14dfc0923 f2d2ac74db5bbbb4afb1818bf345019c15a5688b574e53c5f93aa41b1df353c4 390412e6563edba4228e57e56543284c106789e689f62e4ac32d58879bb019c9

Open Ports Detected

443 80

Map

Whois Information

NetRange: 104.244.72.0 - 104.244.79.255
CIDR: 104.244.72.0/21
NetName: PONYNET-14
NetHandle: NET-104-244-72-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS53667
Organization: FranTech Solutions (SYNDI-5)
RegDate: 2014-11-10
Updated: 2014-11-10
Ref: https://rdap.arin.net/registry/ip/104.244.72.0
OrgName: FranTech Solutions
OrgId: SYNDI-5
Address: 1621 Central Ave
City: Cheyenne
StateProv: WY
PostalCode: 82001
Country: US
RegDate: 2010-07-21
Updated: 2017-01-28
Ref: https://rdap.arin.net/registry/entity/SYNDI-5
OrgTechHandle: FDI19-ARIN
OrgTechName: Dias, Francisco
OrgTechPhone: +1-778-977-8246
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
OrgAbuseHandle: FDI19-ARIN
OrgAbuseName: Dias, Francisco
OrgAbusePhone: +1-778-977-8246
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
NetRange: 104.244.72.0 - 104.244.79.255
CIDR: 104.244.72.0/21
NetName: BUYVM-LUXEMBOURG-01
NetHandle: NET-104-244-72-0-2
Parent: PONYNET-14 (NET-104-244-72-0-1)
NetType: Reallocated
OriginAS: AS53667
Organization: BuyVM (BUYVM)
RegDate: 2017-10-01
Updated: 2017-10-01
Ref: https://rdap.arin.net/registry/ip/104.244.72.0
OrgName: BuyVM
OrgId: BUYVM
Address: 3, op der Poukewiss
City: Roost
StateProv:
PostalCode: 7795
Country: LU
RegDate: 2017-10-01
Updated: 2017-10-01
Ref: https://rdap.arin.net/registry/entity/BUYVM
OrgAbuseHandle: FDI19-ARIN
OrgAbuseName: Dias, Francisco
OrgAbusePhone: +1-778-977-8246
OrgAbuseEmail: [email protected]
OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
OrgTechHandle: FDI19-ARIN
OrgTechName: Dias, Francisco
OrgTechPhone: +1-778-977-8246
OrgTechEmail: [email protected]
OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

** vultrmadrid-ssh-bruteforce-ip-list-2022-10-21 dolondon-ssh-bruteforce-ip-list-2022-12-24 bruteforce-ip-list-2020-06-28 digitaloceanfrankfurt-ssh-bruteforce-ip-list-2024-01-11 aws-ssh-bruteforce-ip-list-2021-06-15 digitaloceansingapore-ssh-bruteforce-ip-list-2023-12-18 ** **