104.244.73.93 Threat Intelligence and Host Information

Share on:
Jan 11, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.244.73.93 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1056.001 - Keylogging, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1114 - Email Collection, T1176 - Browser Extensions, T1491 - Defacement, T1497 - Virtualization/Sandbox Evasion, T1566 - Phishing, T1571 - Non-Standard Port, T1573 - Encrypted Channel, TA0011 - Command and Control

  • Tags: acint, agent, agent tesla, agenttesla, alexa, alexa top, all octoseek, appdata, apple, apple ios, artemis, as141773, as15169 google, as17506 arteria, as17806 mango, as19969, as32244 liquid, as49505, as61317, as63932, ascii text, asnone united, asyncrat, attack, azorult, bank, banker, bashlite, bazaloader, bazarloader, beginstring, bitminer, blacklist, blacklist http, blacklist https, bladabindi, blockchain, body, botnet, bradesco, c2, cisco umbrella, class, cleaner, click, cobalt strike, communicating, conduit, contacted, core, covid19, crack, critical, cry kill, cve201711882, cyber security, cyberstalking, cyber threat, cymulate2, dapato, date, DDoS, detection list, detplock, dllinject, domain, downldr, download, downloader, driverpack, dropped, dropper, emotet, encpk, encrypt, engineering, entries, error, et tor, exit, expired, facebook, fakeinstaller, falcon, fali contacted, fali malicious, file, files, filetour, formbook, fusioncore, gafgyt, general, generator, generic, generic malware, gmt content, gmt contenttype, hacktool, heur, hostname, hybrid, iframe, immediate, indicator, installcore, installer, installpack, internet storm, iobit, ioc, ip summary, ipv4, japan unknown, keep alive, keylogger, known tor, kraddare, kyriazhs1975, loadmoney, local, lockbit, look, malicious, malicious site, maltiverse, malvertizing, malware, malware norad, malware site, media, mediaget, meta, meterpreter, million, miner, mirai, misc attack, moved, msil, name verdict, nanocore, nanocore rat, netwire rc, networm, next, Nextray, njrat, node traffic, noname057, null, open, outbreak, passive dns, pattern match, paypal, phish, phishing, phishing site, phishtank, png image, pony, predator, presenoker, pulse pulses, qakbot, qbot, quasar, raccoon, ransom, ransomexx, ransomware, redline, redline stealer, referrer, refresh, relayrouter, remcos, response, restart, riskware, rostpay, runescape, russia unknown, safe site, sample, samples, scan endpoints, Scanner, scanning, script, search, service, silk road, site, smokeloader, smtp, softonic, span, spyrixkeylogger, spyware, ssh, ssl certificate, stealer, strings, summary, suppobox, swrort, systweak, tag count, tcp, team, threat report, tools, TOR, trojan, trojanspy, tsara brashears, twitter, type, union, united, unknown, unsafe, urls, url summary, verify, vidar, VPN, wacatac, Webattack, win64, windows nt, xcnfe

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh, sblam, stopforumspam_365d, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Country: Luxembourg
  • Network: AS53667 frantech solutions
  • Noticed: 50 times
  • Protcols Attacked: SSH
  • Countries Attacked: Bangladesh, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Malaysia, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: ddp.c2c2.cc emby.c2c2.cc tz.c2c2.cc cc.o8o8.top nmsf.ml

Malware Detected on Host

Count: 19 bd1c95a45577c0c253dc1025d6405835c6c78d2710a5e97285082074dc351a73 3f071c1c10c1f541096e5af35bd2680cb9765083815b1a98b1b24ea68f314a3a 7282e2fdb25b07554b082f5cf1697315ed5ce3005f985cbe96a34da965869db5 31e336d15f3414e6bae7056b612b3529b0af5c6656f93f9c3d51312a3ce8935c 7548589cca05a011b563d58e795233faf2310975659bbc8b4d1db7ae6d805280 d643588fd00e7cbb933a634a3a1636e4b789dd7bc22ecf4a83c80f133ab1a849 e7711425a3037a9b4a805b185c9096b2db65a523f07c8f908ab89d1da37370b7 ce11997dc64e5db0dc62219e25dc06c4209ba388589112d24973e5fc22ae48ee 7cf34eadb163afa46e8936bc8a37c38d51a646079d39897397ab6bd3fd527f9a 175947117e7dfbe4d0b437034d850cb8bb063038d1b1ab0219c56ddc6464b395

Open Ports Detected

22 3333

Map

Whois Information

  • NetRange: 104.244.72.0 - 104.244.79.255
  • CIDR: 104.244.72.0/21
  • NetName: PONYNET-14
  • NetHandle: NET-104-244-72-0-1
  • Parent: NET104 (NET-104-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS53667
  • Organization: FranTech Solutions (SYNDI-5)
  • RegDate: 2014-11-10
  • Updated: 2014-11-10
  • Ref: https://rdap.arin.net/registry/ip/104.244.72.0
  • OrgName: FranTech Solutions
  • OrgId: SYNDI-5
  • Address: 1621 Central Ave
  • City: Cheyenne
  • StateProv: WY
  • PostalCode: 82001
  • Country: US
  • RegDate: 2010-07-21
  • Updated: 2017-01-28
  • Ref: https://rdap.arin.net/registry/entity/SYNDI-5
  • OrgTechHandle: FDI19-ARIN
  • OrgTechName: Dias, Francisco
  • OrgTechPhone: +1-778-977-8246
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • OrgAbuseHandle: FDI19-ARIN
  • OrgAbuseName: Dias, Francisco
  • OrgAbusePhone: +1-778-977-8246
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • NetRange: 104.244.72.0 - 104.244.79.255
  • CIDR: 104.244.72.0/21
  • NetName: BUYVM-LUXEMBOURG-01
  • NetHandle: NET-104-244-72-0-2
  • Parent: PONYNET-14 (NET-104-244-72-0-1)
  • NetType: Reallocated
  • OriginAS: AS53667
  • Organization: BuyVM (BUYVM)
  • RegDate: 2017-10-01
  • Updated: 2017-10-01
  • Ref: https://rdap.arin.net/registry/ip/104.244.72.0
  • OrgName: BuyVM
  • OrgId: BUYVM
  • Address: 3, op der Poukewiss
  • City: Roost
  • StateProv:
  • PostalCode: 7795
  • Country: LU
  • RegDate: 2017-10-01
  • Updated: 2017-10-01
  • Ref: https://rdap.arin.net/registry/entity/BUYVM
  • OrgTechHandle: FDI19-ARIN
  • OrgTechName: Dias, Francisco
  • OrgTechPhone: +1-778-977-8246
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • OrgAbuseHandle: FDI19-ARIN
  • OrgAbuseName: Dias, Francisco
  • OrgAbusePhone: +1-778-977-8246
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

bruteforce-ip-list-2021-05-12 ** ** bruteforce-ip-list-2021-05-28 ** **