104.244.74.57 Threat Intelligence and Host Information

Share on:
Jan 11, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.244.74.57 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 90/100

Host and Network Information

  • Mitre ATT&CK IDs: T1027 - Obfuscated Files or Information, T1056.001 - Keylogging, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1068 - Exploitation for Privilege Escalation, T1071.001 - Web Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force, T1114 - Email Collection, T1176 - Browser Extensions, T1491 - Defacement, T1497 - Virtualization/Sandbox Evasion, T1566 - Phishing, T1571 - Non-Standard Port, T1573 - Encrypted Channel, TA0011 - Command and Control
  • Tags: acint, agent, agent tesla, agenttesla, alexa, alexa top, all octoseek, appdata, apple, apple ios, artemis, as141773, as15169 google, as17506 arteria, as17806 mango, as19969, as32244 liquid, as49505, as61317, as63932, ascii text, asnone united, asyncrat, attack, azorult, bank, banker, bazaloader, bazarloader, beginstring, bitminer, blacklist, blacklist http, blacklist https, bladabindi, blockchain, body, bradesco, Bruteforce, Brute-Force, cisco umbrella, class, cleaner, click, cobalt strike, communicating, conduit, contacted, core, covid19, cowrie, crack, critical, cry kill, cve201711882, cyber security, cyberstalking, cyber threat, cymulate2, dapato, date, detection list, detplock, dllinject, domain, downldr, download, downloader, driverpack, dropped, dropper, emotet, encpk, encrypt, engineering, entries, error, et tor, exit, expired, facebook, fakeinstaller, falcon, fali contacted, fali malicious, file, files, filetour, formbook, fusioncore, general, generator, generic, generic malware, gmt content, gmt contenttype, hacktool, heur, hostname, hybrid, iframe, immediate, indicator, installcore, installer, installpack, internet storm, iobit, ioc, ip summary, ipv4, japan unknown, keep alive, keylogger, known tor, kraddare, kyriazhs1975, loadmoney, local, lockbit, login, look, malicious, malicious site, maltiverse, malvertizing, malware, malware norad, malware site, media, mediaget, meta, meterpreter, million, miner, mirai, misc attack, moved, msil, name verdict, nanocore, nanocore rat, netwire rc, networm, next, Nextray, njrat, node traffic, noname057, null, open, outbreak, passive dns, pattern match, paypal, phish, phishing, phishing site, phishtank, png image, pony, predator, presenoker, pulse pulses, qakbot, qbot, quasar, raccoon, ransom, ransomexx, ransomware, redline, redline stealer, referrer, refresh, relayrouter, remcos, response, restart, riskware, rostpay, runescape, russia unknown, safe site, sample, samples, scan endpoints, scanner, script, search, service, silk road, site, smokeloader, softonic, span, spyrixkeylogger, spyware, ssh, SSH, ssl certificate, stealer, strings, summary, suppobox, swrort, systweak, tag count, team, Telnet, threat report, tools, tor, trojan, trojanspy, tsara brashears, twitter, type, union, united, unknown, unsafe, urls, url summary, verify, vidar, wacatac, win64, windows nt, xcnfe

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, botscout_30d, botscout_7d, dm_tor, et_tor, sblam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

  • Known TOR node
  • Country: Luxembourg
  • Network: AS53667 frantech solutions
  • Noticed: 50 times
  • Protcols Attacked: redis ssh
  • Countries Attacked: Bangladesh, Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Malaysia, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: tor1.panhu.xyz

Malware Detected on Host

Count: 15 810af320650888d1060c44d5bfb5a3c6346fbfe31b2572588277cb2936c9cba8 a896be5e1f5b7d498d6556c9d64fe6407b70360e36dd3f47ee46da9367748ff6 2e1cb6a2cb1b284dbdd0b8d47d53f946ca0b27a196c45600cc656889c2e57623 7548589cca05a011b563d58e795233faf2310975659bbc8b4d1db7ae6d805280 d643588fd00e7cbb933a634a3a1636e4b789dd7bc22ecf4a83c80f133ab1a849 f046b65739764aa74d38bfaf666094d45ad087b3bc6430c5a19c599b1735a54e 25837be752586ccedb7da8ab32d563a7baa799d91ca69067f0b8acc14dfc0923 7ddef1c1c6c94febf3565291d7f4604f550144fd90a33b8c7445626ac29256d3 4b9c21d9da89c399832f18b4c9a2b4a32788937070b5494404a6e5b3d601a74b 5dca574173ec29eab508ab797c6af88456d9960cc56f42d7b86a06eae0cee317

Open Ports Detected

443 80 8081 8443 9002

Map

Whois Information

  • NetRange: 104.244.72.0 - 104.244.79.255
  • CIDR: 104.244.72.0/21
  • NetName: PONYNET-14
  • NetHandle: NET-104-244-72-0-1
  • Parent: NET104 (NET-104-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS53667
  • Organization: FranTech Solutions (SYNDI-5)
  • RegDate: 2014-11-10
  • Updated: 2014-11-10
  • Ref: https://rdap.arin.net/registry/ip/104.244.72.0
  • OrgName: FranTech Solutions
  • OrgId: SYNDI-5
  • Address: 1621 Central Ave
  • City: Cheyenne
  • StateProv: WY
  • PostalCode: 82001
  • Country: US
  • RegDate: 2010-07-21
  • Updated: 2017-01-28
  • Ref: https://rdap.arin.net/registry/entity/SYNDI-5
  • OrgTechHandle: FDI19-ARIN
  • OrgTechName: Dias, Francisco
  • OrgTechPhone: +1-778-977-8246
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • OrgAbuseHandle: FDI19-ARIN
  • OrgAbuseName: Dias, Francisco
  • OrgAbusePhone: +1-778-977-8246
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • NetRange: 104.244.72.0 - 104.244.79.255
  • CIDR: 104.244.72.0/21
  • NetName: BUYVM-LUXEMBOURG-01
  • NetHandle: NET-104-244-72-0-2
  • Parent: PONYNET-14 (NET-104-244-72-0-1)
  • NetType: Reallocated
  • OriginAS: AS53667
  • Organization: BuyVM (BUYVM)
  • RegDate: 2017-10-01
  • Updated: 2017-10-01
  • Ref: https://rdap.arin.net/registry/ip/104.244.72.0
  • OrgName: BuyVM
  • OrgId: BUYVM
  • Address: 3, op der Poukewiss
  • City: Roost
  • StateProv:
  • PostalCode: 7795
  • Country: LU
  • RegDate: 2017-10-01
  • Updated: 2017-10-01
  • Ref: https://rdap.arin.net/registry/entity/BUYVM
  • OrgAbuseHandle: FDI19-ARIN
  • OrgAbuseName: Dias, Francisco
  • OrgAbusePhone: +1-778-977-8246
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • OrgTechHandle: FDI19-ARIN
  • OrgTechName: Dias, Francisco
  • OrgTechPhone: +1-778-977-8246
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

** vultrmadrid-redis-bruteforce-ip-list-2022-06-15 vultrparis-ssh-bruteforce-ip-list-2022-11-15 vultrmadrid-ssh-bruteforce-ip-list-2023-04-03 ** vultrparis-ssh-bruteforce-ip-list-2022-12-10 **