104.244.79.120 Threat Intelligence and Host Information

Share on:
Jan 11, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.244.79.120 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Tags: attack, cyber security, ioc, kfsensor, login, malicious, Nextray, phishing, probing, rdp, scanner, scanning, ssh, SSH, Telnet, TOR, VPN, webscan, webscanner bruteforce web app attack

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: b3b0, haley_ssh

  • Country: Luxembourg
  • Network: AS53667 frantech solutions
  • Noticed: 50 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: nouuid4u.com www.watercomic.com thefilena.me www.thefilena.me smtp.peepohappy.xyz ftp.peepohappy.xyz pop.peepohappy.xyz peepohappy.xyz www.peepohappy.xyz expertinwp.site www.expertinwp.site osprey.datash.xyz

Malware Detected on Host

Count: 6 e746ba510b706bc06b084ce84d6cd7e417137efde85bf12e421fdf21fd677943 993d69e143c76b499d8cb8b390eedd244fbba4c1cdb8fe26b3d2b4adcc93b6c8 142c0b4714bd190c3820d661b3f42a4edeb6adfc90ceff52cd189672390d5c94 629b1481770833734d776ef351248b999139ab130097cc671cf7efbf69a00ac2 175947117e7dfbe4d0b437034d850cb8bb063038d1b1ab0219c56ddc6464b395 857df9f995f743358d9379eb9d8ef7848e7969ecc13394600eadbf973076d664

Open Ports Detected

443

Map

Whois Information

  • NetRange: 104.244.72.0 - 104.244.79.255
  • CIDR: 104.244.72.0/21
  • NetName: PONYNET-14
  • NetHandle: NET-104-244-72-0-1
  • Parent: NET104 (NET-104-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS53667
  • Organization: FranTech Solutions (SYNDI-5)
  • RegDate: 2014-11-10
  • Updated: 2014-11-10
  • Ref: https://rdap.arin.net/registry/ip/104.244.72.0
  • OrgName: FranTech Solutions
  • OrgId: SYNDI-5
  • Address: 1621 Central Ave
  • City: Cheyenne
  • StateProv: WY
  • PostalCode: 82001
  • Country: US
  • RegDate: 2010-07-21
  • Updated: 2017-01-28
  • Ref: https://rdap.arin.net/registry/entity/SYNDI-5
  • OrgTechHandle: FDI19-ARIN
  • OrgTechName: Dias, Francisco
  • OrgTechPhone: +1-778-977-8246
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • OrgAbuseHandle: FDI19-ARIN
  • OrgAbuseName: Dias, Francisco
  • OrgAbusePhone: +1-778-977-8246
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • NetRange: 104.244.72.0 - 104.244.79.255
  • CIDR: 104.244.72.0/21
  • NetName: BUYVM-LUXEMBOURG-01
  • NetHandle: NET-104-244-72-0-2
  • Parent: PONYNET-14 (NET-104-244-72-0-1)
  • NetType: Reallocated
  • OriginAS: AS53667
  • Organization: BuyVM (BUYVM)
  • RegDate: 2017-10-01
  • Updated: 2017-10-01
  • Ref: https://rdap.arin.net/registry/ip/104.244.72.0
  • OrgName: BuyVM
  • OrgId: BUYVM
  • Address: 3, op der Poukewiss
  • City: Roost
  • StateProv:
  • PostalCode: 7795
  • Country: LU
  • RegDate: 2017-10-01
  • Updated: 2017-10-01
  • Ref: https://rdap.arin.net/registry/entity/BUYVM
  • OrgAbuseHandle: FDI19-ARIN
  • OrgAbuseName: Dias, Francisco
  • OrgAbusePhone: +1-778-977-8246
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • OrgTechHandle: FDI19-ARIN
  • OrgTechName: Dias, Francisco
  • OrgTechPhone: +1-778-977-8246
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

awsjap-ssh-bruteforce-ip-list-2022-01-16 bruteforce-ip-list-2022-01-16 ** awsau-ssh-bruteforce-ip-list-2022-01-16 awsau-ssh-bruteforce-ip-list-2022-01-17 awsjap-ssh-bruteforce-ip-list-2022-01-17 bruteforce-ip-list-2022-01-27 ** ** bruteforce-ip-list-2022-01-20