104.254.90.187 Threat Intelligence and Host Information

Share on:
Jan 11, 2024 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 104.254.90.187 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Tags: cyber security, ioc, malicious, Nextray, phishing

  • Known tor exit node

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, et_tor, php_harvesters_30d, stopforumspam_180d, stopforumspam_365d, stopforumspam_90d, stopforumspam

  • Known TOR node
  • Country: Canada
  • Network: AS32489 amanah tech inc.
  • Noticed: 50 times
  • Protcols Attacked: spam
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: malamiry.synology.me secureyourdataarea2.duckdns.org racinn.duckdns.org tonboekestein.direct.quickconnect.to juniormaxx.synology.me ninjazx10r.synology.me storj.airdns.org testdomain1.chickenkiller.com

Malware Detected on Host

Count: 12 0a129dd1a17aab3eb7441186b63bfc4b38443027b733c0830cb4b6b8423a70b0 08407eb9ff147b90fc37cd068f67b3565dc6482793e78055c45d34f7eac4a51c d160210276e01f7064f86e901ed5588bf3d3440cd66a975b049fdb83bacbb47a 125856b542413310ed56a890639f6efa2c86e21c451d6856b8e12e5fb75626c5 65f42446899a3b2289fb745e17221665740464d0a2d54c651d8fb8e2580296b6 cf3a1200094aa18667b7ac0ff75c16a932f5a7c14a4b31975d8a5bf611f9ecfa 38dcf673fc458d7e9ca1381d2eb38b2b888ac165c018d8b135294c72a4aab252 6c76ba08d9199a5978124cbd29b71cb910a0e9e320dd4c74b8fd906cd26f46f5 b8708ffa406ee856af54744572620c951f4b8eb7f8308a86a6e6a83fc87292ad 154c12773b18212bfb226632dc3ff86e42fc202c9bb114285d3f6e505d457621

Open Ports Detected

88

Map

Whois Information

  • NetRange: 104.254.88.0 - 104.254.95.255
  • CIDR: 104.254.88.0/21
  • NetName: AMANAH-BLOCK6
  • NetHandle: NET-104-254-88-0-1
  • Parent: NET104 (NET-104-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS32489
  • Organization: Amanah Tech Inc. (AT-2)
  • RegDate: 2014-12-30
  • Updated: 2014-12-30
  • Ref: https://rdap.arin.net/registry/ip/104.254.88.0
  • OrgName: Amanah Tech Inc.
  • OrgId: AT-2
  • Address: 151 Frontstreet West
  • Address: Suite 341
  • City: Toronto
  • StateProv: ON
  • PostalCode: M5J 2N1
  • Country: CA
  • RegDate: 2010-11-23
  • Updated: 2017-01-28
  • Comment: Please send all abuse reports uncensored for review and action.
  • Ref: https://rdap.arin.net/registry/entity/AT-2
  • OrgTechHandle: NETWO4031-ARIN
  • OrgTechName: Network Operations
  • OrgTechPhone: +1-416-603-9825
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/NETWO4031-ARIN
  • OrgNOCHandle: NETWO4031-ARIN
  • OrgNOCName: Network Operations
  • OrgNOCPhone: +1-416-603-9825
  • OrgNOCEmail: [email protected]
  • OrgNOCRef: https://rdap.arin.net/registry/entity/NETWO4031-ARIN
  • OrgAbuseHandle: ABUSE2837-ARIN
  • OrgAbuseName: Abuse Department
  • OrgAbusePhone: +1-416-603-9825
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE2837-ARIN
  • network:Class-Name:network
  • network:Auth-Area:104.254.90.0/24
  • network:ID:NET-4037.104.254.90.184/29
  • network:Network-Name:104.254.90.184/29
  • network:IP-Network:104.254.90.184/29
  • network:IP-Network-Block:104.254.90.184 - 104.254.90.191
  • network:Org-Name:VAT ID IT03297800546
  • network:Street-Address:Via del Sagittario 4
  • network:City:Perugia
  • network:State:
  • network:Postal-Code:
  • network:Country-Code:IT
  • network:Tech-Contact:MAINT-4037.104.254.90.184/29
  • network:Created:20150504185240000
  • network:Updated:20210324144817000
  • network:Updated-By:[email protected]
  • contact:POC-Name:Network Administrator
  • contact:POC-Email:[email protected]
  • contact:POC-Phone:+14166039825
  • contact:Tech-Name:Network Administrator
  • contact:Tech-Email:[email protected]
  • contact:Tech-Phone:+14166039825
  • contact:Abuse-Name:Abuse Department
  • contact:Abuse-Email:[email protected]
  • contact:Abuse-Phone:+14166039825

Links to attack logs

** forum-spam-ip-list-2023-02-15 ** **