107.172.79.248 Threat Intelligence and Host Information

Sep 02, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 107.172.79.248 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force
Tags: anna paula, associated, brute force, Bruteforce, Brute-Force, cowrie, currc3adculo, cyber security, from email, headers, ioc, malicious, malspam email, msi file, Nextray, phishing, rdp, ssh, SSH, tuesday, utf8, zip archive
View other sources: Spamhaus VirusTotal

Country: United States
Network:
Noticed: 50 times
Protocols Attacked: ssh
Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Korea Republic of, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
Passive DNS Results: chernobyl.fantazy-rusi.ga kurackurac.com www.lkjkaijie.xyz

Malware Detected on Host

Count: 29 f42c46381da90d00f217ebba93900a2805ce4af683578f5bea08d1d11935f6e4 656056811aaffd2008e0fac5a7ec6c26c6331bd88e78677fbbfcc68fbec988b0 bfa6bc11bb85e89e2585b61085441d8c196128e8cae98fb21d4da54851258fd3 a2bf5f0c5c12a27a0a2979c2a3019764b238912c238009e438f6ff167df9274f be1f1167268c110dbde84227d58974370729f01820c616daf40a897717cbf575 82c6d61a1b201010397a4ad5dbea83b0a058eb86c992ace3eab0cd8248791d89 48d6be604f5fa9c62801db56515cf677a54a53d3ddde3874771c3b589b0cbb37 807c4d8b32576bcb28491e30d68037a98db9dd385e7b003c4ec7bf9ad2515e47 a4b0eced4b6d96290259010f923bb704fcf84879c10d692072a802a97d3d6d43 6d60eb70524ad422f8cb33397c970e28b2562a9e10d4bbe1ad0619f9af842916

Map

Whois Information

NetRange: 107.172.0.0 - 107.175.255.255
CIDR: 107.172.0.0/14
NetName: CC-17
NetHandle: NET-107-172-0-0-1
Parent: NET107 (NET-107-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: HostPapa (HOSTP-7)
RegDate: 2013-12-27
Updated: 2024-02-02
Comment: Geofeed https://geofeeds.oniaas.io/geofeeds.csv
Ref: https://rdap.arin.net/registry/ip/107.172.0.0
OrgName: HostPapa
OrgId: HOSTP-7
Address: 325 Delaware Avenue
Address: Suite 300
City: Buffalo
StateProv: NY
PostalCode: 14202
Country: US
RegDate: 2016-06-06
Updated: 2024-04-26
Ref: https://rdap.arin.net/registry/entity/HOSTP-7
OrgAbuseHandle: NETAB23-ARIN
OrgAbuseName: NETABUSE
OrgAbusePhone: +1-905-315-3455
OrgAbuseEmail: net-abuse-global@hostpapa.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN
OrgTechHandle: NETTE9-ARIN
OrgTechName: NETTECH
OrgTechPhone: +1-905-315-3455
OrgTechEmail: net-tech-global@hostpapa.com
OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN
RAbuseHandle: NETAB27-ARIN
RAbuseName: NETABUSE-COLOCROSSING
RAbusePhone: +1-800-518-9716
RAbuseEmail: abuse@colocrossing.com
RAbuseRef: https://rdap.arin.net/registry/entity/NETAB27-ARIN
RTechHandle: NETTE11-ARIN
RTechName: NETTECH-COLOCROSSING
RTechPhone: +1-800-518-9716
RTechEmail: support@colocrossing.com
RTechRef: https://rdap.arin.net/registry/entity/NETTE11-ARIN
NetRange: 107.172.79.0 - 107.172.79.255
CIDR: 107.172.79.0/24
NetName: CC-107-172-79-0-24
NetHandle: NET-107-172-79-0-1
Parent: CC-17 (NET-107-172-0-0-1)
NetType: Reassigned
OriginAS:
Organization: RackNerd LLC (RL-872)
RegDate: 2023-08-21
Updated: 2023-08-21
Ref: https://rdap.arin.net/registry/ip/107.172.79.0
OrgName: RackNerd LLC
OrgId: RL-872
Address: 10602 N. Trademark Pkwy Suite 511
City: Rancho Cucamonga
StateProv: CA
PostalCode: 91730
Country: US
RegDate: 2021-10-20
Updated: 2022-03-02
Comment: https://www.racknerd.com
Comment: Support is available 24x7 at support@racknerd.com
Comment: Report abuse to: reportabuse@racknerd.com
Ref: https://rdap.arin.net/registry/entity/RL-872
OrgTechHandle: RACKN3-ARIN
OrgTechName: RackNerd NOC
OrgTechPhone: +1-888-881-6373
OrgTechEmail: support@racknerd.com
OrgTechRef: https://rdap.arin.net/registry/entity/RACKN3-ARIN
OrgAbuseHandle: RAD128-ARIN
OrgAbuseName: RackNerd Abuse Department
OrgAbusePhone: +1-888-881-6373
OrgAbuseEmail: reportabuse@racknerd.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/RAD128-ARIN

Links to attack logs

Share on: