107.189.5.248 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 107.189.5.248 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

• Tags: cyber security, ioc, malicious, Nextray, phishing, TOR, vnc, VPN

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: b3b0, blocklist_net_ua, haley_ssh, sblam, stopforumspam_365d, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

• Country: Luxembourg
• Network: AS53667 frantech solutions
• Noticed: 1 times
• Protcols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: gnode1.tijl.dev vault.tijl.dev element.tijl.dev git.tijl.dev bslog.tijl.dev penpot.tijl.dev cloud.tijl.dev api.tijl.dev redirect.tijl.dev tijl.dev turnapi.netmaker.tijl.dev api.netmaker.tijl.dev dashboard.netmaker.tijl.dev turn.netmaker.tijl.dev broker.netmaker.tijl.dev

Malware Detected on Host

Count: 23 42017ea452bcca3379e54c1770d9828f7432ee2f4c6086736ed3f7bc6a26bf90 cb1257e06ecd7a1e1dd42c78c6d663ce10951f7b98f3926b2cab67781a5aa191 7282e2fdb25b07554b082f5cf1697315ed5ce3005f985cbe96a34da965869db5 a896be5e1f5b7d498d6556c9d64fe6407b70360e36dd3f47ee46da9367748ff6 7548589cca05a011b563d58e795233faf2310975659bbc8b4d1db7ae6d805280 ce11997dc64e5db0dc62219e25dc06c4209ba388589112d24973e5fc22ae48ee f046b65739764aa74d38bfaf666094d45ad087b3bc6430c5a19c599b1735a54e 949c6737d24f301ca7ea79dfd0936614bb3158ca66be70a842e7e0a7510d8616 25837be752586ccedb7da8ab32d563a7baa799d91ca69067f0b8acc14dfc0923 a7e484d7cdbcb39538cd203c269d39b15d59f1703cf73429ca67128bb66c0a00

Open Ports Detected

22 25565 30002 30003 80

Map

Whois Information

• NetRange: 107.189.0.0 - 107.189.31.255
• CIDR: 107.189.0.0/19
• NetName: PONYNET-11
• NetHandle: NET-107-189-0-0-1
• Parent: NET107 (NET-107-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2014-04-17
• Updated: 2014-04-17
• Ref: https://rdap.arin.net/registry/ip/107.189.0.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2017-01-28
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: admin@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: admin@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• NetRange: 107.189.0.0 - 107.189.7.255
• CIDR: 107.189.0.0/21
• NetName: BUYVM-LUXEMBOURG-02
• NetHandle: NET-107-189-0-0-2
• Parent: PONYNET-11 (NET-107-189-0-0-1)
• NetType: Reallocated
• OriginAS: AS53667
• Organization: BuyVM (BUYVM)
• RegDate: 2019-10-22
• Updated: 2019-10-22
• Ref: https://rdap.arin.net/registry/ip/107.189.0.0
• OrgName: BuyVM
• OrgId: BUYVM
• Address: 3, op der Poukewiss
• City: Roost
• StateProv:
• PostalCode: 7795
• Country: LU
• RegDate: 2017-10-01
• Updated: 2017-10-01
• Ref: https://rdap.arin.net/registry/entity/BUYVM
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: admin@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: admin@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

aws-ssh-bruteforce-ip-list-2021-06-20