134.249.116.78 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 134.249.116.78 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Tags: cyber security, ioc, malicious, Nextray, phishing

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: cruzit_web_attacks

• Country: Ukraine
• Network:
• Noticed: 30 times
• Protocols Attacked: SSH
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: 134.249.116.78

Malware Detected on Host

Count: 81 64f7c20a7dc4c20a6638576958f600c3c31946c82f772cc199a40c633285a0fb d2586308dcd335a16e0009584ec42ce305dd5a539610edcd243c26f4996e05c5 7dc49b48ddf5ee68e74189bb530b0467d274ac9722f9ad24182dd675b78e3b12 54dafa77d62e89c79c2d4d7d5c53746afac5c7b3c2627c0fdc5b29689955b1bf b2cee58b28852141573057ccbaeae4d28111431e50a6b6652f18399fc4e8678c 4f3b690e618d933e514a6750ed8b4d794e4892e5405b0cd458cabbf66160c7df ef2906c02c0a5c17018231d684fab504da9a5c62dbce80598f2ed852ba616f30 6cc99fb84278f76d8bf11037945d1881c57b8b6afdce7d36bc716a0182f9bcc6 9ad1ad69fb41b6e22527224587cd2bb5694f2f51505afe55a22c3488c53e78cc 0b8ee3afb4f1cab3de335eef0e4acfd7070a9752623ec02d0d8619a76fb759af

Map

Whois Information

• NetRange: 134.249.0.0 - 134.249.255.255
• CIDR: 134.249.0.0/16
• NetName: RIPE-ERX-134-249-0-0
• NetHandle: NET-134-249-0-0-1
• Parent: NET134 (NET-134-0-0-0-0)
• NetType: Early Registrations, Transferred to RIPE NCC
• OriginAS:
• Organization: RIPE Network Coordination Centre (RIPE)
• RegDate: 2010-11-03
• Updated: 2025-02-10
• Ref: https://rdap.arin.net/registry/ip/134.249.0.0
• OrgName: RIPE Network Coordination Centre
• OrgId: RIPE
• Address: P.O. Box 10096
• City: Amsterdam
• StateProv:
• PostalCode: 1001EB
• Country: NL
• RegDate:
• Updated: 2013-07-29
• Ref: https://rdap.arin.net/registry/entity/RIPE
• OrgTechHandle: RNO29-ARIN
• OrgTechName: RIPE NCC Operations
• OrgTechPhone: +31 20 535 4444
• OrgTechEmail: hostmaster@ripe.net
• OrgTechRef: https://rdap.arin.net/registry/entity/RNO29-ARIN
• OrgAbuseHandle: ABUSE3850-ARIN
• OrgAbuseName: Abuse Contact
• OrgAbusePhone: +31205354444
• OrgAbuseEmail: abuse@ripe.net
• OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3850-ARIN

Links to attack logs

****** ****** ******