204.44.98.138 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 204.44.98.138 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 50/100

Host and Network Information

• Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

• Tags: cowrie, cyber security, ioc, kfsensor, malicious, Nextray, phishing, rdp, ssh

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: haley_ssh

• Country: United States
• Network:
• Noticed: 50 times
• Protocols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: 2wanda.com 3wanda.com aoaolu.loan 949vv.loan zknm.loan yyzp.loan xnkc.loan nxfp.loan ntqh.loan nrfk.loan kwpl.loan jypn.loan hqnr.loan fxmc.loan dykl.loan dphl.loan ytgb.loan yjqj.loan wmsl.loan sdqd.loan rxfc.loan rrgh.loan pfgf.loan nyqs.loan lhjk.loan gygd.loan fknl.loan dzkc.loan dchg.loan tgsa.loan 900208.loan 900309.loan 900308.loan 900307.loan 900306.loan 900305.loan 900304.loan 900303.loan 900302.loan 900301.loan 900210.loan 900209.loan 900207.loan 900206.loan www.90009018.com www.90009017.com www.90009014.com 90009020.com 90009019.com 90009018.com 90009017.com 90009016.com 90009015.com 90009014.com 90009013.com 90009011.com 90009010.com 1.jisufuzhu.cn ltaqqb.com 153.pvazl.in xesmj.in suliaowanyoushimeyiqinengkanchuan.kcpht.in 28.xesmj.in baijialezhuozidingzuo.nwxom.in 51.vqlze.in odwwi.in hmhad.in 83.odwwi.in 692.hmhad.in 269.kpgxo.in 197.kcpht.in 787.nwxom.in imgdh.in nwxom.in rsbhx.in ejzfb.in jexhm.in 967.jexhm.in 967.ejzfb.in 877.pvazl.in rmlsx.in 949.nwxom.in 96.rsbhx.in 900.imgdh.in 290.ejzfb.in 48.rmlsx.in

Map

Whois Information

• NetRange: 204.44.64.0 - 204.44.127.255
• CIDR: 204.44.64.0/18
• NetName: HOSTP-7
• NetHandle: NET-204-44-64-0-1
• Parent: NET204 (NET-204-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: HostPapa (HOSTP-7)
• RegDate: 2025-01-30
• Updated: 2025-01-30
• Ref: https://rdap.arin.net/registry/ip/204.44.64.0
• OrgName: HostPapa
• OrgId: HOSTP-7
• Address: 325 Delaware Avenue
• Address: Suite 300
• City: Buffalo
• StateProv: NY
• PostalCode: 14202
• Country: US
• RegDate: 2016-06-06
• Updated: 2024-04-26
• Ref: https://rdap.arin.net/registry/entity/HOSTP-7
• OrgAbuseHandle: NETAB23-ARIN
• OrgAbuseName: NETABUSE
• OrgAbusePhone: +1-905-315-3455
• OrgAbuseEmail: net-abuse-global@hostpapa.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/NETAB23-ARIN
• OrgTechHandle: NETTE9-ARIN
• OrgTechName: NETTECH
• OrgTechPhone: +1-905-315-3455
• OrgTechEmail: net-tech-global@hostpapa.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NETTE9-ARIN

Links to attack logs

****** aws-ssh-bruteforce-ip-list-2021-04-08 ****** ******