IP Intelligence Briefing: 104.244.79.40
Date: 2026-06-16
---
**1. Core Profile**
- Risk Score: 70 (High Risk)
- Provider: BuyVM (ASN 53667)
- Geolocation: Luxembourg, US (latitude 49.7855, longitude 6.1001)
- Network Role: Web server hosted by BuyVM (Colocation Hosting)
- Services:
- HTTP/HTTPS (ports 80/443)
- SSH (port 22, OpenSSH 9.2p1)
- Threat Indicators:
- No direct malware or exploit indicators.
- Linked to tor-exit.deinonychus.deinonychus.xyz (DNS association).
- Historical "connection_failed" events.
---
**2. Observation History**
- Recent Activity (2026-06-16):
- High-confidence signal (0.95) indicating potential threats (truncated pulse names).
- "Connection failed" event for HTTPS.
- Network Classification:
- Subnet 104.244.79.0/24 with abuse density 0% (clean).
- Inherited risk score: 7 (likely from subnet).
---
**3. Relationships**
- Network:
- Same network as BUYVM-LUXEMBOURG-01 (ASN 53667).
- DNS:
- Associated with tor-exit.deinonychus.deinonychus.xyz (hostname).
- Subnet Neighbors (104.244.79.0/24):
- 3 IPs with risk score 59 (moderate risk).
- 1 IP with risk score 25 (low risk).
---
**4. Threat Context**
- Torus Link: The DNS association with a Tor exit node suggests potential anonymity layer usage.
- Hosting Provider: BuyVM is a VPS/colocation provider; no direct abuse reported.
- Subnet Cleanliness: Subnet appears clean, but inherited risk may indicate broader network exposure.
---
**5. Recommendations**
- Monitor Traffic: Track unusual outbound connections to tor-exit.deinonychus.deinonychus.xyz.
- Block Subnet Neighbors: Consider blocking IPs with moderate risk (e.g., 104.244.79.44, 104.244.79.50) if they exhibit suspicious behavior.
- Verify Hosting: Confirm BuyVMβs compliance and ensure no misconfigured servers are exposing services.
- Enhance DNS Monitoring: Investigate the Tor-linked hostname for phishing or C2 activity.
---
Note: The IPβs high risk score and Tor association warrant further investigation, even if no direct threats are currently detected.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
π’ Ownership & Registration
| Organization | BuyVM |
| ASN | AS53667 |
| Network Name | BUYVM-LUXEMBOURG-01 |
| CIDR Block | 104.244.72.0/21 |
| RIR | ARIN |
| Country | United States |
| Abuse Contact | Available via RDAP |
π DNS Intelligence
| PTR | tor-exit.deinonychus.deinonychus.xyz |
| Forward Confirmed | No β PTR hostname does not resolve back to this IP (weak signal) |
| Forward Hostnames | tor-exit.deinonychus.deinonychus.xyz |
π DNS Hygiene
| Hygiene Score | 20% (Poor) |
| SPF | Not configured |
| DMARC | Not configured |
| FCrDNS | Not verified |
| DNSSEC | Valid |
| CAA | Not configured |
βοΈ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting β Infrastructure provider without advanced routing |
π Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | β |
| 443 | https | tcp | β |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | openresty |
| HTTP Title | β |
| SSH Version | SSH-2.0-OpenSSH_9.2p1 Debian-2+deb12u6 |
π TLS Certificate
| SANs | None |
| Valid From | β |
| Valid Until | β |
π― Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 33% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 27% | 2 | 3 |
| ownership | 27% | 2 | 3 |
| reputation | 13% | 1 | 2 |
| geolocation | 27% | 2 | 3 |
| Overall | 23% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (50%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
π Observation Timeline π Live
| First Seen | 2026-05-31 17:22:58 UTC |
| Last Seen | 2026-06-29 08:40:48 UTC |
| Profile Built | 2026-06-29 08:47:06 UTC |
| Data Freshness | Live |
| Signal Types | 22 |
| Total Observations | 23 |
Full dossier details are available via our API.