205.185.125.150 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 205.185.125.150 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 38/100

Host and Network Information

• Mitre ATT&CK IDs: T1110 - Brute Force

• Tags: block list, brute force, china mobile, columns, company limited, hk abusehandler, hong kong, network, nxdomain, pgp sign, ssh, timeout, unknown, us abuse, us none

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 4 times
• Protocols Attacked: ssh
• Countries Attacked: Australia
• Passive DNS Results: alist.anotia.top code.anotia.top alibot.anotia.top lv.checkuseless.ml

Open Ports Detected

10000 10001 10013 10014 10018 10027 10029 10086 10089 10106 10209 10210 10243 10348 10380 10445 10909 11000 11007 11027 11084 11112 11210 11211 12000 12114 12118 12133 12147 12152 12153 12161 12166 12177 12178 12184 12186 12187 12193 12195 12197 12201 12209 12233 12234 12244 12251 12254 12262 12263 12266 12272 12295 12308 12322 12343 12362 12372 12374 12384 12392 12407 12408 12412 12417 12439 12450 12467 12478 12489 12491 12513 12514 12519 12520 12533 12543 12562 12565 22

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

• NetRange: 205.185.112.0 - 205.185.127.255
• CIDR: 205.185.112.0/20
• NetName: PONYNET-03
• NetHandle: NET-205-185-112-0-1
• Parent: NET205 (NET-205-0-0-0-0)
• NetType: Direct Allocation
• OriginAS:
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2010-09-03
• Updated: 2012-03-25
• Ref: https://rdap.arin.net/registry/ip/205.185.112.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: admin@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: admin@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

digitaloceanlondon-ssh-bruteforce-ip-list-2025-08-26