209.141.35.200 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 209.141.35.200 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

• Tags: badrequest, bruteforce, cowrie, cyber security, ioc, malicious, Nextray, phishing, probing, scanning, ssh, SSH, webscan, webscanner, webscanner bruteforce web app attack

• JARM: 27d40d40d00040d00042d43d0000004ac24e77d76646867f0f6a0c6d9b9bb0

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: haley_ssh

• Country: United States
• Network:
• Noticed: 48 times
• Protocols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: yupoocatalog.com sunsun810.direct.quickconnect.to kenzhung.synology.me lav-ft01.xc188.net arman.golbangeomid.shop

Open Ports Detected

2000 2002 2003 2006 2008 2010 2022 2030 2031 2048 2049 2050 2057 2059 2063 2066 2080 2082 2083 2085 2087 2100 2101 2121 2122 2126 2154 2181 22 2201 2222 2223 2225 2233 2266 2271 2320 2323 2327 2332 2345 2351 2362 2363 2375 2376 2379 2404 2435 2453 2455 2550 2552 2555 2556 2557 2558 2559 2562 2566 2568 2569 2602 2701 2761 2762 2995 3001 3002 3006 3010 3012 3051 3053 3058 3059 3062 3066 3071 3078 3080 3082 3083 3085 3100 3108 3111 3113 3118 3119 3122 3125 3128 3129 3135 3139 3142 3143 3152 3153 3154 3155 3159 3160 3164 3166 3168 3172 3184 3185 3197 3198 3200 3256 3260 3268 3269 3301 3306 3307 3310 3333 3352 3389 3390 443 4443 80

CVEs Detected

CVE-2015-9251 CVE-2019-11358 CVE-2020-11022 CVE-2020-11023 CVE-2021-23017 CVE-2021-3618 CVE-2023-44487

Map

Whois Information

• NetRange: 209.141.32.0 - 209.141.63.255
• CIDR: 209.141.32.0/19
• NetName: PONYNET-04
• NetHandle: NET-209-141-32-0-1
• Parent: NET209 (NET-209-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2011-01-27
• Updated: 2012-03-25
• Ref: https://rdap.arin.net/registry/ip/209.141.32.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: admin@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: admin@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• NetRange: 209.141.35.0 - 209.141.35.255
• CIDR: 209.141.35.0/24
• NetName: BUYVM-US-209-141-35-0-24
• NetHandle: NET-209-141-35-0-1
• Parent: PONYNET-04 (NET-209-141-32-0-1)
• NetType: Reallocated
• OriginAS:
• Organization: BuyVM Services (BS-29)
• RegDate: 2011-08-14
• Updated: 2011-08-14
• Ref: https://rdap.arin.net/registry/ip/209.141.35.0
• OrgName: BuyVM Services
• OrgId: BS-29
• Address: 55 S. Market Street, Suite 1090
• City: San Jose
• StateProv: CA
• PostalCode: 95113
• Country: US
• RegDate: 2011-08-14
• Updated: 2011-09-24
• Ref: https://rdap.arin.net/registry/entity/BS-29
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: admin@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: admin@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

awsjap-ssh-bruteforce-ip-list-2021-06-20 awsjap-ssh-bruteforce-ip-list-2021-06-22 ****** awsjap-ssh-bruteforce-ip-list-2021-06-23 awsjap-ssh-bruteforce-ip-list-2021-06-24 aws-ssh-bruteforce-ip-list-2021-07-03 ****** ******