209.141.38.163 Threat Intelligence and Host Information

Share on:
May 15, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 209.141.38.163 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Tags: TOR, VPN, badrequest, bruteforce, la, lafusioncenter, louisiana, nmap, port-scan, probing, vnc, webscan, webscanner
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh, stopforumspam_365d

  • Country: United States
  • Network: AS53667 frantech solutions
  • Noticed: 50 times
  • Protcols Attacked: SSH
  • Countries Attacked: Australia
  • Passive DNS Results: immortalmcdonaldsburger.store shodshfoshfsf.houredefjiaojfa.xyz camzu.com

Malware Detected on Host

Count: 8 4322f5477f23e04b4474091e6406c0aac5627e26d05fb5448e3fc5c28ff6dc14 8d477e4aa0eb16d30dfe87e2735ef374ce488f9772f764716b77ebd2438c32e7 1ea6e228b98c2b1d1fcd3e10c40119cec7ccdc63d256b29ad81800d5b61ba1d1 2e66d07f6dc0aaaa247802ba12be12fc5904b0a23d6118c76718c3f84125b871 cabf0db3d73622405c6ad92e55a24d186ba72e5f9155ca0e26a3bfff3f234656 010321a94d616733d0564ec1584682a1b359315565db281c008be1f31624be0e b472aec8c63a88f49e0efa6fbbad0c82a1c9d96551c6300b237fd92675385b86 f57862c0cf21504c84fed72b90abc36532d78928894cbcbdb9df42f53fb71710

Map

Whois Information

  • NetRange: 209.141.32.0 - 209.141.63.255
  • CIDR: 209.141.32.0/19
  • NetName: PONYNET-04
  • NetHandle: NET-209-141-32-0-1
  • Parent: NET209 (NET-209-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS53667
  • Organization: FranTech Solutions (SYNDI-5)
  • RegDate: 2011-01-27
  • Updated: 2012-03-25
  • Ref: https://rdap.arin.net/registry/ip/209.141.32.0
  • OrgName: FranTech Solutions
  • OrgId: SYNDI-5
  • Address: 1621 Central Ave
  • City: Cheyenne
  • StateProv: WY
  • PostalCode: 82001
  • Country: US
  • RegDate: 2010-07-21
  • Updated: 2017-01-28
  • Ref: https://rdap.arin.net/registry/entity/SYNDI-5
  • OrgTechHandle: FDI19-ARIN
  • OrgTechName: Dias, Francisco
  • OrgTechPhone: +1-778-977-8246
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • OrgAbuseHandle: FDI19-ARIN
  • OrgAbuseName: Dias, Francisco
  • OrgAbusePhone: +1-778-977-8246
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • .com
  • mnt-by: AS8560-MNT
  • created: 2009-05-20T17:24:09Z
  • last-modified: 2022-05-18T09:18:10Z
  • role: IP Operations
  • address: IONOS SE
  • admin-c: JR2342-RIPE
  • admin-c: SH15342-RIPE
  • tech-c: JR2342-RIPE
  • tech-c: SH15342-RIPE
  • nic-hdl: IPOP-RIPE
  • abuse-mailbox: [email protected]
  • mnt-by: AS8560-MNT
  • created: 2009-05-28T16:25:04Z
  • last-modified: 2022-05-18T09:18:10Z
  • route: 217.160.80.0/22
  • descr: AS8560 anycast more specific
  • origin: AS8560
  • mnt-by: AS8560-MNT
  • created: 2011-03-02T11:56:18Z
  • last-modified: 2011-03-02T11:56:18Z

Links to attack logs

nmap-scanning-list-2021-09-16 nmap-scanning-list-2021-05-23