209.141.41.212 Threat Intelligence and Host Information

Aug 29, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 209.141.41.212 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 36/100

Host and Network Information

Mitre ATT&CK IDs: T1110 - Brute Force
Tags: block list, brute force, china mobile, columns, company limited, hk abusehandler, hong kong, network, nxdomain, pgp sign, ssh, timeout, unknown, us none
View other sources: Spamhaus VirusTotal

Country: United States
Network:
Noticed: 3 times
Protocols Attacked: ssh
Countries Attacked: Australia
Passive DNS Results: mushroom123.duckdns.org wg.mushroom123.duckdns.org auth.mushroom123.duckdns.org v2-bv-us.wrb.xyz

Open Ports Detected

10000 10001 10002 10003 10013 10015 10019 10021 10025 10034 10046 10050 10052 10065 10068 10080 10081 10086 10090 10106 10123 10181 10200 10209 10225 10240 10243 10250 10283 10443 10445 10554 10810 10892 10909 10911 10933 10935 10943 11000 11075 11084 11110 11112 11210 11211 11288 11300 11371 11434 12000 12016 12084 12104 12106 12110 12112 12114 12115 12122 12126 12128 12129 12130 12133 12134 12135 12138 12139 12140 12141 12145 12147 12148 12150 12152 12153 12156 12157 12161 12162 12163 12164 12168 12169 12170 12173 12174 12176 12177 12181 12183 12187 12189 12193 12194 12196 12198 12202 12206 12211 12215 12216 12217 12218 12223 12225 12228 12230 12234 12235 12246 12250 12252 12255 12264 12268 12269 12272 12287 12291 12292 12294 12302 12303 12310 12312 12313 12316 12318 12319 12321 12330 12332 12333 12334 12339 12346 12356 12357 12361 12362 12366 12367 12369 12372 12379 12381 12384 12389 12392 12394 12395 12401 12403 12408 12409 12410 12412 12414 12415 12418 12420 12422 12423 12427 12430 12432 12437 12441 12444 12447 12457 12459 12461 12466 12469 12478 12486 12488 12489 12499 12504 12505 12507 12510 12512 12513 12514 12516 12532 12537 12544 12552 12558 12559 12562 12565 12567 12568 12569 12573 12580 12586 12587 22

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2019-16905 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

NetRange: 209.141.32.0 - 209.141.63.255
CIDR: 209.141.32.0/19
NetName: PONYNET-04
NetHandle: NET-209-141-32-0-1
Parent: NET209 (NET-209-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: FranTech Solutions (SYNDI-5)
RegDate: 2011-01-27
Updated: 2012-03-25
Ref: https://rdap.arin.net/registry/ip/209.141.32.0
OrgName: FranTech Solutions
OrgId: SYNDI-5
Address: 1621 Central Ave
City: Cheyenne
StateProv: WY
PostalCode: 82001
Country: US
RegDate: 2010-07-21
Updated: 2024-11-25
Ref: https://rdap.arin.net/registry/entity/SYNDI-5
OrgTechHandle: FDI19-ARIN
OrgTechName: Dias, Francisco
OrgTechPhone: +1-778-977-8246
OrgTechEmail: fdias@frantech.ca
OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
OrgAbuseHandle: FDI19-ARIN
OrgAbuseName: Dias, Francisco
OrgAbusePhone: +1-778-977-8246
OrgAbuseEmail: fdias@frantech.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

digitaloceantoronto-ssh-bruteforce-ip-list-2025-08-29

Share on: