209.141.42.90 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 209.141.42.90 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 55/100

Host and Network Information

• Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

• Tags: cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: haley_ssh

• Country: United States
• Network:
• Noticed: 33 times
• Protocols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Open Ports Detected

10000 10001 10007 10008 10009 10013 10014 10016 10025 10027 10028 10032 10037 10038 10042 10044 10046 10050 10051 10065 10066 10071 10080 10081 10090 10100 10101 10106 10134 10181 10225 10243 10249 10250 10255 10283 10398 10443 10554 10810 10892 10909 10911 10935 10936 11075 11082 11111 11112 11184 11210 11211 11288 11300 11371 11681 11920 12000 12001 12019 12082 12101 12105 12107 12112 12114 12115 12116 12121 12123 12127 12128 12129 12133 12134 12135 12136 12138 12140 12143 12145 12152 12156 12160 12163 12164 12171 12176 12182 12184 12185 12187 12200 12201 12202 12207 12216 12217 12221 12224 12225 12233 12234 12238 12239 12241 12242 12245 12246 12248 12261 12269 12271 12272 12273 12274 12277 12278 12280 12285 12287 12289 12291 12294 12302 12308 12310 12313 12314 12319 12320 12321 12327 12333 12335 12336 12344 12345 12346 12348 12351 12353 12358 12361 12370 12374 12386 12388 12390 12404 12405 12409 12413 12416 12417 12419 12423 12424 12425 12430 12436 12438 12439 12440 12441 12445 12448 12450 12454 12456 12465 12469 12470 12472 12475 12480 12496 12502 12505 12512 12514 12515 12518 12520 12524 12525 12526 12528 12534 12536 12538 12542 12543 12549 12550 12554 12561 12564 12577 12579 12583 12585 12587 12589 12590 13047 13084 13333 13579 14024 14147 14265 14344 14400 14403 14404 14406 14407 14443 14894 14895 14901 14905 14909 15044 15443 15502 15504 16001 16010 16013 16015 16019 16021 16023 16025 16028 16029 16030 16033 16036 16039 16043 16051 16056 16057 16062 16069 16070 16078 16079 16081 16083 16086 16091 16093 16094 16099 16101 16103 16104 16311 16316 16443 16464 16667 16992 16993 17000 17010 17020 17770 17777 17779 17780 18014 18016 18018 18026 18028 18035 18036 18040 18044 18058 18059 18061 18062 18070 18071 18072 18075 18076 18079 18080 18081 18084 18085 18090 18091 18099 18102 18105 18107 18110 18111 18112 18182 18225 18245 18368 18443 18553 18765 18888 19000 19016 19022 19071 19080 19084 19100 19200 19233 19930 19998 20000 20018 20070 20087 20107 20151 20182 20256 20440 20512 20547 20900 21025 21027 21081 21082 21083 21084 21231 21232 21233 21234 21241 21244 21250 21252 21254 21259 21262 21268 21270 21271 21273 21274 21280 21282 21284 21285 21288 21290 21292 21293 21294 21295 21303 21307 21311 21317 21329 21330 21357 21379 21443 21500 22 22000 22001 22067 22069 22070 22103 22107 22222 22403 22556 22703 23023 23424 24181 24245 24472 24808 25008 25009 25105 25565 26656 26657 27015 27016 27017 27036 28015 28017 28080 28443 30001 30002

Map

Whois Information

• NetRange: 209.141.32.0 - 209.141.63.255
• CIDR: 209.141.32.0/19
• NetName: PONYNET-04
• NetHandle: NET-209-141-32-0-1
• Parent: NET209 (NET-209-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2011-01-27
• Updated: 2012-03-25
• Ref: https://rdap.arin.net/registry/ip/209.141.32.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: fdias@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: fdias@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

bruteforce-ip-list-2021-03-24 ****** bruteforce-ip-list-2021-06-03 aws-ssh-bruteforce-ip-list-2021-04-21 bruteforce-ip-list-2021-05-26 ****** ******