209.141.46.47 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 209.141.46.47 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force

• Tags: cowrie, cyber security, ioc, malicious, Nextray, phishing, ssh, TOR, VPN

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 50 times
• Protocols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: postfix.sec4ever.com us-11us.ch000zy.shop ch000zy.shop yume.rip chat.yume.rip las3.1800867.xyz

Malware Detected on Host

Count: 7 be3df20d24ce14468d26ffbb53985bf793568336770ec9fcde01f127c893cdc4 3254d62c593c00eff84e5e991dfe8ee9f33cf48c95e3516d931d06fea73abb67 b9947a957eeb4374af49b94ba331f378207dbf8926d1a04d1ebedb26175c9af0 50f6441208c1a491b594c69a10d14c3bdef8b25a7657af513e9702149fad8133 8baf3a0d9fbb0da7c194ee6137f96b6c3ab8e73be07cba516cb50d2b8f0a652c 2e1cb6a2cb1b284dbdd0b8d47d53f946ca0b27a196c45600cc656889c2e57623 a44c943b70b8164c57766aa3f6a4796effea9de9225053f23a7f5c3d39ade64d

Open Ports Detected

22

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2023-51767 CVE-2024-6387 CVE-2025-26465 CVE-2025-26466

Map

Whois Information

• NetRange: 209.141.32.0 - 209.141.63.255
• CIDR: 209.141.32.0/19
• NetName: PONYNET-04
• NetHandle: NET-209-141-32-0-1
• Parent: NET209 (NET-209-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2011-01-27
• Updated: 2012-03-25
• Ref: https://rdap.arin.net/registry/ip/209.141.32.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: admin@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: admin@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

bruteforce-ip-list-2021-03-25 ****** ****** ****** aws-ssh-bruteforce-ip-list-2021-04-20