209.141.52.88 Threat Intelligence and Host Information

Sep 03, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 209.141.52.88 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

  • Mitre ATT&CK IDs: T1110 - Brute Force, T1498 - Network Denial of Service

  • Tags: attack ddos, block list, botnet, brute force, china mobile, columns, combinations, company limited, compromise ipv4, cowrie, Cyclops, ddos, domain port, Gamardeon, gs003, gs005, gs008, HermeticWiper, hk abusehandler, honeytrap, hong kong, hurricane us, iocs, IsaacWiper, LAMP, linux, list ips, malicious, mirai, mirai botnet, network, nxdomain, PartyTicket, pgp sign, russia, russian, sftp, ssh, timeout, ukraine, unknown, us none, WhisperGate

  • View other sources: Spamhaus VirusTotal

  • Country: United States
  • Network:
  • Noticed: 19 times
  • Protocols Attacked: ssh
  • Countries Attacked: Australia, Russian Federation

Open Ports Detected

10001 10006 10009 10010 10012 10013 10024 10025 10030 10032 10038 10040 10042 10046 10047 10051 10066 10071 10084 10181 10210 10240 10243 10250 10256 10324 10393 10397 10443 10444 10554 10892 10894 10909 10911 10935 11000 11001 11007 11112 11210 11211 11288 11300 11371 11434 11443 11596 11688 11701 12000 12019 12088 12115 12118 12128 12129 12135 12139 12145 12147 12150 12151 12157 12161 12164 12165 12166 12167 12171 12180 12182 12196 12197 12199 12200 12202 12204 12206 12207 12212 12225 12227 12229 12232 12234 12239 12244 12245 12250 12252 12260 12261 12262 12263 12265 12268 12270 12273 12281 12282 12284 12290 12293 12294 12297 12300 12303 12307 12309 12311 12312 12325 12327 12332 12333 12337 12338 12341 12345 12347 12351 12352 12355 12362 12366 12367 12371 12375 12382 12385 12386 12387 12388 12392 12393 12394 12395 12396 12401 12402 12403 12406 12411 12416 12418 12419 12424 12433 12439 12441 12443 12444 12449 12454 12455 12456 12457 12461 12478 12479 12480 12482 12486 12492 12499 12503 12505 12506 12518 12521 12530 12532 12536 12537 12545 12546 12548 12550 12553 12560 12561 12563 12567 12570 12571 12573 12577 12580 12583 12585 12588 12902 22

CVEs Detected

CVE-2007-2768 CVE-2008-3844 CVE-2016-20012 CVE-2019-16905 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617 CVE-2023-38408 CVE-2023-48795 CVE-2023-51385 CVE-2023-51767 CVE-2025-26465 CVE-2025-32728

Map

Whois Information

Links to attack logs

digitaloceanlondon-ssh-bruteforce-ip-list-2025-09-03

Share on: