209.141.53.247 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 209.141.53.247 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 45/100

Host and Network Information

• Mitre ATT&CK IDs: T1068 - Exploitation for Privilege Escalation, T1110 - Brute Force

• Tags: agent, agent tesla, apache, apache log4j, blacklist, botnet, bruteforce, Bruteforce, chaos rat, cyber security, DNS, dnsserver, exploits, gafgyt, go agent, ioc, july, malicious, Malicious IP, mirai, Nextray, phishing, project bash, rakeshkrish, rce attack, regresshion, scan, scanners, script, ssh, SSH, tcp, the script, this, udp, user avatar, vulnerability, vultr

• View other sources: Spamhaus VirusTotal

• Country: United States
• Network:
• Noticed: 48 times
• Protocols Attacked: ssh
• Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Spain, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
• Passive DNS Results: botbot.ddosvps.cc celestial.pw browsersmakemehappy.com floodx.live smellyoulater.onthewifi.com ipbooks.cn

Malware Detected on Host

Count: 17 0479d70c31696169a09d37e34d511b587b1a678563867e41b4881325e9f96101 46502a79fb68091343934e740acf3c9cf2c9ad66b423647c35cc3c6391568d53 d4e2d47ac4ae46af2d19df35dd242743ce28f25255e0f6a54a6b097b60f1bdca 92be455ac829d4d2644c554cfe9b529311edf088c47904d231f89cd5fe2c2223 77fad4e68832dc4b33262a126b0ce3161a5c1247fb8388f7d0e53fb6bd0fefd5 5cf565152d8c9645fe73811288aeb0fc51749ca74a818b4e0f08117baf58bb0e 95281f1bc4ae74e3837c8bfd02b06d0bd87a947ed62b5147bf4cc244d913a373 045117bbfd9acfb9cd7f21525d35ec13e8964153b822a87bec0c16f83b6a6dd7 6fa061c48cc4af849516c581bebff871f2d0accddf269abd83ba189ffdd8d5c6 46c1d23d1e9740caeb9e485ab102f75417eb734c1c1efc838e59fca3f5b37031

Map

Whois Information

• NetRange: 209.141.32.0 - 209.141.63.255
• CIDR: 209.141.32.0/19
• NetName: PONYNET-04
• NetHandle: NET-209-141-32-0-1
• Parent: NET209 (NET-209-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2011-01-27
• Updated: 2012-03-25
• Ref: https://rdap.arin.net/registry/ip/209.141.32.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: admin@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: admin@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

vultrmadrid-ssh-bruteforce-ip-list-2022-08-04 ****** ****** ******