209.141.54.195 Threat Intelligence and Host Information

Share on:
May 02, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Known Malicious Host 🔴 100/100

Host and Network Information

  • Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110 - Brute Force, T1110.004 - Credential Stuffing
  • Tags: Brute-Force, Bruteforce, Nextray, SSH, TOR, Telnet, attack, cowrie, cyber security, digital ocean, ioc, kfsensor, login, malicious, phishing, probing, rdp, scanner, scanners, scanning, ssh, vultr, webscan, webscanner bruteforce web app attack
  • Known tor exit node
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_de, blocklist_de_ssh, blocklist_net_ua, botscout_1d, botscout_30d, botscout_7d, cruzit_web_attacks, dm_tor, et_compromised, et_tor, sblam, stopforumspam, stopforumspam_180d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, tor_exits, tor_exits_1d, tor_exits_30d, tor_exits_7d

  • Known TOR node
  • Country: United States of America
  • Network: AS53667 frantech solutions
  • Noticed: 50 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: bestus.kmairplan.one tor1.friendlyexitnode.com friendlyexitnode.com

Malware Detected on Host

Count: 46 a8b4179f30d6c9edf5f66443d80ec027099335c771f3b10f18bfe51e844aed58 5950cc1fbaee48357a4df1bf4d6bfe06f9447ceaf7f6e9787dc90c5fffb09f7a 19780b160b46b00a5513438db3022a37dde1d36677021735af9dacf7ed3744c1 ec43e150012d049bbdf9a552c9a466482c628db8b981064584998a97d2662914 31e336d15f3414e6bae7056b612b3529b0af5c6656f93f9c3d51312a3ce8935c e1ce74027aaab07fefd7add80dbcf9403f6c4545d2823eb5f6f1577d58dcc69b 7b0dad1c77e7e11c5e9fc857bfac196a309d6935b18bdbf4835a359ebd32f186 2e1cb6a2cb1b284dbdd0b8d47d53f946ca0b27a196c45600cc656889c2e57623 ded9892c7213046c1e191a1e12685c773df40c5d9ccd58d96fd8d148cbc32ecb f3000d56afe77e0d95335f7ea86562b3c0e598c1c66ecd4d62e5ccc8af6569d3

Open Ports Detected

22 9999

CVEs Detected

CVE-2016-20012 CVE-2017-15906 CVE-2018-15473 CVE-2018-15919 CVE-2018-20685 CVE-2019-6109 CVE-2019-6110 CVE-2019-6111 CVE-2020-14145 CVE-2020-15778 CVE-2021-36368 CVE-2021-41617

Map

Whois Information

  • NetRange: 209.141.32.0 - 209.141.63.255
  • CIDR: 209.141.32.0/19
  • NetName: PONYNET-04
  • NetHandle: NET-209-141-32-0-1
  • Parent: NET209 (NET-209-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS53667
  • Organization: FranTech Solutions (SYNDI-5)
  • RegDate: 2011-01-27
  • Updated: 2012-03-25
  • Ref: https://rdap.arin.net/registry/ip/209.141.32.0
  • OrgName: FranTech Solutions
  • OrgId: SYNDI-5
  • Address: 1621 Central Ave
  • City: Cheyenne
  • StateProv: WY
  • PostalCode: 82001
  • Country: US
  • RegDate: 2010-07-21
  • Updated: 2017-01-28
  • Ref: https://rdap.arin.net/registry/entity/SYNDI-5
  • OrgTechHandle: FDI19-ARIN
  • OrgTechName: Dias, Francisco
  • OrgTechPhone: +1-778-977-8246
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • OrgAbuseHandle: FDI19-ARIN
  • OrgAbuseName: Dias, Francisco
  • OrgAbusePhone: +1-778-977-8246
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

dosing-ssh-bruteforce-ip-list-2022-11-18 dotoronto-ssh-bruteforce-ip-list-2023-03-14 bruteforce-ip-list-2021-04-02 mysql-bruteforce-ip-list-2021-06-14 aws-ssh-bruteforce-ip-list-2021-06-23 vultrparis-ssh-bruteforce-ip-list-2023-03-21 bruteforce-ip-list-2020-08-28