209.141.55.26 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 209.141.55.26 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

• Known tor exit node

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: blocklist_de, blocklist_de_ssh, blocklist_net_ua, botscout_30d, dm_tor, et_tor, haley_ssh, sblam, stopforumspam_180d, stopforumspam_1d, stopforumspam_30d, stopforumspam_365d, stopforumspam_7d, stopforumspam_90d, stopforumspam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

• Known TOR node
• Country: United States
• Network:
• Noticed: times
• Protocols Attacked: ssh

Malware Detected on Host

Count: 50 11037bc7fb50948db17e9e6ff075961767d882a16747f4e57bc4cf3eeec46820 dfc41ce030340214dfb943f97574b23d44728460586c139e7873732fcd44c1af b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 9005b5476c102983de5a21e87c9607d2951cfa62e4e75fe0367ce362fd6295a9 cfd0c3453436903f471c2d8dd2abb3a20ca1ca823eb425463b1ad24eae81acdc 0aca83c119bcff4eab7b88c26d839e2cca3de41eb905c86d57f4afb8bcbf0877 3523c46d42f35d67ba6841ddc5cdd50b3378220dfc49f512bac44c2c92b6d329 f968e57490d51b280018035014d2c0645ab46e2618749d81e9761395078ec6af 8916a6b593ff7849e31e28d4385588cbb3e276ea5809fa163f434414b89b0916 2fd353ffcace535b5c0cdd3b70784bcbf1d4e35879a3109ed8825c2f970d22d3

Open Ports Detected

35002 80 9001

Map

Whois Information

• NetRange: 209.141.32.0 - 209.141.63.255
• CIDR: 209.141.32.0/19
• NetName: PONYNET-04
• NetHandle: NET-209-141-32-0-1
• Parent: NET209 (NET-209-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2011-01-27
• Updated: 2012-03-25
• Ref: https://rdap.arin.net/registry/ip/209.141.32.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: admin@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: admin@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

bruteforce-ip-list-2022-11-18 vultrparis-ssh-bruteforce-ip-list-2022-12-24 bruteforce-ip-list-2021-06-25 ****** vultrwarsaw-ssh-bruteforce-ip-list-2022-12-24 dolondon-ssh-bruteforce-ip-list-2023-02-21 vultrmadrid-ssh-bruteforce-ip-list-2022-11-09 vultrmadrid-ssh-bruteforce-ip-list-2022-12-17 digitaloceantoronto-ssh-bruteforce-ip-list-2024-02-27 ****** ******