209.141.55.49 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 209.141.55.49 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 14/100

Host and Network Information

• JARM: 1dd40d40d00040d1dc1dd40d1dd40d49d2fee601d1d947c984d73c17761a87

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: turris_greylist

• Country: United States
• Network:
• Noticed: times
• Protocols Attacked: telnet
• Passive DNS Results: mr-us-bm-1.miaomiaomi.com ai.miaomiaomi.com minecraft.live

Malware Detected on Host

Count: 9 6769aa2661db2a0068e559f7bd4cf77895ab803e6c367b52d43cc95256fa57eb 2ceef00b1a018eb5c7e1b35994e3f1742b43f58c7f12e8caa864eb1e9866b81a 46aa97fe6269cba362caada9e74a2796bf0df1fb36ec53b02949b1edafa43190 a66f7f3f6359251fd536ae2f6a8c28173460effca61293bf738a13e9b86f8554 b5888760feeb2917716f75d76472530c28d493058f9b8c7cdc26f25e9ebc489e 1af9b6562f9bac624114b2dd0b573b23b9f781ef571b17cc34996119bc7c2a15 a43e38facc0e172efb2aca15ef269706df4140e8061bc02061b8f0d5be69ddb1 cb5be1612e942438225ef3df04e36f2379162ad2b41be6e72b00c3c59e095caa 8b2e2638ae12c7ae8babdb913b1abfc210df898ea5ab69c0941f95476b31acd2

Open Ports Detected

2087 25 443 80

CVEs Detected

CVE-2021-3618 CVE-2023-44487

Map

Whois Information

• NetRange: 209.141.32.0 - 209.141.63.255
• CIDR: 209.141.32.0/19
• NetName: PONYNET-04
• NetHandle: NET-209-141-32-0-1
• Parent: NET209 (NET-209-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2011-01-27
• Updated: 2012-03-25
• Ref: https://rdap.arin.net/registry/ip/209.141.32.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: admin@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: admin@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

****** dosing-telnet-bruteforce-ip-list-2021-09-20 ****** ******