209.141.55.49 Threat Intelligence and Host Information

Share on:
May 02, 2023 ipinfopage

General

This page was generated as a result of this host being detected actively attacking or scanning another host. See below for information related to the host network, location, number of days noticed, protocols attacked and other information including reverse DNS and whois.

Potentially Malicious Host 🟡 42/100

Host and Network Information

  • Tags: Malicious IP, Nextray, RDP, SSH, Telnet, abuse, attack, blacklist, botnet, bruteforce, cowrie, cyber security, fraud, ioc, ipqs, ipqualityscore, login, malicious, mirai, phishing, scan, scanner, ssh, tcp, telnet, web attack
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: turris_greylist

  • Country: United States of America
  • Network: AS53667 frantech solutions
  • Noticed: 50 times
  • Protcols Attacked: telnet
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: ai.miaomiaomi.com minecraft.live

Malware Detected on Host

Count: 8 2ceef00b1a018eb5c7e1b35994e3f1742b43f58c7f12e8caa864eb1e9866b81a 46aa97fe6269cba362caada9e74a2796bf0df1fb36ec53b02949b1edafa43190 a66f7f3f6359251fd536ae2f6a8c28173460effca61293bf738a13e9b86f8554 b5888760feeb2917716f75d76472530c28d493058f9b8c7cdc26f25e9ebc489e 1af9b6562f9bac624114b2dd0b573b23b9f781ef571b17cc34996119bc7c2a15 a43e38facc0e172efb2aca15ef269706df4140e8061bc02061b8f0d5be69ddb1 cb5be1612e942438225ef3df04e36f2379162ad2b41be6e72b00c3c59e095caa 8b2e2638ae12c7ae8babdb913b1abfc210df898ea5ab69c0941f95476b31acd2

Open Ports Detected

443 80

CVEs Detected

CVE-2021-3618

Map

Whois Information

  • NetRange: 209.141.32.0 - 209.141.63.255
  • CIDR: 209.141.32.0/19
  • NetName: PONYNET-04
  • NetHandle: NET-209-141-32-0-1
  • Parent: NET209 (NET-209-0-0-0-0)
  • NetType: Direct Allocation
  • OriginAS: AS53667
  • Organization: FranTech Solutions (SYNDI-5)
  • RegDate: 2011-01-27
  • Updated: 2012-03-25
  • Ref: https://rdap.arin.net/registry/ip/209.141.32.0
  • OrgName: FranTech Solutions
  • OrgId: SYNDI-5
  • Address: 1621 Central Ave
  • City: Cheyenne
  • StateProv: WY
  • PostalCode: 82001
  • Country: US
  • RegDate: 2010-07-21
  • Updated: 2017-01-28
  • Ref: https://rdap.arin.net/registry/entity/SYNDI-5
  • OrgTechHandle: FDI19-ARIN
  • OrgTechName: Dias, Francisco
  • OrgTechPhone: +1-778-977-8246
  • OrgTechEmail: [email protected]
  • OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
  • OrgAbuseHandle: FDI19-ARIN
  • OrgAbuseName: Dias, Francisco
  • OrgAbusePhone: +1-778-977-8246
  • OrgAbuseEmail: [email protected]
  • OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

dosing-telnet-bruteforce-ip-list-2021-09-20