209.141.59.180 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 209.141.59.180 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 30/100

Host and Network Information

• View other sources: Spamhaus VirusTotal
• Contained within other IP sets: sblam, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

• Country: United States
• Network:
• Noticed: times
• Protocols Attacked: ssh

Malware Detected on Host

Count: 47 a7a5fd3a6737608fb17261f4dffb6cdf93fb45ba6f5e63d49f5a59a5d838c0a9 b727f8080a2b9b842bd3f7569974f3ed44b2c0c9be5f1f078e718e156415dfe8 18cc0d35e392522ff8c5c47b2034ef0506f1c95077d99af535b6443ee32b1c33 0fc629dbb0203818acbb0adafbcaff02d8f0307eaf62714cd2bd5850d47753fb 511d30668fbae8241a2b1d1d77d2064121d5d98ca22aa5a55035d5a441f9ff47 b11e614cdd02aecb8d6ae65bf67bfac8cbefd68830065217e2cb48922743bb12 f7b2043d916775062774cc95e9a8c9c27826dbf7bc1f1fe50d0ca8bf880d1f3e 68801c449b903e06dc672f0bf8dbef9ccbf409a04715c22e111d9028d678460f 433ce817d0e02ad427a65a56debd314617ab850487746871ea7a466f5b71a610 241e08b066aa9fd175b30eabde8a554cb0f0402dd7296ac1b533ff7ba8cd0426

Open Ports Detected

22

Map

Whois Information

• NetRange: 209.141.32.0 - 209.141.63.255
• CIDR: 209.141.32.0/19
• NetName: PONYNET-04
• NetHandle: NET-209-141-32-0-1
• Parent: NET209 (NET-209-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS53667
• Organization: FranTech Solutions (SYNDI-5)
• RegDate: 2011-01-27
• Updated: 2012-03-25
• Ref: https://rdap.arin.net/registry/ip/209.141.32.0
• OrgName: FranTech Solutions
• OrgId: SYNDI-5
• Address: 1621 Central Ave
• City: Cheyenne
• StateProv: WY
• PostalCode: 82001
• Country: US
• RegDate: 2010-07-21
• Updated: 2024-11-25
• Ref: https://rdap.arin.net/registry/entity/SYNDI-5
• OrgTechHandle: FDI19-ARIN
• OrgTechName: Dias, Francisco
• OrgTechPhone: +1-778-977-8246
• OrgTechEmail: fdias@frantech.ca
• OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
• OrgAbuseHandle: FDI19-ARIN
• OrgAbuseName: Dias, Francisco
• OrgAbusePhone: +1-778-977-8246
• OrgAbuseEmail: fdias@frantech.ca
• OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

****** bruteforce-ip-list-2021-05-10 aws-ssh-bruteforce-ip-list-2021-06-09 ****** bruteforce-ip-list-2021-04-18 ******