IOC Radar
IPMediumSignal 74/100

205.185.126.208

Location
United StatesUnited States
Las Vegas, NV
ASN
AS53667
FranTech Solutions
First Seen
Jul 27, 2024
Last Seen
Jun 7, 2026
Jul 27
First Seen
687d ago
Jun 7
Last Seen
7d ago
11
Reports
source reports
74%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
74%
Signal Score
74 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

52 techniques

Network Information

CountryUSUnited States
RegionLas Vegas, NV
ASNAS53667
OrganizationFranTech Solutions

Feed Intelligence Summary

11 reports74% confidence
11
Source reports
74%
Confidence score
Category tags
ack scanactive scanactive scanningaddressaddress firstaerospace & defenseafricaaitm serveramos steakeramos stealerand technology sectorsanydesk moduleappendix baptapt grouparchive fileasiaatomic httpsatomic stealerautomotive manufacturingbackdoorsbankingbcttbha006blockboinc c2bootkitty iocsbotnetbotnet activitybrazanbamboo c2brute forcebrute_forceburnsrat cc2c2 addressc2 domainc2 httpc2 httpsc2 ipc2 ip addressc2 serverc2 serverscheat enginechinacivil servicesck codeck techniquescloudcloud computingcloud infrastructurecloud migrationcloud securitycloud servicescloud storagecobalt strikecobalt strike frameworkcodecode executioncode injectioncode issuescode snippetscommand & controlcommand and controlcommand executioncommunication protocolcommunication technologiescompromise notecompromised systemscomputer securitycontrolcredential accesscredential harvestingcredential stuffingcredential_accesscredit card servicescthulhu stealercubacyber attackscyber espionagecyber newscyber security newscyber security updatescyber threatscyber updatesdamndarkracedatadata breachdata encryptiondata exfiltrationdata store exposuredatabase securitydefanged filedefencedefensedefense contractingdefense contractorsdefense evasiondefense logisticsdefense systemsdefense technologydetailsdigital signaturedistributed attacksdocument luresdomaindomainsdonald trumpdonexdownload urldownloaderdropperduoyieldoradoelectronics manufacturingencryptioneuropeexecutable fileexploitationexploitation activityextortionfake captchafake chromefilefilesfin scanfinaldraft elffinancefinance and insurancefinancial servicesfinancial technologyfindfingerprintfirstfirst seenfirst stagefleet managementfooterforeign affairsfrancefreight servicesftpftp brute forcefuturegh0stratghostgambitghostsocksgithubgithub usersgmergo backdoorgoogle meetgovernment agenciesgovernment technologyguidloadergunra ransomwarehacker newshacking newshasheshashes payloadhelldown linuxhidden rootkithigher educationhornshow to hackhta filehta md5hta scripthtmlhtml payloadhttphttp attackhttp brute forcehttp scannericonicsidentity & access exploitationindicatortypeindonesiaindustrial automationindustrial iotindustrial productioninformation securityinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksinsiktinsikt groupintergovernmentaliocsiocs filesiocs hashiocs helldowniocs maliciousiocs zipiot securityips httpsipv4ipv4 addressit infrastructureivantijs downloadl fileslandinglatin americalinkslinuxlnk fileloaderlockbitlumma payloadlumma staelermalicious linksmalicious softwaremalwaremalware c2malware campaignmalware hashmalware signingmanualmanufacturing technologymarinemaritime transportmediamekotio bankingmilitary operationsmintsloader c2mitremlpeamobile carriersmobile networksmodelmoneromonitormsimsi filemulti-cloud managementna majesticna starknational securityneshtanetworknetwork intrusionnetwork ipnetwork scanningnetwork securitynetwork service scanningnetwork_reconnaissancenoopldr type1noopldr type2north americanull scanoil and gasopswat oesispalo altopalo alto networkspanamapanelpantegana backdoorpassenger transportationpathloaderpayloadpayload hostpayload urlpayment processingpdf lurephishingphishing attackphishing urlsphobosphpsertphpsert variantpluginplugxplugx c2portspowershower c2private serverprocess injectionprocess manufacturingproof-of-conceptprotocol exploitationproxypscppsexecpublicpublic administrationpublic infrastructurepublic policypullquality controlquite solsjoasquocrail transportransomransomwareransomware malwarereconnaissancereconnaissance activityrecorded futurereddelta c2redditrednovemberregistry keysregulatory agenciesremcosremcos trojanremote accessremote servicesresearchedrhadamanthys c2sample sha256samplesscams & fraudsearchsecurity operationsseensemiconductorserverserver httpserversservers ipservice dllservice scansftpsftp attackshell commandssignsimilar sha256sitesitessmtp brute forcesocial engineeringsoftware developmentsoftware integritysoftware vulnerabilitysolo airfieldsouth koreasoutheast asiaspark ratsparkratsparkrat trojansql injectionssh accessssh attackstarstealc c2stealc payloadstrike c2strike loadersstrongstudio codesupply chain attacksupply chain managementsyn scansystem disruptionsystem information discoverysystembct1005t1021t1021.001t1027t1036t1040t1041t1046t1055t1059t1059.001t1059.003t1068t1071t1071.001t1071.002t1076t1078t1083t1110t1110.002t1190t1204t1204.001t1204.002t1486t1490t1496t1499.001t1499.002t1499.003t1530t1554.001t1554.003t1563t1565t1566t1566.001t1566.002t1566.003t1569.002t1571t1583t1583.003t1587.001t1590t1590.001t1590.006t1595t1595.001t1595.002t1595.003tactictag-100tag100 cobalttaiwantargeting databasetcp scantelecom servicestelecommunicationstelnet threatthreat actorthreat intelligencetls certificatetokentoolstor nodetradetransportation and warehousingtransportation infrastructuretransportation technologytrojanizedtrojanspytwittertype nameudp scanunauthorized access attemptunited statesurlsurls httpurls httpsusv4 removalvantvbshower c2versionversion bversion cversion dversion eviewvisual studiovssadmin deletevulnerability scanwealth managementweb application attackweb securityweb trafficwindows payloadword documentxmas scanxworm campaignzimbrazip filezipmsi

Activity Timeline

1 total obs
Jun 7Jun 7

Threat Activity Heatmap

· Peak: 2026-06-07
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
74
SIGNAL
Signal Score
74%
Confidence
11
Reports
First seenJul 27, 2024
Last seenJun 7, 2026
GeolocationUS
CountryUnited States
LocationLas Vegas, NV
ASNAS53667
OrgFranTech Solutions
Coords36.1020, -115.1447

VirusTotal

Not checked

WHOIS

description
CC=US ASN=AS53667 PONYNET
raw
NetRange: 205.185.112.0 - 205.185.127.255 CIDR: 205.185.112.0/20 NetName: PONYNET-03 NetHandle: NET-205-185-112-0-1 Parent: NET205 (NET-205-0-0-0-0) NetType: Direct Allocation OriginAS: AS53667 Organization: FranTech Solutions (SYNDI-5) RegDate: 2010-09-03 Updated: 2012-03-25 Ref: https://rdap.arin.net/registry/ip/205.185.112.0 OrgName: FranTech Solutions OrgId: SYNDI-5 Address: 1621 Central Ave City: Cheyenne StateProv: WY PostalCode: 82001 Country: US RegDate: 2010-07-21 Updated: 2024-11-25 Ref: https://rdap.arin.net/registry/entity/SYNDI-5 OrgAbuseHandle: FDI19-ARIN OrgAbuseName: Dias, Francisco OrgAbusePhone: +1-778-977-8246 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN OrgTechHandle: FDI19-ARIN OrgTechName: Dias, Francisco OrgTechPhone: +1-778-977-8246 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
references
https://go.recordedfuture.com/hubfs/reports/cta-2024-0716.pdf, https://www.recordedfuture.com/research/tag-100-uses-open-source-tools-in-suspected-global-espionage-campaign, Bootkitty, Glove-Stealer, Fake Discount Sites Exploit Black Friday, Helldown Ransomware, HawkEye Malware, PXA Stealer, Iranian Hackers Use GitHub and Phishing to Evade Detection in SnailResin Attack, BrazenBamboo, SpyGlace, RustyStealer and New Ymir Ransomware, PyPI-AIOCPA, Python NodeStealer, romcom-exploits-firefox-and-windows, Rockstar-Phishing, Silent Skimmer Gets Loud (Again), SteelFox Trojan, WezRat Malware, Avast-Anti-Root-KIt, Winos4.0 RAT, APT36, WolfsBane Backdoor, APT-K-47, Remcos RAT, babbleloader, Bitter APT, UAC-0194’s Exploitation of CVE-2024-43451 in Ukraine for Phishing, CloudScout_ Evasive Panda scouting cloud services, clickfix-tactic, Akira Ransomware, Bumblebee Malware, ELDORADO RANSOMWARE, Evasive Panda Uses MACMA and MgBot Malware to Target US and Taiwan, Demodex rootkit, BugSleep Malware, HotPage.exe (malware), Qilin Ransomware, NOOPDOOR Malware, Shadowroot Ransomware, play ransomware, MALLOX RANSOMWARE, New Malware Campaign Abusing RDPWrapper and Tailscale to Target Cryptocurrency Users, ACR Stealer, Suspicious Domains Exploiting the Recent CrowdStrike Outage!, Gh0stGambit, MEKOTIO BANKING TROJAN, TAG-100, Fake game sites lead to information stealers, Chrome Extensions Hijacked, 2.6 Million Users Impacted, macOS Users Targeted by the New Variant of Banshee Infostealer, Hundreds of fake Reddit sites push Lumma Stealer malware, GamaCopy APT Group Mimicking GamaRedon, InvisibleFerret Malware Leveraging Python for Targeted Attacks, Fake CAPTCHA Campaign That Spreads LUMMA Info Stealer, REF5961 Group Deploys EAGERBEE Backdoor Against Critical Sectors, Phishing Campaigns Fuel Compiled AutoIt Malware Distribution, The great Google Ads heist_ criminals ransack advertiser accounts via fake Google ads, New Star Blizzard spear-phishing campaign targets WhatsApp accounts, RansomHub Affiliate leverages Python-based backdoor, Sliver Implant Targets German Entities with DLL Sideloading and Proxying Techniques, Advanced Evasion Techniques Used by NonEuclid RAT, The Return of PlugX Malware with Fresh Tricks, The Growing Risk of Sneaky 2FA for Microsoft and Gmail Accounts, Weaponized Software Targeting Chinese Organizations, Threat Surge as Lumma Stealer Expands Its Reach, Chinese State-Sponsored RedDelta Targeted Taiwan, Mongolia, and Southeast Asia with Adapted PlugX Infection Chain, MintsLoader_Stealc, North Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea Cyberattacks, North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware, Rat Race_ ValleyRAT Malware Targets Organizations with New Delivery Techniques, Salt Typhoon Target U.S. Telecom Networks, SecTopRAT, Stealers on the Rise, Snake Keylogger, AsyncRAT Reloaded, The BadPilot campaign_ Seashell Blizzard subgroup conducts multiyear global access operation, FatalRAT, SystemBC RAT Poses New Risks to Linux System, Unveiling Silent Lynx APT Targeting Entities Across Kyrgyzstan & Neighbouring Nations, FERRET Malware Targets macOS in Sophisticated North Korean Attacks, Espionage Campaign Targeting South Asian Entities, Astral Stealer Strikes Again Stealing More Than Just Your Cookies, The New Ransomware Menace Vgod Gains Momentum, Microsoft Advertisers Phished via Malicious Google Ads, LegionLoader Malware Expands Global Reach, NEW.txt, From Stealers to Ransomware PureCrypter Delivers It All, New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs, FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux, LockBit Ransomware Attack Leveraging Cobalt Strike, Rspack_Compromised_Packages, SmokeLoader, Sock5Systemz-PROXY-AM, solana-backdoor, U.S. Organization in China Targeted by Attackers, UAC-0185 attacks warned by CERT-UA, BellaCpp, bootkitty(logofail), Visual Studio Code Remote tunnels, Cloud Atlas seen using a new tool in its attacks, Christmas-Themed LNK Files Used for Malware Delivery, DarkGate, MirrorFace Campain, horns-hooves, Developers Targeted by New ‘OtterCookie’ Malware with Fake Job Offers, NetSupport RAT and BurnsRAT, Cybercriminals Leverage Fake CAPTCHAs for Malware Delivery, MUT-1244-GitHub, Phobos ransomware, Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data, PUMAKIT, OtterCookie used by Contagious Interview, Ransomware-Lockbit3-IOCs.csv

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 7 days ago
Appeared in 11 threat reports