IPMediumSignal 100/100

`45.61.136.204`

Location

United States

Los Angeles, California

ASN

AS399629

FranTech Solutions

First Seen

Jan 19, 2025

Last Seen

Feb 17, 2026

Jan 19

First Seen

520d ago

Feb 17

Last Seen

126d ago

Reports

source reports

99%

Confidence

medium

Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

99%

Signal Score

100 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

61 techniques

Network Information

Country

United States

RegionLos Angeles, California

ASNAS399629

OrganizationFranTech Solutions

Feed Intelligence Summary

11 reports99% confidence

Source reports

99%

Confidence score

Category tags

abuseaccount compromiseactive scanningadvinaptaustraliaawsazurebackdoorbankingbanking trojanbe tierbl networksblacklisted ipbotnetbrute forcec2c2 infrastructurecanadacc skimmercgi globalclick-based attackcode executioncode injectioncommand and controlcommand executioncommunication controlcompromised systemcompromised websitecredential accesscredential harvestingcredential stealingcredential stuffingcredential theftcredit card servicescryptocurrency threatscryptojackingcustomer experiencecyber espionagecybercxdanabotdanabot malware activitydanabot malware operationsdata encryptiondata exfiltrationddos attackdetected botnet activitydigital commercedigital marketplacedistributed attackse-commercee-commerce platformecommerce attacksextortionfinancefinancial servicesfinancial technologyfornex hostingftp brute forcegoogle llcgroupheadless browserheadless browser automationhetzner onlinehtml domhttp postindicatorinformation stealinginformation technologyinfostealerinfrastructure acquisitionreconnaissanceinfrastructure monitoringingress tool transferinitial accessinjected linkinjected linksintrusion detectioniocit infrastructurejavascript injectionjob seeker targetingkorea, democratic people's republic oflandupdate808landupdate808 activitylateral movementlazaruslazarus grouplimitedmagentomalicious linksmalicious pluginmalicious pluginsmalicious softwaremalwaremalware distributionmalware infrastructuremalware injectionmalware-as-a-servicemanualnetworknetwork probingnetwork scanningnetwork securitynl tiernorth americaoceaniaonline paymentonline retailonline shoppingpayment processingphishingphishing attackpl tierpresta shopprivilege escalationprocess injectionprospero oooproton66 ooopublicraasransomwarereconnaissancered bytesremote accessremote servicesresearchedresource hijackingrest apiscannersecurity operationssftp compromisesmartape ousmartapesg activitysocial engineeringsoftware developmentsoftware exploitationsolutions llpspamssh attackstealth tacticssupply chain attacksystem disruptiont1003t1021.001t1021.005t1027t1040t1041t1053t1055t1059t1059.007t1068t1071t1071.001t1076t1078t1078.001t1078.004t1090t1105t1110t1110.002t1133t1136t1189t1190t1195t1195.001t1195.002t1199t1203t1204t1204.001t1204.002t1213t1486t1490t1496t1499.001t1499.002t1499.003t1505.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1573t1573.001t1583.003t1584t1584.004t1587.001t1590.001t1595t1595.001t1595.002t1595.003t1608.001ta582 activitythird-party riskthreat intelligencetiertrojan malwareunited statesusus tieruser executionwealth managementweb securitywordpress phishing campaignwp engine

Activity Timeline

1 total obs

Feb 17Feb 17

Threat Activity Heatmap

· Peak: 2026-02-17

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Dormant

Threat ScoreHigh Risk

100

SIGNAL

Signal Score

99%

Confidence

Reports

First seenJan 19, 2025

Last seenFeb 17, 2026

GeolocationUS

CountryUnited States

LocationLos Angeles, California

ASNAS399629

OrgFranTech Solutions

Coords34.0515, -118.2707

VirusTotal

Not checked

WHOIS

description: CC=US ASN=AS399629 bl networks
raw: FranTech Solutions PONYNET-15 (NET-45-61-128-0-1) 45.61.128.0 - 45.61.191.255 BL Networks BLNETWORKS-01 (NET-45-61-136-0-1) 45.61.136.0 - 45.61.136.255
references: https://www.sentinelone.com/labs/contagious-interview-threat-actors-scout-cyber-intel-platforms-reveal-plans-and-ops, https://www.team-cymru.com/post/inside-danabots-infrastructure-in-support-of-operation-endgame-ii, https://raw.githubusercontent.com/blacklotuslabs/IOCs/refs/heads/main/DanaBot_IOCs_txt, https://malware-filter.gitlab.io/malware-filter/botnet-filter.txt, https://malasada.tech/silent-push-to-find-smartapesg-landupdate808-and-ta582-infra/, export_2024-12-21_162303-silent-push-domain-search-landupdate808.csv, https://connect.cybercx.com.au/dark-engine, https://storage.pardot.com/1069042/1748905703CCn8f7sn/CyberCX___WP_Engine_Report.pdf, https://threatfox.abuse.ch/export/csv/recent/, https://labs.inquest.net/iocdb, https://www.zscaler.com/blogs/security-research/black-friday-scams-4-emerging-skimming-attacks-watch-holiday-season

`45.61.136.204`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey