193.239.147.226 Threat Intelligence and Host Information

Share on:
May 13, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 193.239.147.226 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Tags: 0xBFKX, C&C, Nextray, RDP, SSH, abuse, aws, bruteforce, cowrie, cyber security, fail2ban, fraud, ioc, ipqs, ipqualityscore, la, lafusioncenter, louisiana, malicious, phishing, scanners, ssh, web attack
  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: haley_ssh

  • Country: Netherlands
  • Network: AS213035 des capital b.v.
  • Noticed: 50 times
  • Protcols Attacked: ssh
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 8 34f60578561acdc6a4bf56315a6f6888a614ae40e98ea57ea85c5847617269ee 21f77e3a314f626dab719276aef4b46c7521671acbd9bc8f5b595402d6bc6eb5 d0289ed4615025af95188121a6ee998705ec5fe82f0ef051c122dc9737b2a809 ae823d5cb17762ab35e538cf1e9f28da87e18cb9a7fe877bea31a9d05756e522 889d861314188befebf281e075f8bf712823bc43916d26d2db2cf8077926f35c a9952f2616955f9e0c89b710aab00f2e76e0d5a455ad09041748d9ea674d827a 30ada4bc116592b3f0363a40f0e1603fe21c91e327996c498f4f5ddb905a9fdf 84ba3b2d130cde429d3f90144b96a4e91f5b4ab317c0ee27a22b8ee39089aa0a

Open Ports Detected

135 137 139 3389 445

Map

Whois Information

  • inetnum: 193.239.147.0 - 193.239.147.255
  • netname: DEDIPA-193-239-147-0
  • country: US
  • org: ORG-DL447-RIPE
  • admin-c: DLAH26-RIPE
  • tech-c: DLAH26-RIPE
  • status: ASSIGNED PA
  • mnt-by: PREFIXBROKER-MNT
  • created: 2020-11-20T19:22:41Z
  • last-modified: 2021-03-01T11:42:45Z
  • organisation: ORG-DL447-RIPE
  • org-name: DediPath LLC
  • org-type: OTHER
  • address: 7209 Lancaster Pike Suite 4-1005
  • address: 19707 Hockessin
  • address: United States
  • abuse-c: DLAH26-RIPE
  • mnt-ref: PREFIXBROKER-MNT
  • mnt-by: PREFIXBROKER-MNT
  • created: 2020-11-11T07:18:54Z
  • last-modified: 2020-11-11T07:18:54Z
  • role: DediPath LLC abuse handling
  • address: 7209 Lancaster Pike Suite 4-1005
  • address: 19707 Hockessin
  • address: United States
  • nic-hdl: DLAH26-RIPE
  • mnt-by: PREFIXBROKER-MNT
  • created: 2020-11-11T07:18:54Z
  • last-modified: 2020-11-11T07:18:54Z
  • abuse-mailbox: [email protected]
  • route: 193.239.147.0/24
  • origin: AS213035
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-01-31T11:51:54Z
  • last-modified: 2022-01-31T11:51:54Z
  • route: 193.239.147.0/24
  • origin: AS35913
  • mnt-by: PREFIXBROKER-MNT
  • created: 2022-07-29T17:07:14Z
  • last-modified: 2022-07-29T17:07:14Z

Links to attack logs

aws-ssh-bruteforce-ip-list-2021-01-12 aws-ssh-bruteforce-ip-list-2021-01-09 aws-ssh-bruteforce-ip-list-2021-01-13