93.39.209.147 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 93.39.209.147 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 65/100

Geographic Location

Host and Network Information

• View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
• Country: Italy
• Noticed: 13 times
• Protocols Attacked: portscan ssh
• Countries Attacked: Belgium, Germany, Ireland, Italy, Netherlands, Poland, Sweden, Switzerland, United States of America
• Open Ports: 22, 443, 5222, 5223, 9090
• Tor Node: No

Tags

• 80211
• a5 https
• a6 https
• aaaa
• abuse
• accept
• active
• active related
• added active
• admin org
• adversarial
• Aggressive-Detection
• all se
• america
• america asn
• arcflex
• as35280 acorus
• attack
• backdoor
• block messages
• botnet
• Bruteforce
• Brute-Force
• busybox
• c2
• capture
• cellebrite
• chrome
• class
• cmanual jan
• cname
• colorado
• .com
• components
• Connection-Reset
• cookie
• copy
• created
• criminal intent
• dangerous
• data upload
• dead connect
• delete c
• denver
• destination
• divx
• dns resolutions
• dns traffic
• dock
• domain
• domain add
• domain name
• download
• drop
• emails
• embeddedwb
• emotet
• encrypt
• enter sc
• enter source
• entries
• error
• et
• et info
• etpro
• etpro trojan
• et smtp
• et trojan
• execution
• expiration date
• extr
• extraction
• extraction data
• failed
• filehashsha1
• filehashsha256
• files
• files ip
• found
• france
• france unknown
• gather victim
• germany
• germany unknown
• gmail
• gmt cache
• gmt content
• gmt server
• government
• gpl telnet
• grabber
• high
• homair sweet
• host
• hostile
• hostname
• hostname add
• hours ago
• http
• https://cellebrite.com/en/federal-government/
• idron anv
• ieedge chrome1
• incapsula
• include manualv
• indicator
• indicator role
• intel
• interesting
• internet
• iocs
• ip address
• ip role
• ipv4
• ipv4 add
• italy
• iterng
• japan
• jlu11q
• kx81xdbx0f
• learn more
• levdibidelabs
• leveibielabs
• logic
• login attempt
• malware
• manipulation
• medium
• message
• meta name
• mirai
• mirai login attempt
• modify existing
• monitored target
• monitoring
• msie
• ms windows
• mtb description
• name servers
• netherlands
• netherlands asn
• next
• passive dns
• path
• pe32
• pegasus
• persistence
• pitfall
• port
• present aug
• present dec
• present jan
• present jul
• present jun
• present nov
• present oct
• present sep
• process32nextw
• Protocol-Probing
• pulse pulses
• pulses hostname
• pulse submit
• push
• read c
• regbinary
• registry
• regopenkeyexa
• regsetvalueexa
• related pulses
• related tags
• report spam
• request
• reverse dns
• review data
• robots content
• role title
• .ru
• russia
• sameorigin
• script head
• search
• servers
• service
• sha1
• shellexecuteexw
• spyware
• SSH
• status
• stream
• suspicious
• suspicious path
• t1031
• tcp syn
• telnet login
• telnet root
• template
• texirag
• title
• title added
• tqbplo
• trojan
• twitter
• type indicator
• types of
• ukraine
• united
• united states
• unknown
• unknown ns
• url add
• url analysis
• url http
• url https
• url or
• urls
• verdict
• white label
• whitelisted
• win32
• windows
• windows nt
• write
• writeconsolew
• x82xd4
• x86xd3
• xa1xf1
• xa7xe28x06
• x amz
• xe8xc2x14
• xpirat
• x ua
• yahoo
• yandex
• zipcode

MITRE ATT&CK TTPs

• T1027 - Obfuscated Files or Information
• T1031 - Modify Existing Service
• T1043 - Commonly Used Port
• T1045 - Software Packing
• T1053 - Scheduled Task/Job
• T1055 - Process Injection
• T1057 - Process Discovery
• T1060 - Registry Run Keys / Startup Folder
• T1069 - Permission Groups Discovery
• T1070 - Indicator Removal on Host
• T1071.001 - Web Protocols
• T1071.004 - DNS
• T1071 - Application Layer Protocol
• T1082 - System Information Discovery
• T1096 - NTFS File Attributes
• T1098 - Account Manipulation
• T1105 - Ingress Tool Transfer
• T1112 - Modify Registry
• T1113 - Screen Capture
• T1119 - Automated Collection
• T1123 - Audio Capture
• T1129 - Shared Modules
• T1140 - Deobfuscate/Decode Files or Information
• T1143 - Hidden Window
• T1147 - Hidden Users
• T1185 - Man in the Browser
• T1195 - Supply Chain Compromise
• T1196 - Control Panel Items
• T1210 - Exploitation of Remote Services
• T1410 - Network Traffic Capture or Redirection
• T1414 - Capture Clipboard Data
• T1480 - Execution Guardrails
• T1505 - Server Software Component
• T1556 - Modify Authentication Process
• T1557 - Man-in-the-Middle
• T1566 - Phishing
• T1568 - Dynamic Resolution
• T1581 - Geofencing
• T1582 - SMS Control
• T1583.005 - Botnet
• T1583 - Acquire Infrastructure
• T1584.005 - Botnet
• T1587 - Develop Capabilities
• T1589 - Gather Victim Identity Information
• T1590 - Gather Victim Network Information
• T1591 - Gather Victim Org Information
• T1592 - Gather Victim Host Information
• T1608 - Stage Capabilities
• TA0011 - Command and Control

Associated CVEs

• CVE-2006-20001

Attack Log References

• digitaloceanlondon-ssh-bruteforce-ip-list-2026-04-06

Whois Information