81.88.48.71 Threat Intelligence and Host Information

Dec 01, 2023 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 81.88.48.71 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

  • Mitre ATT&CK IDs: T1005 - Data from Local System, T1039 - Data from Network Shared Drive, T1059 - Command and Scripting Interpreter, T1070 - Indicator Removal on Host, T1078 - Valid Accounts, T1140 - Deobfuscate/Decode Files or Information, T1566 - Phishing, T1593 - Search Open Websites/Domains, T1594 - Search Victim-Owned Websites

  • Tags: abrir men, bsqueda busque, conduct, cyber security, detalles, exchange all, ibm xforce, ioc, iocs, local system, malicious, network shared, Nextray, phishing, research url, t1039, t1059, t1078, t1566, t1594, timestomp t1140, votar, websites t1593, whois, whois server

  • JARM: 15d2ad16d29d29d00015d2ad15d29d67edd16014aa8d87eb613c543d04cbe2

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: cleanmx_phishing, cleanmx_viruses, hphosts_emd, hphosts_fsa, hphosts_psh

  • Country: Italy
  • Network: AS39729 register s.p.a.
  • Noticed: 1 times
  • Protcols Attacked: SSH
  • Countries Attacked: Canada, Chile, Colombia, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 47 a92acf8c779581d701de93ea10fd7f4efd6a8a00344d545b419f609990dca420 28ae594e7cd80353e3ccdd6b6f8d7cfdbe3007397710a8093fd67934b5956762 1c93ee818956a7f44506f3a56a1bbe691e91f0ea4f5813f014197abc57f9df24 da5007b3da914a87cb0b8cb4540b59d08761aeddf058f09aea3b854c43c69bae 78a0fe97f72e9b591e79d7627a3b3b8c60c333de5a0295b79c5e13d5ef84b889 420e211faa5ee5b281476a28e22380990949c361b7bddd383d3b047d2bb7532e 224e948eb78eab27a823fefb06f4739189f654fd5383115c3aad6966b18c9c79 ca804b781568c7d548f10d9091b386ce92c62096b14ab56c1558901f36632fdb 0a75a15db18b31a62c1e01f8a4cf990e5fe1ee1c2e68d69928328bdebd1dec23 fd4ccc07a5a59ff93cc9493cc6116189617e5810236be7d328a28e56ada4b524

Open Ports Detected

21 443 80

Map

Whois Information

  • inetnum: 81.88.48.64 - 81.88.48.127
  • netname: REGISTERIT
  • descr: register.it internet server
  • country: IT
  • admin-c: REGA-RIPE
  • tech-c: REGT-RIPE
  • status: ASSIGNED PA
  • mnt-by: MNT-REGISTER
  • mnt-lower: MNT-REGISTER
  • mnt-routes: MNT-REGISTER
  • created: 2006-07-04T15:31:13Z
  • last-modified: 2011-04-06T15:01:25Z
  • role: Register.it board - Direzione
  • address: Register.IT S.p.A.
  • address: Via Ponti, 6
  • address: 24126 Bergamo
  • address: ITALY
  • abuse-mailbox: abuse@register.it
  • admin-c: CORB3-RIPE
  • admin-c: CV4237-RIPE
  • admin-c: GOR15-RIPE
  • tech-c: REGT-RIPE
  • nic-hdl: REGA-ripe
  • mnt-by: MNT-REGISTER
  • created: 2006-04-03T16:31:22Z
  • last-modified: 2021-11-24T14:37:52Z
  • role: register.it sistemisti
  • address: Register.IT S.p.A. - Gruppo Sistemi
  • address: Viale della Giovine Italia, 17
  • address: 50122 Firenze
  • address: ITALY
  • abuse-mailbox: abuse@register.it
  • admin-c: REGA-RIPE
  • tech-c: PERN1-RIPE
  • tech-c: PERI55-RIPE
  • tech-c: MILO2-RIPE
  • tech-c: TV2675-RIPE
  • tech-c: FM20996-RIPE
  • tech-c: CF8179-RIPE
  • nic-hdl: REGT-RIPE
  • mnt-by: MNT-REGISTER
  • created: 2006-04-03T16:40:50Z
  • last-modified: 2018-10-16T06:48:19Z
  • route: 81.88.48.0/24
  • descr: Register.IT S.p.A. prefix
  • origin: AS39729
  • mnt-by: MNT-REGISTER
  • created: 2015-08-13T07:38:08Z
  • last-modified: 2015-08-13T07:38:08Z

Links to attack logs

****** ****** ******

Share on: