88.214.26.37 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 88.214.26.37 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🟠 Elevated — 57/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: Germany
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Spain, United States of America
  • Tor Node: No
  • Associated Malware Samples: 2

Tags

  • access
  • behinder
  • brute-force
  • bruteforce
  • Brute Force
  • cobalt strike
  • data
  • discovery
  • execution
  • exploit
  • file
  • fscan
  • gather victim
  • godzilla
  • jrat
  • kfsensor
  • malware
  • manipulation
  • metasploit
  • meterpreter
  • network
  • panel morf
  • powershell
  • project
  • rdp
  • scanning
  • shadowsilk
  • sqlmap
  • ssh
  • ssl-vpn
  • sslvpn
  • SSL VPN
  • telegram
  • vpn
  • VPN
  • wpscan

MITRE ATT&CK TTPs

  • T1003.008 - /etc/passwd and /etc/shadow
  • T1003 - OS Credential Dumping
  • T1005 - Data from Local System
  • T1007 - System Service Discovery
  • T1008 - Fallback Channels
  • T1016.001 - Internet Connection Discovery
  • T1016 - System Network Configuration Discovery
  • T1020 - Automated Exfiltration
  • T1033 - System Owner/User Discovery
  • T1041 - Exfiltration Over C2 Channel
  • T1053.005 - Scheduled Task
  • T1053 - Scheduled Task/Job
  • T1059.001 - PowerShell
  • T1059 - Command and Scripting Interpreter
  • T1071 - Application Layer Protocol
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1087 - Account Discovery
  • T1090.002 - External Proxy
  • T1090 - Proxy
  • T1113 - Screen Capture
  • T1114 - Email Collection
  • T1119 - Automated Collection
  • T1123 - Audio Capture
  • T1125 - Video Capture
  • T1133 - External Remote Services
  • T1134 - Access Token Manipulation
  • T1190 - Exploit Public-Facing Application
  • T1204.002 - Malicious File
  • T1204 - User Execution
  • T1210 - Exploitation of Remote Services
  • T1217 - Browser Bookmark Discovery
  • T1505.003 - Web Shell
  • T1505 - Server Software Component
  • T1547.001 - Registry Run Keys / Startup Folder
  • T1547 - Boot or Logon Autostart Execution
  • T1552.001 - Credentials In Files
  • T1552.003 - Bash History
  • T1552 - Unsecured Credentials
  • T1555 - Credentials from Password Stores
  • T1560.001 - Archive via Utility
  • T1560.003 - Archive via Custom Method
  • T1560 - Archive Collected Data
  • T1566.001 - Spearphishing Attachment
  • T1566 - Phishing
  • T1571 - Non-Standard Port
  • T1573 - Encrypted Channel
  • T1583 - Acquire Infrastructure
  • T1584.006 - Web Services
  • T1584 - Compromise Infrastructure
  • T1587.001 - Malware
  • T1587 - Develop Capabilities
  • T1588.001 - Malware
  • T1588 - Obtain Capabilities
  • T1590.005 - IP Addresses
  • T1590 - Gather Victim Network Information
  • T1594 - Search Victim-Owned Websites
  • T1595.002 - Vulnerability Scanning
  • T1595 - Active Scanning
  • T1596 - Search Open Technical Databases

Attack Log References

Whois Information

inetnum: 88.214.26.0 - 88.214.26.255 netname: Layer7-FRA1-Network org: ORG-LNG5-RIPE country: DE admin-c: LNG14-RIPE tech-c: LNG14-RIPE status: LIR-PARTITIONED PA mnt-by: lir-de-l7networks-gmbh-1-MNT created: 2025-09-09T09:18:47Z last-modified: 2025-09-09T09:18:47Z organisation: ORG-LNG5-RIPE org-name: Layer7 Networks GmbH country: DE org-type: LIR address: Brunnenstrasse 9a address: 63599 address: Biebergemünd address: GERMANY phone: +4917622523306 admin-c: LNG14-RIPE tech-c: LNG14-RIPE abuse-c: AR67336-RIPE mnt-ref: lir-de-l7networks-gmbh-1-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: lir-de-l7networks-gmbh-1-MNT created: 2022-01-19T08:23:59Z last-modified: 2025-07-10T07:50:29Z role: Layer7 Networks GmbH address: GERMANY address: Gelnhausen address: 63571 address: Zum Sonnenberg 1-3 phone: +4917622523306 abuse-mailbox: abuse@layer7.net nic-hdl: LNG14-RIPE mnt-by: lir-de-l7networks-gmbh-1-MNT created: 2022-01-19T08:23:59Z last-modified: 2024-09-03T16:44:35Z route: 88.214.26.0/24 origin: AS35042 mnt-by: lir-de-l7networks-gmbh-1-MNT created: 2025-09-09T09:19:20Z last-modified: 2025-09-09T09:19:20Z