IOC Radar
IPMediumSignal 78/100

88.18.31.204

Location
SpainSpain
Mutxamel, Valencia
ASN
AS3352
RIMA (Red IP Multi Acceso)
First Seen
Apr 15, 2026
Last Seen
Apr 23, 2026
Apr 15
First Seen
73d ago
Apr 23
Last Seen
65d ago
10
Reports
source reports
78%
Confidence
medium
Found in 10 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
78%
Signal Score
78 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

3 techniques

Network Information

CountryESSpain
RegionMutxamel, Valencia
ASNAS3352
OrganizationRIMA (Red IP Multi Acceso)

Feed Intelligence Summary

10 reports78% confidence
10
Source reports
78%
Confidence score
Category tags
active scanactive scanningapacheapache attackeraptbrute forcebrute force attackerbrute-forcebruteforceeuropeindicatornetworkportscanreconnaissanceresearchedscannerscannersservice scanspainssht1595.001t1595.002t1595.003threat actortor nodevultr

Activity Timeline

1 total obs
Apr 23Apr 23

Threat Activity Heatmap

· Peak: 2026-04-23
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, is of significant concern due to its association with malicious reconnaissance activities, port scanning, and brute-force attempts. With a high score of 78.18, this IOC strongly suggests active hostile intent and poses a substantial risk of unauthorized access or network compromise if left unaddressed. Its presence in threat intelligence feeds, particularly those related to brute-force attackers and botnet lists, underscores its role in initia…

Threat ScoreHigh Risk
78
SIGNAL
Signal Score
78%
Confidence
10
Reports
First seenApr 15, 2026
Last seenApr 23, 2026
GeolocationES
CountrySpain
LocationMutxamel, Valencia
ASNAS3352
OrgRIMA (Red IP Multi Acceso)
Coords38.4158, -0.4453

VirusTotal

Not checked

WHOIS

description
IPv4 hosts detected attempting to brute force SSH on Vultr Melbourne (Australia) honeypot
raw
inetnum: 88.16.0.0 - 88.23.255.255 netname: RIMA descr: Telefonica de Espana SAU Red de servicios IP Spain country: ES admin-c: ATdE1-RIPE tech-c: TTdE1-RIPE status: ASSIGNED PA mnt-by: MAINT-AS3352 created: 2015-01-20T18:05:08Z last-modified: 2015-01-20T18:08:16Z source: RIPE # Filtered role: Administradores Telefonica de Espana address: Ronda de la Comunicacion s/n address: Edificio Norte 1, planta 6 address: 28050 Madrid address: SPAIN org: ORG-TDE1-RIPE admin-c: KIX1-RIPE tech-c: TTDE1-RIPE nic-hdl: ATDE1-RIPE mnt-by: MAINT-AS3352 abuse-mailbox: [email protected] created: 2006-01-18T12:24:41Z last-modified: 2018-09-18T10:36:42Z source: RIPE # Filtered role: Tecnicos Telefonica de Espana address: Ronda de la Comunicacion S/N address: 28050-MADRID address: SPAIN org: ORG-TDE1-RIPE admin-c: TTE2-RIPE tech-c: TTE2-RIPE nic-hdl: TTdE1-RIPE mnt-by: MAINT-AS3352 abuse-mailbox: [email protected] created: 2006-01-18T12:39:59Z last-modified: 2018-09-18T12:08:51Z source: RIPE # Filtered route: 88.18.0.0/16 descr: RIMA (Red IP Multi Acceso) origin: AS3352 mnt-by: MAINT-AS3352 created: 2005-07-13T10:15:30Z last-modified: 2005-07-13T10:15:30Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 months ago · Last seen 2 months ago
Appeared in 10 threat reports