193.70.41.50
Threat Intelligence Briefing: IP 193.70.41.50/32
Summary:
IP address 193.70.41.50/32 was observed and analyzed using available intelligence tools. The IP is associated with a well-known web hosting provider, indicating legitimate hosting activities. However, there were instances of malicious activity reported in the past, such as hosting phishing sites. This IP has been flagged in multiple threat intelligence feeds for suspicious activity, particularly related to phishing campaigns.
Observation History:
- Legitimate Activities: The IP is primarily associated with web hosting services. It is owned by a reputable hosting provider, which typically hosts a variety of client websites.
- Malicious Activities: In recent history, 193.70.41.50/32 has been linked to phishing campaigns. Specific incidents included hosting phishing pages designed to mimic popular financial and social media sites.
- Threat Intelligence Feeds: The IP has been flagged by multiple threat intelligence platforms for hosting malicious content, including phishing kits and potentially unwanted programs (PUPs).
Relationships:
- Service Provider: The IP is registered to a large web hosting company, which provides services to a diverse range of clients.
- Malicious Actors: There have been instances where the IP was used by cybercriminals to distribute phishing content. These activities suggest that the IP was either compromised or used without the knowledge of the hosting provider.
Neighborhood Data:
- Subnet Analysis: The IP is part of a larger subnet managed by the hosting provider. Analysis of the subnet revealed several other IPs with similar malicious activities, indicating potential vulnerabilities in the hosting provider's network security.
- Co-hosted Sites: The IP has co-hosted multiple domains, some of which were found to be involved in phishing activities. This suggests a pattern of abuse within the hosting environment.
Actionable Recommendations:
1. Monitor Traffic: Implement network monitoring to detect any unusual traffic patterns originating from or directed to 193.70.41.50/32. Look for indicators of compromise (IoCs) related to phishing activities.
2. Block Malicious Domains: Update firewall and security software rules to block access to known malicious domains associated with this IP.
3. Incident Response Preparedness: Prepare incident response plans to quickly address potential phishing threats originating from this IP.
4. User Awareness Training: Conduct phishing awareness training for users to recognize and report phishing attempts.
Conclusion:
While 193.70.41.50/32 is primarily used for legitimate web hosting, its history of involvement in phishing activities warrants caution. Continuous monitoring and proactive security measures are recommended to mitigate potential threats.
This summary was generated by AI and may contain inaccuracies. Verify critical details independently.
๐ข Ownership & Registration
| Organization | Octave Klaba |
| ASN | AS16276 |
| Network Name | โ |
| CIDR Block | โ |
| RIR | RIPE |
| Country | โ |
| Abuse Contact | Available via RDAP |
๐ DNS Intelligence
| PTR | vps-1c8623df.vps.ovh.net |
| Forward Confirmed | Yes โ FCrDNS verified |
| Forward Hostnames | vps-1c8623df.vps.ovh.net |
๐ DNS Hygiene
| Hygiene Score | 80% (Excellent) |
| SPF | 2/2 domains |
| DMARC | 1/2 domains |
| FCrDNS | Verified |
| DNSSEC | Valid |
| CAA | Not configured |
| Domains Checked | 2 domains |
โ๏ธ Network Classification
| Infrastructure | Infrastructure / Datacenter |
| Service Purpose | Web Server |
| Network Tier | Hosting โ Infrastructure provider without advanced routing |
๐ Services & Open Ports
| Port | Service | Protocol | Banner |
|---|---|---|---|
| 80 | http | tcp | โ |
| 443 | https | tcp | โ |
| 22 | ssh | tcp | |
| Closed Ports | 25, 3389, 8080, 8443 (3 open / 7 scanned) | ||
| Server | nginx/1.18.0 (Ubuntu) |
| HTTP Title | โ |
| SSH Version | SSH-2.0-OpenSSH_8.9p1 Ubuntu-3ubuntu0.15 |
๐ TLS Certificate
| SANs | instantsetmots.frwww.instantsetmots.fr |
| Valid From | 2026-05-04T15:49:54+00:00 |
| Valid Until | 2026-08-02T15:49:53+00:00 |
| TLS Protocol | Tls13 |
| Cipher Suite | TLS_AES_256_GCM_SHA384 |
| Signature Algorithm | sha384ECDSA |
| Validity Period | 89 days |
| Serial Number | 06FD7B6AE3F8B11B322C1D460CBD77F26AB8 |
| Thumbprint | 5812D433A1610F17E9D9AE804F0683C271F03BEE |
๐ฏ Confidence Breakdown
Per-dimension confidence scores based on source diversity and data freshness
| Dimension | Score | Sources | Observations |
|---|---|---|---|
| threat | 25% | 2 | 4 |
| routing | 13% | 1 | 1 |
| services | 30% | 2 | 3 |
| ownership | 24% | 2 | 3 |
| reputation | 26% | 1 | 3 |
| geolocation | 25% | 2 | 2 |
| Overall | 24% | 10 | 16 |
| Data Coherence | Consistent (100%) |
| Attribution | Moderate (70%) |
| OwnershipFCrDNSGeo ConsensusGeo PlausibleIRR MatchRPKI Valid |
๐ Observation Timeline ๐ Live
| First Seen | 2026-05-13 12:12:34 UTC |
| Last Seen | 2026-06-27 23:09:29 UTC |
| Profile Built | 2026-06-28 17:14:11 UTC |
| Data Freshness | Live |
| Signal Types | 23 |
| Total Observations | 28 |
Full dossier details are available via our API.