IOC Radar
IPMediumSignal 60/100

151.80.61.151

Location
FranceFrance
Roubaix, Hauts-de-France
ASN
AS16276
OVH SAS
First Seen
Jul 17, 2024
Last Seen
Jun 3, 2026
Jul 17
First Seen
697d ago
Jun 3
Last Seen
11d ago
28
Reports
source reports
60%
Confidence
medium
Found in 28 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
60%
Signal Score
60 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

56 techniques

Network Information

CountryFRFrance
RegionRoubaix, Hauts-de-France
ASNAS16276
OrganizationOVH SAS

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

28 reports60% confidence
28
Source reports
60%
Confidence score
Category tags
abuseaccess attemptaccess controlaccount compromiseactive scanactive scanningapacheapache attackerapplication layer protocolaptasiaatif feedattackattack source ipattack source: gbattacker-ipattempted compromiseaustraliaauthenticationauthentication abuseauthentication attackauthentication attacksauthentication attemptsauthentication brute forceauthentication failureauthentication failuresauthentication_attemptsauto-generated securityautomated activityautomated attackautomated attacksbad reputationbad web botbanlist feedbinary defenseblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attemptbrute force attemptsbrute-forcbrute-forcebrute_forcebruteforcechinacisco devicecisco exploitation attemptcliftoncloud infrastructurecloud infrastructure attackcloud servicescommand and controlcommunication protocolcompromise attemptcompromised credentialscowrie honeypotcredential accesscredential attackcredential guessingcredential harvestingcredential stuffingcredential_accessctacyberattackdata exfiltrationdata store exposuredatabase securityddosddos attackddos preventiondecoy systemdenial of servicedevice managementdictionary attackdigital oceandionaea honeypotdistributed attacksenterprise networkingenumerationeuropeexecutable fileexploitexploit attemptsexploitationexploitation activityexploited hostexternal threatfail2ban alertfail2ban alertsfail2ban blocked ipfail2ban blocked ipsfail2ban triggeredfailed authenticationfailed login attemptsfailed loginsfattfinlandfirewall blockingfrfranceftpftp brute forceftp brute-forcegame_servergb-originating trafficgb_hostedgermanyhackinghoneynet connecthoneytrap honeypothttp brute forcehttp scanneridentity & access exploitationinfoinformation technologyinfrastructure acquisitionreconnaissanceinfrastructure reconnaissanceinitial accessinjection activityinjection attacksinternet-scanningintrusion detectioniot securityiot targetedip.txtipv4ipv4 attackipv4 port scanningipv4-scanningit infrastructurejapankill-chain exploitationkill-chain reconnaissanceknown malicious iplamplamp server targetinglateral movementlcialog analysislogin attacklogin attemptlogin attemptslogin brute forcelogin failurelogin securitylow-riskmailmailoney honeypotmalaysiamalicious activitymalicious ip listmalicious payloadmalicious sftp activitymalicious softwaremalicious ssh activitymalwaremalware behaviourmalware capturemalware distributionmanualmass-scanningmod securitymultiple failed loginsnetworknetwork attacksnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion detectionnetwork layer protocolnetwork probingnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork_reconnaissancenorth americanoticeoceaniaopenctioriginating country: gbosintp0fpassword attackpassword attackspassword crackingpassword sprayingphishingphishing attackphishing trapping of deathpolandpotential intrusionpotential malware uploadpre-attackprocess injectionprotocol exploitationproxyransomwarerate limitingreconnaissanceredis honeypotremote accessremote service exploitationremote servicesresearchedresource hijackingrtbhscannerscannersscanning activitysecurity eventsecurity logssecurity monitoringsecurity operationssecurity policysensor-taggedsentrypeer botnetservice exploitationservice scansftp access attemptsftp access attemptssftp attacksftp exploitation attemptssingaporesmb brute forcesmtpsmtp brute forcesocial engineeringsocradar honeypotsoftware developmentspamsshssh attackssh monitoringstaging_serverswedent-pott1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1055t1059t1059.001t1059.003t1059.004t1068t1071.001t1076t1078t1078.001t1078.002t1078.003t1078.004t1078: valid accountst1110t1110.001t1110.001: password guessingt1110.002t1110.003t1110.004t1110: brute forcet1133t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566t1566.001t1566.002t1566.003t1566.004t1587.001t1588t1588.002t1588.004t1589t1589.002t1590.001t1592t1595t1595.001t1595.002t1595.003ta0001: initial accesstannertargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventionthreat-intelligencetokyotor nodetpotudp port scanudp scanunauthorized accessunauthorized access attemptunauthorized access attemptsunauthorized loginunited kingdomunited statesvalid accountsvoip attackvpnvpn ipvulnerability scanvulnerability-exploitationvulnerability-scanningweb app attackweb applicationweb application attackweb exploitationweb spamweb traffic

Activity Timeline

1 total obs
Jun 3Jun 3

Threat Activity Heatmap

· Peak: 2026-06-03
Less
More
Mon
Wed
Fri
Jun
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
60
SIGNAL
Signal Score
60%
Confidence
28
Reports
First seenJul 17, 2024
Last seenJun 3, 2026
GeolocationFR
CountryFrance
LocationRoubaix, Hauts-de-France
ASNAS16276
OrgOVH SAS
Coords50.6924, 3.2011
ProxyVPN

VirusTotal

Not checked

WHOIS

description
Host bruteforcing SSH
raw
inetnum: 151.80.0.0 - 151.80.255.255 netname: OVH org: ORG-OS3-RIPE descr: OVH SAS descr: 2 rue Kellermann descr: 59100 Roubaix country: FR admin-c: OTC2-RIPE tech-c: OTC2-RIPE status: LEGACY mnt-by: OVH-MNT mnt-by: RIPE-NCC-LEGACY-MNT created: 2015-01-22T17:31:09Z last-modified: 2022-09-27T09:33:16Z source: RIPE organisation: ORG-OS3-RIPE org-name: OVH SAS country: FR org-type: LIR address: 2 rue Kellermann address: 59100 address: Roubaix address: FRANCE phone: +33972101007 admin-c: OTC2-RIPE admin-c: OK217-RIPE admin-c: GM84-RIPE abuse-c: AR15333-RIPE mnt-ref: OVH-MNT mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT mnt-by: OVH-MNT created: 2004-04-17T11:23:17Z last-modified: 2020-12-16T10:24:51Z source: RIPE # Filtered role: OVH Technical Contact address: OVH SAS address: 2 rue Kellermann address: 59100 Roubaix address: France admin-c: OK217-RIPE tech-c: GM84-RIPE tech-c: SL10162-RIPE nic-hdl: OTC2-RIPE abuse-mailbox: [email protected] mnt-by: OVH-MNT created: 2004-01-28T17:42:29Z last-modified: 2014-09-05T10:47:15Z source: RIPE # Filtered route: 151.80.0.0/16 descr: OVH origin: AS16276 mnt-by: OVH-MNT created: 2015-01-22T17:55:49Z last-modified: 2015-01-22T17:55:49Z source: RIPE

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 11 days ago
Appeared in 28 threat reports