IOC Radar
IPMediumSignal 39/100

159.100.6.251

Location
GermanyGermany
Frankfurt am Main, Hesse
ASN
AS214036
UltaHost Inc
First Seen
Dec 17, 2024
Last Seen
Apr 24, 2026
Dec 17
First Seen
543d ago
Apr 24
Last Seen
51d ago
6
Reports
source reports
39%
Confidence
medium
Found in 6 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
39%
Signal Score
39 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

3 techniques

Network Information

CountryDEGermany
RegionFrankfurt am Main, Hesse
ASNAS214036
OrganizationUltaHost Inc

Feed Intelligence Summary

6 reports39% confidence
6
Source reports
39%
Confidence score
Category tags
active scanactive scanningagentattackbackbad reputationcloudcontactdemodevtcpipportenumerateeuropeexploitation activitygermanygrephuntindicatoripv4kagentmalwarenetworknkabusepostgresqlpythonrebootreconnaissanceresearchedreverse shellscannerselectspacesstrongsysdigt1595.001t1595.002t1595.003target

Activity Timeline

1 total obs
Apr 24Apr 24

Threat Activity Heatmap

· Peak: 2026-04-24
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, signals a potential connection to malicious infrastructure that warrants immediate attention. Its identification across multiple reputable threat intelligence feeds, coupled with a moderate risk score, indicates its role in potentially harmful activities. If this IOC is observed within an organizational network, it could suggest compromise, data exfiltration, or participation in a larger botnet operation. The presence of such an indicator nece…

Threat ScoreLow Risk
39
SIGNAL
Signal Score
39%
Confidence
6
Reports
First seenDec 17, 2024
Last seenApr 24, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hesse
ASNAS214036
OrgUltaHost Inc
Coords51.2993, 9.4910

VirusTotal

Not checked

WHOIS

description
CC=DE ASN=AS44066 accelerated it services & consulting gmbh
raw
inetnum: 159.100.6.0 - 159.100.6.255 netname: ULTAHOST country: DE status: LEGACY remarks: UltaHost Inc org: ORG-UI47-RIPE admin-c: UI48110-RIPE tech-c: COLO-RIPE abuse-c: UI48110-RIPE mnt-by: ACCELERATED-MNT created: 2023-10-27T14:55:06Z last-modified: 2025-09-03T10:17:33Z source: RIPE organisation: ORG-UI47-RIPE org-name: UltaHost Inc org-type: OTHER address: 651 N Broad St. Suite 206, 19709 Middletown/Delaware, USA country: US abuse-c: UI48110-RIPE mnt-ref: MNT-FIRSTCOLO mnt-by: MNT-FIRSTCOLO created: 2025-09-03T10:16:14Z last-modified: 2025-09-03T10:16:14Z source: RIPE # Filtered role: First Colo Ripe Coordination address: First Colo GmbH address: Hanauer Landstr. 291b address: D-60314 Frankfurt am Main address: Germany phone: +49-(0)69-120069-0 fax-no: +49-(0)69-120069-55 abuse-mailbox: [email protected] remarks: remarks: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * remarks: * Complaints about internet abuse like spam, hack attacks, scans, etc. * remarks: * please mail to: --> abuse [@] first-colo [.] net <-- * remarks: * Requests from law enforcement (only!), send fax to: +49 (0) 69 1200 69 55 * remarks: * Inquiries can only be processed, if sent to the correct address. * remarks: * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * remarks: admin-c: LEKR-RIPE admin-c: NKA-RIPE tech-c: LEKR-RIPE tech-c: NKA-RIPE nic-hdl: COLO-RIPE mnt-by: MNT-FIRSTCOLO created: 2007-09-28T19:01:39Z last-modified: 2021-01-27T12:48:26Z source: RIPE # Filtered role: UltaHost Inc address: 651 N Broad St. Suite 206, 19709 Middletown/Delaware, USA abuse-mailbox: [email protected] nic-hdl: UI48110-RIPE mnt-by: MNT-FIRSTCOLO mnt-by: ACCELERATED-MNT created: 2025-09-03T09:52:16Z last-modified: 2025-09-03T09:52:16Z source: RIPE # Filtered route: 159.100.6.0/24 origin: AS214036 mnt-by: MNT-FIRSTCOLO created: 2025-08-29T12:56:34Z last-modified: 2025-08-29T12:56:34Z source: RIPE
references
IOCs.2026.csv, https://www.sysdig.com/blog/cve-2026-39987-update-how-attackers-weaponized-marimo-to-deploy-a-blockchain-botnet-via-huggingface#conclusion

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 6 threat reports