IOC Radar
IPMediumSignal 83/100

51.68.189.231

Location
GermanyGermany
Limburg an der Lahn, Hessen
ASN
AS16276
OVH GmbH
First Seen
Mar 18, 2025
Last Seen
Feb 15, 2026
Mar 18
First Seen
452d ago
Feb 15
Last Seen
118d ago
14
Reports
source reports
83%
Confidence
medium
1/91
VirusTotal
detections
Found in 14 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

29 techniques

Network Information

CountryDEGermany
RegionLimburg an der Lahn, Hessen
ASNAS16276
OrganizationOVH GmbH

IP Category

Proxy
Proxy server

Feed Intelligence Summary

14 reports83% confidence
14
Source reports
83%
Confidence score
Category tags
access controlactive scanningattackaustraliabotnetbrute forcebrute force attemptcommand and controlcredential accesscredential harvestingcredential stuffingdata exfiltrationdistributed attackseuropeexit nodefrancegermanyindicatormalicious activitymalicious softwaremalwaremalware distributionnetworknetwork scanningnetwork trafficoceaniapassword attackphishing attackprocess injectionproxyreconnaissanceremote accessresearchedscannersecurity operationssecurity policysocial engineeringspamssh attackt1016t1055t1071t1071.001t1071.002t1071.004t1078t1078.004t1090t1110t1110.001t1110.002t1133t1190t1486t1496t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1572t1588t1589t1595t1595.001t1595.002t1595.003threat actorthreat intelligencethreat preventiontortor activitytor exit nodetor network

Activity Timeline

1 total obs
Feb 15Feb 15

Threat Activity Heatmap

· Peak: 2026-02-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
0
Dormant
Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
14
Reports
First seenMar 18, 2025
Last seenFeb 15, 2026
GeolocationDE
CountryGermany
LocationLimburg an der Lahn, Hessen
ASNAS16276
OrgOVH GmbH
Coords48.8582, 2.3387
Proxy

VirusTotal

1/ 91vendors flagged
1% detection rateJun 8, 2026

WHOIS

description
IP Address belongs to Tor exit node.
raw
inetnum: 51.68.188.0 - 51.68.191.255 netname: VPS-DE2 country: DE org: ORG-OG9-RIPE admin-c: OTC13-RIPE tech-c: OTC13-RIPE status: LEGACY mnt-by: OVH-MNT created: 2018-07-16T15:34:50Z last-modified: 2018-07-31T15:24:22Z source: RIPE geoloc: 50.388228 8.073916 organisation: ORG-OG9-RIPE org-name: OVH GmbH org-type: OTHER address: St. Johanner Str. 41-43 address: 66111 Saarbrucken address: Deutschland abuse-c: ACRO39426-RIPE admin-c: OTC13-RIPE mnt-ref: OVH-MNT mnt-by: OVH-MNT created: 2005-09-02T12:40:05Z last-modified: 2021-02-26T13:10:09Z source: RIPE # Filtered role: OVH DE Technical Contact address: OVH GmbH address: St. Johanner Str. 41-43 address: 66111 Saarbrucken address: Deutschland admin-c: OK217-RIPE tech-c: GM84-RIPE nic-hdl: OTC13-RIPE abuse-mailbox: [email protected] mnt-by: OVH-MNT created: 2009-09-16T16:09:57Z last-modified: 2021-02-26T13:07:37Z source: RIPE # Filtered route: 51.68.0.0/16 origin: AS16276 mnt-by: OVH-MNT created: 2018-03-07T09:22:39Z last-modified: 2018-03-07T09:22:39Z source: RIPE
references
https://check.torproject.org/torbulkexitlist, https://redpiranha.net

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 3 months ago
Appeared in 14 threat reports