IPMediumSignal 83/100
87.251.87.137
Location
GermanyFrankfurt am Main, Hessen
ASN
AS216127
nuxt.cloud hosting provider
First Seen
Jun 22, 2024
Last Seen
May 19, 2026
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
83%
Signal Score
83 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryGermany
GermanyRegionFrankfurt am Main, Hessen
ASNAS216127
Organizationnuxt.cloud hosting provider
IP Category
⟲
Proxy
Proxy server
Feed Intelligence Summary
9 reports83% confidence
9
Source reports
83%
Confidence score
Category tags
account discoveryaccount profilingaccount takeoveractive scanactive scanningamosantivmappdataatomic macosblackbastabotnet activitybrute forcebrute force attackc2certcommand & controlcredential accesscredential harvestingcredential stuffingcredential theftdata exfiltrationdata store exposurededesktopdittoencoded urlenterprise securityeuropeeurope/asiaexploitation activityfake installerfake openclawgeneratedbotidgermanyghostsocksgithubglobalgrokhttpshudson rockhuntidentity & access exploitationindicatorinfectinformation stealerinfostealerinfrastructure acquisitionreconnaissanceinjection activityiocslearnmacosmalicious linksmalicious softwaremalwaremalware distributionmalware packermfa bypassmoltbotna mutexnation-state activitynetworknexus threatopenclawbotoperating systemoutsidepassword attackspatch managementphishingphishing attackprocess injectionprotectproxyproxywareqilinransomwarereconnaissanceresearchedrussiarussian federationrustscams & fraudscannerself-signedservicesocial engineeringsoftware vulnerabilitiesssh attackstealerstealth packersteam profilestrongt1005t1021.001t1027t1053.005t1055t1059.003t1059.004t1069.001t1071.001t1078t1083t1090t1105t1110.001t1110.002t1110.003t1110.004t1204.001t1204.002t1486t1539t1555t1565t1566.001t1566.002t1566.003t1567t1587.001t1590.001t1595.001t1595.002t1595.003timetype sha256vidarvidar c2vulnerability scanweb security
Activity Timeline
May 19May 19
Threat Activity Heatmap
· Peak: 2026-05-19LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
83
SIGNAL
Signal Score
83%
Confidence
9
Reports
First seenJun 22, 2024
Last seenMay 19, 2026
GeolocationDE
CountryGermany
LocationFrankfurt am Main, Hessen
ASNAS216127
Orgnuxt.cloud hosting provider
Coords55.7386, 37.6068
Proxy
VirusTotal
Not checked
WHOIS
- raw
- inetnum: 87.251.87.0 - 87.251.87.255 netname: AS216127-DE-iPv4 country: DE descr: nuxtcloud geofeed: https://geofeed.nuxt.cloud/subnet.csv org: ORG-NUXT1-RIPE admin-c: NT4626-RIPE tech-c: NT4626-RIPE status: ASSIGNED PA mnt-by: NUXTCLOUD-MNT created: 2023-12-29T10:31:42Z last-modified: 2025-12-25T02:12:13Z source: RIPE organisation: ORG-NUXT1-RIPE org-name: nuxt.cloud hosting provider country: GB org-type: OTHER address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ admin-c: NT4626-RIPE abuse-c: NT4626-RIPE tech-c: NT4626-RIPE mnt-ref: interlir-mnt mnt-ref: DELFA-RIPE-MNT mnt-ref: ROSNIIROS-MNT mnt-ref: QWARTA-MNT mnt-ref: VF1-MNT mnt-ref: MNT-NETERRA mnt-ref: NUXTCLOUD-MNT mnt-by: NUXTCLOUD-MNT created: 2022-11-01T07:41:52Z last-modified: 2024-12-20T14:49:40Z source: RIPE # Filtered role: INTERNATIONAL HOSTING COMPANY LIMITED address: 71-75 Shelton Street, Covent Garden, London, United Kingdom, WC2H 9JQ abuse-mailbox: [email protected] nic-hdl: NT4626-RIPE mnt-by: NUXTCLOUD-MNT created: 2022-11-01T07:39:24Z last-modified: 2023-11-10T12:30:38Z source: RIPE # Filtered route: 87.251.87.0/24 origin: AS216127 mnt-by: NUXTCLOUD-MNT created: 2023-12-29T10:31:43Z last-modified: 2023-12-29T10:31:43Z source: RIPE
- references
- https://www.huntress.com/blog/openclaw-github-ghostsocks-infostealer, IOCs.2026.1.csv
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen 25 days ago
Appeared in 9 threat reports