IPMediumSignal 52/100

`51.159.101.221`

Location

France

Paris, IDF

ASN

AS12876

ONLINE

First Seen

Sep 19, 2024

Last Seen

Apr 1, 2026

Sep 19

First Seen

634d ago

Apr 1

Last Seen

75d ago

Reports

source reports

52%

Confidence

medium

Found in 17 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.

IPv4 Address

Network layer indicator observed in threat reports.

MISP Category

Network Activity

Confidence

52%

Signal Score

52 / 100

IDS Rule

Threat Context

MITRE ATT&CK TTPs

37 techniques

Network Information

Country

France

RegionParis, IDF

ASNAS12876

OrganizationONLINE

Feed Intelligence Summary

17 reports52% confidence

Source reports

52%

Confidence score

Category tags

abuseaccessactive scanactive scanningadbhoney activityadbhoney honeypotattackauto-generated securitybad reputationbad web botbankingbotnetbotnet activitybrute forcebrute force attackbrute force attemptbrute_forcecisco attackcisco devicecisco device targetingcisco exploit attemptscisco exploitation attemptcisco exploitation attemptscisco_exploitcommand and controlcommunication protocolcompromised credentialsconpot honeypotcowriecowrie activitycowrie honeypotcowrie logscowrie_attackcredential accesscredential harvestingcredential stuffingcredential_accesscredit card servicesctadata exfiltrationdata store exposuredatabase attackddosddos attackdecoy systemdenial of servicedevice managementdionaea activitydionaea capturedionaea honeypotdionaea logsdistributed attacksemailenterprise networkingeuropeexploit public-facing applicationexploitation activityexploited hostfinancefinance and insurancefinancial servicesfinancial technologyfinlandfrfranceftp brute forcegermanygithubgroupshackingheralding behaviorhoneynet connecthoneytrap honeypothttp brute forceics securityidentity & access exploitationindicatorindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinitial_accessinjection activityiot securityiot/ics attacklamplamp attacklamp exploit attemptslamp exploitation attemptslamp server targetinglamp stack targetinglamp vulnerability scanlamp_exploitlateral movementlogin attemptmailoney honeypotmalicious activitymalicious network activitymalicious softwaremalwaremalware behaviourmalware capturemanualnetworknetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork scanningnetwork securitynorth americaos command injectionpassword attackpassword attackspayment processingphishingphishing attackphishing trappolandpotential malicious activityprocess injectionprotocol exploitationpythonransomwarereconnaissanceremote servicesresearchedresource hijackingscannerscanning activityscriptscripting attackssentrypeer botnetsentrypeer detectionservice enumerationsftpsftp activitysftp attacksftp_attacksip brute forcesip scanningsip_attackslugsmtp brute forcesocial engineeringsocradar honeypotspamsshssh attackssh monitoringssh_bruteforcesurface webt1021t1021.001t1021.004t1040t1041t1046t1055t1059t1059.004t1059.007t1071.001t1078t1110t1110.001t1110.002t1110.003t1110.004t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1565t1566.001t1566.002t1566.003t1566.004t1587.001t1589t1590.001t1595t1595.001t1595.002t1595.003tannertargeting databasetcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencetor nodetpotceudp scanunauthenticated access attemptsunauthorized access attemptunauthorized access attemptsunidentified attackerunited statesvoipvoip attackvulnerability scanwealth managementweb application attackweb attackweb exploitationweb scannerweb spam

Activity Timeline

1 total obs

Apr 1Apr 1

Threat Activity Heatmap

· Peak: 2026-04-01

Less

Mon

Wed

Fri

Jun

Jul

Aug

Sep

Oct

Nov

Dec

Jan

Feb

Mar

Apr

May

Jun

24h

Dormant

30d

Dormant

3mo

Minimal

Intelligence SummaryAI Generated

This Indicator of Compromise (IOC), an IPv4 address, represents a significant and immediate threat to organizational security. With a score exceeding 50 and no whitelist status, it is strongly associated with malicious activities such as network scanning, brute force attempts, exploitation, and potential command-and-control operations. Its frequent appearance across numerous threat intelligence feeds and honeypot observations warrants urgent investigation, as it suggests active reconnaissance or…

Threat ScoreMedium Risk

SIGNAL

Signal Score

52%

Confidence

Reports

First seenSep 19, 2024

Last seenApr 1, 2026

GeolocationFR

CountryFrance

LocationParis, IDF

ASNAS12876

OrgONLINE

Coords48.8607, 2.3281

VirusTotal

Not checked

WHOIS

description: Unknown source type: h0neytr4p
raw: inetnum: 51.159.0.0 - 51.159.255.255 org: ORG-ONLI1-RIPE netname: ONLINENET_DEDICATED_SERVERS country: FR admin-c: MM42047-RIPE tech-c: MM42047-RIPE abuse-c: AR32851-RIPE status: LEGACY mnt-routes: ONLINESAS-MNT mnt-by: ONLINESAS-MNT created: 2018-02-09T11:38:35Z last-modified: 2018-02-28T16:21:55Z source: RIPE organisation: ORG-ONLI1-RIPE mnt-ref: MNT-TISCALIFR-B2B org-name: Scaleway org-type: OTHER address: 8 rue de la ville l'eveque 75008 PARIS abuse-c: AR32851-RIPE mnt-ref: ONLINE-NET-MNT mnt-by: ONLINE-NET-MNT created: 2015-07-10T15:20:41Z last-modified: 2022-05-03T15:39:01Z source: RIPE # Filtered person: Mickael Marchand address: 8 rue de la ville l'eveque 75008 PARIS phone: +33173502000 nic-hdl: MM42047-RIPE mnt-by: MMA-MNT created: 2015-07-10T15:02:32Z last-modified: 2016-02-23T12:43:25Z source: RIPE # Filtered route: 51.159.96.0/20 origin: AS12876 created: 2024-09-04T10:19:10Z last-modified: 2024-09-04T10:19:10Z source: RIPE descr: Scaleway descr: Paris, France mnt-by: ONLINE-NET-MNT
references: https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

`51.159.101.221`

MITRE ATT&CK TTPs

Network Information

Feed Intelligence Summary

Activity Timeline

Threat Activity Heatmap

VirusTotal

WHOIS

Export & API

IOC Journey

We value your privacy