IOC Radar
IPMediumSignal 24/100

51.89.136.168

Location
United KingdomUnited Kingdom
London, England
ASN
AS16276
OVH Ltd
First Seen
Feb 23, 2025
Last Seen
Apr 15, 2026
Feb 23
First Seen
488d ago
Apr 15
Last Seen
72d ago
11
Reports
source reports
24%
Confidence
medium
Found in 11 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
24%
Signal Score
24 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

19 techniques

Network Information

CountryGBUnited Kingdom
RegionLondon, England
ASNAS16276
OrganizationOVH Ltd

IP Category

Proxy
Proxy server

Feed Intelligence Summary

11 reports24% confidence
11
Source reports
24%
Confidence score
Category tags
access controlactive scanactive scanningbotnetbotnet activitybrute forcecommand and controldata exfiltrationdata store exposuredistributed attackseuropeexit nodeexploitation activitygbindicatorinjection activitymalicious softwaremalwaremalware distributionnetworknetwork scanningnetwork trafficprocess injectionproxyreconnaissanceresearchedscannersecurity policyt1016t1055t1071t1071.001t1071.002t1071.004t1090t1133t1190t1486t1496t1499.002t1499.003t1565t1572t1588t1595.001t1595.002t1595.003threat preventiontortor activitytor exit nodetor networktor nodeunited kingdomunited kingdom of great britain and northern ireland

Activity Timeline

1 total obs
Apr 15Apr 15

Threat Activity Heatmap

· Peak: 2026-04-15
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreLow Risk
24
SIGNAL
Signal Score
24%
Confidence
11
Reports
First seenFeb 23, 2025
Last seenApr 15, 2026
GeolocationGB
CountryUnited Kingdom
LocationLondon, England
ASNAS16276
OrgOVH Ltd
Coords51.5095, -0.0955
Proxy

VirusTotal

Not checked

WHOIS

description
IP Address belongs to Tor exit node.
raw
inetnum: 51.89.136.0 - 51.89.137.255 netname: PCI-UK1 country: GB org: ORG-OL17-RIPE geoloc: 51.48588 0.183567 admin-c: OTC14-RIPE tech-c: OTC14-RIPE status: LEGACY mnt-by: OVH-MNT created: 2019-02-18T09:43:43Z last-modified: 2019-02-18T09:43:43Z source: RIPE organisation: ORG-OL17-RIPE org-name: OVH Ltd org-type: OTHER address: New London House, 6 London Street address: EC3R 7LP, LONDON address: UK abuse-c: AR15333-RIPE admin-c: OTC2-RIPE mnt-ref: OVH-MNT mnt-by: OVH-MNT created: 2005-10-13T11:09:01Z last-modified: 2024-11-29T16:19:45Z source: RIPE # Filtered role: OVH UK Technical Contact address: OVH Ltd address: New London House, 6 London Street address: EC3R 7LP, LONDON address: UK admin-c: OK217-RIPE tech-c: GM84-RIPE nic-hdl: OTC14-RIPE abuse-mailbox: [email protected] mnt-by: OVH-MNT created: 2009-09-16T16:09:57Z last-modified: 2017-01-17T09:52:03Z source: RIPE # Filtered route: 51.89.0.0/16 origin: AS16276 mnt-by: OVH-MNT created: 2019-02-13T09:06:24Z last-modified: 2019-02-13T09:06:24Z source: RIPE
references
https://check.torproject.org/torbulkexitlist, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 2 months ago
Appeared in 11 threat reports