IPMediumSignal 71/100
89.195.5.18
Location
United StatesSan Francisco, California
ASN
AS8011
EE Limited
First Seen
Feb 5, 2026
Last Seen
Jun 20, 2026
Found in 9 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
71%
Signal Score
71 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryUnited States
United StatesRegionSan Francisco, California
ASNAS8011
OrganizationEE Limited
Feed Intelligence Summary
9 reports71% confidence
9
Source reports
71%
Confidence score
Category tags
abuseactive scanningaitmalienvault_ransomwareandroid app hijackinganti-virus evasionaptasiabrute forcecertchinachina-nexus threat actorcommand and controlcommunication technologiescommunity managementcompromised systemcontent sharingcredential accesscredential harvestingcredential stuffingdarknimbusdata exfiltrationdata interceptiondeep packet inspectiondigital platformsdknifeelfeurope/asiaftp brute forcegateway monitoringgateway-monitoringhttp scanningindicatoripv6240emalicious softwaremalwaremalware deliverymalware distributionmobile carriersmobile networksnetworknetwork intrusionnetwork scanningnetwork securitynetwork sniffingnorth americaphishingphishing attackpoisonplug.shadowprocess injectionprotocol exploitationratrctea botnetreconnaissanceremcos trojanremote accessremote access trojanremote servicesresearchedsame signersecurity operationssocial analyticssocial engineeringsocial mediasocial media marketingsocial media securitysocial networkingssh attackt1016t1021t1021.001t1040t1041t1046t1055t1056t1059t1059.003t1071t1071.001t1071.004t1078t1082t1095t1105t1110.002t1113t1132t1185t1189t1190t1195t1199t1204t1213t1486t1547t1550.003t1555t1557t1560t1565t1566t1566.001t1566.002t1566.003t1573t1584t1588.002t1590t1592t1595.001t1595.002t1595.003telecom servicestelecommunicationstelnet threatthreat intelligencetraffic manipulationturkeytwitterunited statesuser activity monitoringuser engagementwindows binary hijackingyara
Activity Timeline
Jun 20Jun 20
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreHigh Risk
71
SIGNAL
Signal Score
71%
Confidence
9
Reports
First seenFeb 5, 2026
Last seenJun 20, 2026
GeolocationUS
CountryUnited States
LocationSan Francisco, California
ASNAS8011
OrgEE Limited
Coords37.7749, -122.4190
VirusTotal
Not checked
WHOIS
- raw
- NetRange: 89.192.0.0 - 89.195.255.255 CIDR: 89.192.0.0/14 NetName: MONGO-89-192 NetHandle: NET-89-192-0-0-1 Parent: 89-RIPE (NET-89-0-0-0-1) NetType: Direct Allocation OriginAS: Organization: MongoDB, Inc. (MONGO-2) RegDate: 2024-12-03 Updated: 2025-01-27 Comment: Geofeed https://as8011.s3.us-east-2.amazonaws.com/geo-ip.txt Ref: https://rdap.arin.net/registry/ip/89.192.0.0 OrgName: MongoDB, Inc. OrgId: MONGO-2 Address: 1633 Broadway, 38th floor City: New York StateProv: NY PostalCode: 10036 Country: US RegDate: 2014-02-11 Updated: 2025-09-15 Ref: https://rdap.arin.net/registry/entity/MONGO-2 OrgTechHandle: HOSTM2212-ARIN OrgTechName: hostmaster OrgTechPhone: +1-917-443-1360 OrgTechEmail: [email protected] OrgTechRef: https://rdap.arin.net/registry/entity/HOSTM2212-ARIN OrgNOCHandle: HOSTM2212-ARIN OrgNOCName: hostmaster OrgNOCPhone: +1-917-443-1360 OrgNOCEmail: [email protected] OrgNOCRef: https://rdap.arin.net/registry/entity/HOSTM2212-ARIN OrgAbuseHandle: HOSTM2212-ARIN OrgAbuseName: hostmaster OrgAbusePhone: +1-917-443-1360 OrgAbuseEmail: [email protected] OrgAbuseRef: https://rdap.arin.net/registry/entity/HOSTM2212-ARIN
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 4 months ago · Last seen 1 day ago
Appeared in 9 threat reports