IPMediumSignal 58/100
104.244.73.14
Location
LuxembourgRoost, Luxembourg
ASN
AS53667
BuyVM
First Seen
Jun 26, 2024
Last Seen
Jun 21, 2026
Found in 23 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
58%
Signal Score
58 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryLuxembourg
LuxembourgRegionRoost, Luxembourg
ASNAS53667
OrganizationBuyVM
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
23 reports58% confidence
23
Source reports
58%
Confidence score
Category tags
abuseactive scanactive scanninganonymization networkanonymization network trafficanonymization servicesanonymization toolsanonymization_network_originanonymization_service_trafficanonymous proxiesapacheapache attackerattackaustraliaauthenticationauthentication attemptsautomated attackautomated attacksautomated threatautomated_attackbad reputationbad web botblocklist_allblog spambotnetbotnet activitybrute forcebrute force attackbrute force attackerbrute force attacksbrute force attemptbrute force authenticationbrute-forcebrute_forcebrute_force_attackbruteforcecanadachcisco devicecisco device exploitationcisco exploitation attemptscloud infrastructurecommand and controlcommunication protocolcompromised hostcowriecowrie attackscowrie honeypotcredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential_accesscredential_access_attemptcredential_attackcredential_guessingcredential_stuffingdata encryptiondata exfiltrationdata store exposuredatabase attackdatabase brute forcedatabase securityddosddos attackdecoy systemdenial of servicedevice managementdigital oceandionaeadionaea attacksdionaea honeypotelasticpot honeypotelasticsearch monitoringencryptionenterprise networkingenumerationeuropeexploit attemptexploitationexploitation activityexploited hostexposed_portsexternal access attemptsexternal_scanningfattfin scanftpftp brute forceftp_attemptsftp_brute_forceftp_protocolftp_servicehackinghoneytrap datahoneytrap honeypothttp brute forcehttp scannerhttp scanninghttp/shttp_brute_forcehttpsidentity & access exploitationindicatorsindicators of compromiseindicators_of_compromiseinformation technologyinitial accessinitial_accessinitial_access_attemptinjection activityinjection attacksintrusion detectioniociot securityipv4it infrastructurelamplamp attacklamp exploitation attemptslamp server attacklamp stack targetinglateral movementlinux serverslinux systemsluluxembourgmailoney honeypotmalicious activitymalicious activity detectedmalicious ip activitymalicious trafficmalicious_ipmalicious_trafficmalwaremalware behaviourmalware capturemalware delivery attemptmalware detectionmalware distributionnetworknetwork activitynetwork attacksnetwork device probingnetwork infrastructurenetwork intrusionnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork service scanningnetwork servicesnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenorth americanull scanobfuscated_originoceaniaopen proxyopenctiopportunistic attackp0fpassword attackpassword attacksphishingphishing attackphishing trappossible credential stuffingpossible malware distributionpossible mirai variantpotential botnet activitypotential_intrusion_attemptprotocol exploitationprotocol scanningprotocol_scanningproxyproxy networkproxy server detectionproxy serversproxy serviceproxy_trafficrdp_attemptsrdp_brute_forcerdp_protocolrdp_servicereconnaissancereconnaissance activityremote accessremote servicesresearchedresource hijackingscannerscannersscanning activityscripting attackssecurity operationssensor-taggedsentrypeer botnetsentrypeer detectionservice discoveryservice enumerationservice scanservice scanningservice_discoverysftp access attemptsftp attacksftp attackssip attackssip brute forcesip scanningsmb_brute_forcesmtpsmtp attackersmtp scanningsocial engineeringsoftware developmentspamsshssh attackssh monitoringssh_attemptsssh_brute_forcessh_protocolssh_servicesyn scansystem accesst1016t1018t1021t1021.001t1021.002t1040t1041t1046t1059t1059.001t1059.003t1059.004t1059.007t1071.001t1076t1077t1078t1083t1090t1090 proxyt1090.002t1090.003t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1189t1190t1203t1204.002t1486t1496t1499.001t1499.002t1499.003t1563t1564.003t1566.001t1566.002t1566.003t1566.004t1583t1587t1589t1589.001t1590t1590.001t1590.005t1590.006t1592t1592.002t1595t1595 active scanningt1595.001t1595.002t1595.003tannertargeting databasetcp protocoltcp scantcp scanningtelecommunicationstelnet threattelnet_attemptstelnet_protocolthreat actorthreat detectionthreat infrastructurethreat intelligencethreat_activitythreat_actor_activitythreat_actor_group_unknownthreat_intelligencethreat_intelligence_feedtortor exit nodetor networktor network activitytor nodetor_activitytor_exit_nodetpotudp port scanudp scanunattributed threat actorunattributed_threat_activityunauthorized accessunauthorized access attemptvoipvoip attackvpnvpn activityvpn ipvpn networkvpn trafficvpn_activityweb app attackweb application attackweb application scanningweb attackweb exploitweb exploitationweb service scanningweb spamweb trafficxmas scan
Activity Timeline
Jun 21Jun 21
Threat Activity Heatmap
LessMore
Mon
Wed
Fri
24h
1
Minimal
7d
1
Minimal
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
58
SIGNAL
Signal Score
58%
Confidence
23
Reports
First seenJun 26, 2024
Last seenJun 21, 2026
GeolocationLU
CountryLuxembourg
LocationRoost, Luxembourg
ASNAS53667
OrgBuyVM
Coords49.6115, 6.1300
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- tor search result.
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 2 years ago · Last seen today
Appeared in 23 threat reports