IPMediumSignal 61/100
107.189.1.20
Location
LuxembourgRoost, Mersch
ASN
AS53667
BuyVM
First Seen
Jun 3, 2026
Last Seen
Jun 3, 2026
Found in 7 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
61%
Signal Score
61 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryLuxembourg
LuxembourgRegionRoost, Mersch
ASNAS53667
OrganizationBuyVM
Feed Intelligence Summary
7 reports61% confidence
7
Source reports
61%
Confidence score
Category tags
abuseactive scanbad reputationbrute forcebrute-forcecowriedionaeaexploitexploitation activityfattinbound scanlunetworkp0fproxyransomwareresearchedscannersensor-taggedsocradar honeypotssht1595tannertpotvulnerability scanvulnerability-exploitation
Activity Timeline
Jun 3Jun 3
Threat Activity Heatmap
· Peak: 2026-06-03LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
61
SIGNAL
Signal Score
61%
Confidence
7
Reports
First seenJun 3, 2026
Last seenJun 3, 2026
GeolocationLU
CountryLuxembourg
LocationRoost, Mersch
ASNAS53667
OrgBuyVM
Coords49.7902, 6.0856
VirusTotal
Not checked
WHOIS
- description
- Score: 68/100. Labels: abuseipdb:exploited-host, abuseipdb:hacking, abuseipdb:high, abuseipdb:multi-reported, abuseipdb:port-scan, abuseipdb:reported. 107.189.1.20 classified as botnet node participating in coordinated attack campaigns (high confidence). Origin: enriched. Listed on: AbuseIPDB (exploited-host, hacking, high).
- raw
- FranTech Solutions PONYNET-11 (NET-107-189-0-0-1) 107.189.0.0 - 107.189.31.255 BuyVM BUYVM-LUXEMBOURG-02 (NET-107-189-0-0-2) 107.189.0.0 - 107.189.7.255
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 12 days ago · Last seen 11 days ago
Appeared in 7 threat reports