IOC Radar
IPMediumSignal 37/100

107.189.3.94

Location
LuxembourgLuxembourg
Roost, Mersch
ASN
AS53667
BuyVM
First Seen
Dec 25, 2023
Last Seen
Jun 4, 2026
Dec 25
First Seen
909d ago
Jun 4
Last Seen
17d ago
29
Reports
source reports
37%
Confidence
medium
Found in 29 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
37%
Signal Score
37 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

67 techniques

Network Information

CountryLULuxembourg
RegionRoost, Mersch
ASNAS53667
OrganizationBuyVM

IP Category

Proxy
Proxy server
VPN
VPN exit node

Feed Intelligence Summary

29 reports37% confidence
29
Source reports
37%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningadbhoney honeypotanonymity network abuseattackaustraliaauthbypassauthorization bypassauto-generated securitybad reputationbad web botblocklist_allbotnetbotnet activitybrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcec2chcisco asacisco devicecisco exploitation attemptcisco exploitation attemptscommand & controlcommand and controlcommand injectioncommunication protocolcompromised credentialscompromised hostconpot honeypotcowriecowrie honeypotcowrie interactionscredential accesscredential guessingcredential harvestingcredential stuffingctacve exploitcve exploitationdata exfiltrationdata store exposuredatabase attackdatabase brute forcedatabase probingdatabase securityddosddos attackddos preparationddos reflectiondecoy systemdenial of servicedevice managementdionaeadionaea honeypotdionaea interactionsdistributed attacksdnsdns attackelasticpot honeypotelasticsearch monitoringenterprise networkingeuropeexit nodeexit node threatexploitexploitationexploitation activityexploited hostfattfatt signaturesfinlandfireholfranceftpftp brute forcegermanyhackinghoneynet connecthoneytrap honeypothoneytrap interactionshttp brute forcehttp probinghttp scannerhttp scanningicmpics securityidentity & access exploitationindustrial control systemsinfrastructure acquisitionreconnaissanceinitial accessinjection activityinjection attacksintrusion detectioniot securityiot/ics attacklamplamp server targetinglamp stack exploitationlateral movementlogin attemptlumailoney honeypotmailoney interactionsmalicious activitymalicious emailmalicious ip activitymalicious softwaremalwaremalware analysismalware behaviourmalware capturemalware delivery attemptmalware distributionmanualmonthlynetworknetwork activitynetwork attacksnetwork device probingnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork intrusion detectionnetwork protocolnetwork scanningnetwork securitynetwork service scanningnetwork trafficnetwork traffic analysisnorth americaoceaniaopen proxyopportunistic attackp0fp0f signaturespassword attackpassword attacksphishingphishing attackphishing trappolandpossible reconnaissancepotential credential compromisepotential malicious activityprivilege escalationprocess injectionprotocol exploitationproxyproxy ipsransomwarereconnaissanceredis honeypotremote accessremote code executionremote servicesresearchedresource hijackingscannerscanning activitysecurity operationssecurity policysensor-taggedsentrypeer botnetsentrypeer interactionsservice scansftp attacksftp attackssip attackssip scansip scanningsmb brute forcesmtpsmtp brute forcesmtp probingsmtp scanningsocial engineeringspamspamhaussshssh attackssh monitoringsuricata alertssystem compromiset-pott1005t1016t1016.001t1018t1020t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1040t1041t1046t1053t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1071.002t1071.004t1076t1078t1083t1090t1110t1110.001t1110.002t1110.003t1110.004t1133t1187t1189t1190t1203t1204.002t1213t1486t1496t1499.001t1499.002t1499.003t1555t1563t1565t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583.001t1587.001t1588t1588.002t1589t1590.001t1592t1595t1595.001t1595.002t1595.003tannertanner interactionstargeting databasetcp protocoltcp scantelecommunicationstelnet threatthreat actorthreat detectionthreat intelligencethreat preventiontortor activitytor exittor exit nodetor networktor nodetpotudp scanunattributed threat actorunauthenticated accessunauthorized access attemptunited statesvoipvoip attackvpnvpn ipvulnerability scanweb app attackweb application attackweb application scanweb exploit attemptweb exploitationweb serverweb server attackweb service scanningweb spamweb traffic

Activity Timeline

1 total obs
Jun 4Jun 4

Threat Activity Heatmap

· Peak: 2026-06-04
Less
More
Mon
Wed
Fri
Jun
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
·
·
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreLow Risk
37
SIGNAL
Signal Score
37%
Confidence
29
Reports
First seenDec 25, 2023
Last seenJun 4, 2026
GeolocationLU
CountryLuxembourg
LocationRoost, Mersch
ASNAS53667
OrgBuyVM
Coords49.7866, 6.0753
ProxyVPN

VirusTotal

Not checked

WHOIS

description
seen in Dionaea honeypot logs; events=1; services=httpd; ports=81; cc=LU; asn=53667; asn_org=FranTech Solutions

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 2 years ago · Last seen 17 days ago
Appeared in 29 threat reports