IPMediumSignal 49/100
107.189.8.70
Location
LuxembourgLuxembourg, Luxembourg
ASN
AS53667
Decix Frankfurt
First Seen
Oct 29, 2022
Last Seen
Jun 8, 2026
Found in 36 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
49%
Signal Score
49 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK
MITRE ATT&CK TTPs
Network Information
CountryLuxembourg
LuxembourgRegionLuxembourg, Luxembourg
ASNAS53667
OrganizationDecix Frankfurt
IP Category
⟲
Proxy
Proxy server
⊕
VPN
VPN exit node
Feed Intelligence Summary
36 reports49% confidence
36
Source reports
49%
Confidence score
Category tags
abuseabuseipdbaccess controlactive scanactive scanninganonymity network abuseanonymity serviceanonymization networkanonymization network trafficanonymization networksanonymization servicesanonymization_network_originanonymization_service_trafficanonymous proxiesanonymous proxy networkanonymous_proxyantispamapacheapache attackerapplication layer protocolaptattackattack infrastructureattack-vector:brute-forceattack-vector:port-scanaustraliaauthentication attemptsauto-generated securityauto-updatedautomated attacksautomated feedautomated network attacksautomated threatautomated_attackbad reputationbad web botblocked-ipsblocklist_allbotnetbotnet activitybotnet c2botnet indicatorsbrand weaponizationbrute forcebrute force attackbrute force attacksbrute force attemptsbrute-forcebrute_forcebrute_force_attackc2c2 addressesc2 communicationc2 infrastructurec2 serverchcisco asacisco asa targetingcisco devicecivil servicescommand & controlcommand and controlcommand injectioncommunication protocolcompromised hostcompromised host indicatorscompromised infrastructure indicatorscowrie honeypotcredential accesscredential attackcredential attackscredential brute forcecredential guessingcredential harvestingcredential stuffingcredential_accesscredential_attackcredential_guessingcredential_stuffingcryptocurrencycryptocurrency threatscryptojackingcyber threatsdarkforumsdata encryptiondata exfiltrationdata store exposuredatabase brute forcedatabase securityddosddos attackdecoy systemdenial of servicedevice managementdionaea honeypotdistributed attacksdnsdns attackelectronic health recordsencryptionenterprise networkingenumerationenumeration activityeuropeevent-type:credential-accessevent-type:initial-accessevent-type:reconnaissanceexit nodeexit node threatexploitexploit attemptexploitation activityexploitation attemptexploited hostexternal access attemptsexternal threatfailed login attemptsfattfeedfeed-harvestfeodofeodo trackerfeodo-trackerfinancefinancial servicesfinlandfireholfranceftpftp brute forceftp protocolftp_attemptsftp_brute_forcegermanygithubgovernment technologyhackinghashhealth care and social assistancehealth information technologyhealthcare information systemshoneynet connecthoneytrap honeypothospital managementhttp brute forcehttp scannerhttp scanninghttp/shttp_httpshttpsi2p networkidentity & access exploitationindicatorindicatorsindicators of compromiseindicators_of_compromiseinformation technologyinfostealerinfrastructure acquisitionreconnaissanceinitial accessinitial access attemptsinitial_accessinitial_access_attemptinjection activityinjection attacksinternet-facingintrusion detectioniociocsipv4isp-reputationit infrastructureja3ja3 fingerprintja3 fingerprintsja3 hashja3 hash iocja3 hashesja3 hashinglamplateral movementlinux serverslinux systemslog4jlogin attemptluluxembourgmailoney honeypotmalicious activitymalicious domainmalicious domainsmalicious hashesmalicious ip activitymalicious ipsmalicious linksmalicious softwaremalicious urlsmalicious_activitymalicious_ip_activitymalwaremalware behaviourmalware capturemalware communicationmalware delivery attemptmalware distributionmalware domainmalware domainsmalware indicatorsmalware urlsmanualmedical servicesmitre-attacknetworknetwork attacksnetwork device attacksnetwork device probingnetwork enumerationnetwork infrastructurenetwork intrusionnetwork intrusion attemptnetwork intrusion attemptsnetwork probingnetwork protocolnetwork reconnaissancenetwork scanningnetwork securitynetwork servicesnetwork trafficnetwork traffic analysisnetwork_attacknetwork_enumerationnetwork_indicatorsnetwork_reconnaissancenorth americaoceaniaopen proxyopenphish feedopenphish iocopportunistic attackp0fpassword attackpassword attackspatient carepattern-32pattern-38phishingphishing attackphishing campaignphishing campaignsphishing domainphishing domainsphishing trapphishing urlspolandpossible credential stuffingpossible reconnaissancepotential botnet activityprocess injectionprotocol exploitationprotocol scanningprotocol:ftpprotocol:httpprotocol:httpsprotocol:rdpprotocol:smtpprotocol:sshprotocol:telnetprotocol_scanningproxyproxy abuseproxy ipsproxy networkproxy serverproxy serverspublic administrationpublic infrastructurepublic policyransomwarerdp protocolrdp_attemptsrdp_brute_forcereconnaissancereconnaissance activityregulatory agenciesremote accessremote servicesresearchedresidential proxyresource hijackingscannerscanning activitysecurity operationssecurity policysecurity_eventsensor-taggedsentrypeer botnetservice discoveryservice enumerationservice scanservice scanningsftp attacksip scanningsmb brute forcesmtpsmtp brute forcesmtp scanningsocial engineeringsoftware developmentspamspam campaignsspam domainsspam sourcespamhausspamhaus dropspamhaus drop feedspamhaus drop iocspamhausdropsshssh attackssh monitoringssh protocolssh_attemptsssh_brute_forcessl blacklistssl certificatessl certificatesssl-enrichmentssl/tls enrichmentsslblsslblackliststealcstixstix 2.1stix feedstix-2.1supply chain attacksupply-chainsuspected malicious activitysyn scant1005t1016t1016.001t1018t1021t1021.001t1021.002t1021.003t1021.004t1021.005t1027t1036.006t1040t1041t1046t1048t1053t1055t1059t1059.001t1059.003t1059.004t1068t1071t1071.001t1071.002t1071.004t1076t1077t1078t1083t1090t1090 - proxyt1090 proxyt1090.002t1090.003t1102t1105t1110t1110 brute forcet1110.001t1110.002t1110.003t1110.004t1133t1140t1189t1190t1192t1195t1195.001t1195.002t1203t1204t1204.001t1204.002t1210t1486t1496t1499.001t1499.002t1499.003t1547.001t1555.003t1563t1564.003t1565t1566t1566.001t1566.002t1566.003t1566.004t1572t1573t1573.001t1583t1583.001t1583.006t1584t1585t1586t1587.001t1588t1588.002t1588.004t1588.006t1589t1589.001t1589.002t1590t1590.001t1590.005t1590.006t1592t1592.002t1592.004t1595t1595 active scanningt1595.001t1595.002t1595.003tannertcp protocoltcp scantcp scanningteam cymrutelecommunicationstelnet threattelnet_attemptsthreat actorthreat detectionthreat feedthreat infrastructurethreat intelligencethreat intelligence aggregationthreat intelligence feedthreat preventionthreat-actor:unattributedthreat-intelthreat-intelligencethreat_activitythreat_actor_activitythreat_indicatorthreat_intelligencethreat_intelligence_feedtls fingerprinttortor activitytor exittor exit nodetor exit nodestor networktor network activitytor nodetor-exit-nodestor-guard-nodestor_exit_nodetorexittorexitnodestpotudp scanunattributed threat actorunattributed_threat_activityunauthorized accessunauthorized access attemptunauthorized access attemptsunidentified threat actorunited statesunknown threat actorurlhausvoipvoip attackvpnvpn ipvpn networkvpn servicevpn trafficvulnerability scanvulnerability-exploitationweb app attackweb application attackweb application attacksweb exploitationweb securityweb service scanningweb spamweb traffic
Activity Timeline
Jun 8Jun 8
Threat Activity Heatmap
· Peak: 2026-06-08LessMore
Mon
Wed
Fri
24h
0
Dormant
7d
0
Dormant
30d
1
Minimal
3mo
1
Minimal
Threat ScoreMedium Risk
49
SIGNAL
Signal Score
49%
Confidence
36
Reports
First seenOct 29, 2022
Last seenJun 8, 2026
GeolocationLU
CountryLuxembourg
LocationLuxembourg, Luxembourg
ASNAS53667
OrgDecix Frankfurt
Coords49.7498, 6.1661
ProxyVPN
VirusTotal
Not checked
WHOIS
- description
- Anonymization_Network indicators. Date: Apr 8, 2026. Part 1/5. For more threat intelligence visit https://ltna.com.au/cyber
- raw
- inetnum: 107.184.0.0 - 107.191.67.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: For registration information, remarks: you can consult the following sources: remarks: remarks: IANA remarks: http://www.iana.org/assignments/ipv4-address-space remarks: http://www.iana.org/assignments/iana-ipv4-special-registry remarks: http://www.iana.org/assignments/ipv4-recovered-address-space remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.net remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT created: 2021-02-09T14:31:35Z last-modified: 2021-02-09T14:31:35Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE # Filtered
- references
- https://check.torproject.org/torbulkexitlist, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://iplists.firehol.org/?ipset=tor_exits, Exit_Nodes.csv
Export & API
STIX 2.1 Bundle
CSV Export
Permalink
IOC Journey
mediumFirst detected 3 years ago · Last seen 18 days ago
Appeared in 36 threat reports