107.189.1.81 Threat Intelligence and Host Information

Aug 15, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 107.189.1.81 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Possibly Malicious Host 🟢 14/100

Host and Network Information

View other sources: Spamhaus VirusTotal
Contained within other IP sets: ciarmy, haley_ssh

Country: Luxembourg
Network:
Noticed: times
Protocols Attacked: snmp ssh
Passive DNS Results: h.personallife.online kh1.download10.ml v2.936454.xyz t.936454.xyz

Open Ports Detected

1000 10000 102 1023 1025 104 1099 11 111 113 1153 1177 119 1193 1200 121 122 1234 1235 1283 13 1337 1343 1364 1388 1400 1414 1433 1443 1451 1452 1457 15 1521 154 1650 17 1723 1741 175 179 1800 19 190 1911 195 1950 1955 1958 1962 1964 1973 1974 1975 1979 1980 1989 1990 2000 2003 2008 2012 2022 2031 2050 2054 2061 2067 2072 2078 2082 2087 21 2100 2108 2121 2122 2130 2154 2201 2222 225 23 2323 2332 2363 2375 2376 2379 2404 2455 2480 2555 2557 2566 2599 26 2761 2762 285 2850 3000 3001 3012 3014 3021 3048 3050 3054 3060 3063 3079 3081 3099 3103 3107 3117 3127 3128 3131 3142 3156 3159 3163 3179 3184 3197 3268 3269 3299 3306 3333 3341 3345 3388 3389 3460 3530 3541 3551 3560 3563 3622 3689 37 3749 3780 3790 38 4000 4002 4022 4040 4063 4064 4150 4242 4244 427 43 4321 440 443 4433 4434 4438 444 4440 4443 4444 445 4500 4506 4510 4524 4572 4664 4747 4782 4808 4840 4848 49 4911 4933 4949 5000 5005 5006 5009 502 5025 5061 5093 51 5120 513 515 5180 5190 5201 5222 5233 5234 5236 5243 5253 5260 5261 5276 5351 5357 5431 5432 5446 548 554 5556 556 5567 5600 5609 5630 5672 5680 5701 5721 5800 5801 5858 5900 591 5916 5919 5938 5984 5985 5994 5995 5996 5998 6000 6002 6005 6011 6021 6060 6308 631 6379 66 6601 6602 6633 6653 6664 6666 6667 6668 6697 6700 6748 685 70 7001 7006 7010 7015 7022 7071 7170 7218 7302 7401 7415 7434 7443 7445 7474 7510 7548 7634 7657 772 7775 7782 782 789 79 7989 80 8000 8001 8003 8009 8010 8012 8019 8026 8031 8033 8037 8043 8046 8047 8068 8069 8075 8077 8080 8081 8082 8083 8084 8085 8086 8087 8099 81 8100 8101 8111 8112 8121 8123 8125 8126 8133 8140 8164 8169 8170 8181 8182 8183 8188 82 8200 8239 8251 8291 830 8316 8317 8319 832 8322 8333 8334 8382 84 8409 8422 8423 8430 8434 8440 8441 8443 8447 8454 8462 8485 8501 8510 8514 8524 8525 853 8531 8536 8551 8556 8557 8558 8560 8561 8562 8566 8567 8575 8576 8577 8589 8602 8607 87 8704 8723 873 8782 88 880 8800 8802 8805 8812 8822 8825 8842 8851 8876 8880 8886 8888 8889 8891 89 8905 8910 8993 8999 9001 9002 9003 9009 9010 9011 9014 9015 9016 9019 902 9038 9042 9050 9051 9052 9058 9077 9080 9089 9090 9091 9092 9093 9094 9098 9100 9108 9110 9116 9131 9134 9143 9146 9147 9150 9151 9154 9168 9173 9174 9181 9190 9191 9198 9199 9200 9201 9213 9218 9244 9295 9305 9306 9309 9310 9315 9333 9398 9399 9418 9447 9500 953 9595 9600 9606 9658 9674 9682 9869 9888 9898 99 9928 993 9943 9944 9990 9993 9998 9999

CVEs Detected

CVE-2021-3618 CVE-2023-44487

Map

Whois Information

NetRange: 107.189.0.0 - 107.189.31.255
CIDR: 107.189.0.0/19
NetName: PONYNET-11
NetHandle: NET-107-189-0-0-1
Parent: NET107 (NET-107-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: FranTech Solutions (SYNDI-5)
RegDate: 2014-04-17
Updated: 2014-04-17
Ref: https://rdap.arin.net/registry/ip/107.189.0.0
OrgName: FranTech Solutions
OrgId: SYNDI-5
Address: 1621 Central Ave
City: Cheyenne
StateProv: WY
PostalCode: 82001
Country: US
RegDate: 2010-07-21
Updated: 2024-11-25
Ref: https://rdap.arin.net/registry/entity/SYNDI-5
OrgAbuseHandle: FDI19-ARIN
OrgAbuseName: Dias, Francisco
OrgAbusePhone: +1-778-977-8246
OrgAbuseEmail: fdias@frantech.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
OrgTechHandle: FDI19-ARIN
OrgTechName: Dias, Francisco
OrgTechPhone: +1-778-977-8246
OrgTechEmail: fdias@frantech.ca
OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
NetRange: 107.189.0.0 - 107.189.7.255
CIDR: 107.189.0.0/21
NetName: BUYVM-LUXEMBOURG-02
NetHandle: NET-107-189-0-0-2
Parent: PONYNET-11 (NET-107-189-0-0-1)
NetType: Reallocated
OriginAS:
Organization: BuyVM (BUYVM)
RegDate: 2019-10-22
Updated: 2019-10-22
Ref: https://rdap.arin.net/registry/ip/107.189.0.0
OrgName: BuyVM
OrgId: BUYVM
Address: 3, op der Poukewiss
City: Roost
StateProv:
PostalCode: 7795
Country: LU
RegDate: 2017-10-01
Updated: 2017-10-01
Ref: https://rdap.arin.net/registry/entity/BUYVM
OrgTechHandle: FDI19-ARIN
OrgTechName: Dias, Francisco
OrgTechPhone: +1-778-977-8246
OrgTechEmail: fdias@frantech.ca
OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
OrgAbuseHandle: FDI19-ARIN
OrgAbuseName: Dias, Francisco
OrgAbusePhone: +1-778-977-8246
OrgAbuseEmail: fdias@frantech.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

Share on: