107.189.3.11 Threat Intelligence and Host Information

Mar 09, 2026 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 107.189.3.11 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

Mitre ATT&CK IDs: T1071.001 - Web Protocols, T1105 - Ingress Tool Transfer, T1204.002 - Malicious File, T1566.002 - Spearphishing Link
Tags: 2026-02, anonymization_network, automated, Automated, cisco, cowrie, dionaea, dugganusa, elasticpot, email, feed-harvest, feodo, heralding, honeytrap, ja3, LAMP, mailoney, malicious, OpenCTI, openphish, sentrypeer, sftp, sip, spamhaus, ssh, sslbl, tanner, tor, urlhaus
Known tor exit node
JARM: 2ad2ad16d2ad2ad00042d42d000000332dc9cd7d90589195193c8bb05d84fa
View other sources: Spamhaus VirusTotal
Contained within other IP sets: blocklist_net_ua, haley_ssh, sblam, stopforumspam_365d, tor_exits_1d, tor_exits_30d, tor_exits_7d, tor_exits

Known TOR node
Country: Luxembourg
Network:
Noticed: 50 times
Protocols Attacked: portscan
Passive DNS Results: aucoeurdelamie.fr www.ljubljana.hu ljubljana.hu littabook.com meslivres.ca organekauffmann.fr bernytradschool.org www.boschemtbchallenge.fr boschemtbchallenge.fr www.bmbrealestate.com www.lombardkawasakisuzuki.com lombardkawasakisuzuki.com ftp.ermitage.ca www.ermitage.ca smtp.ermitage.ca pop.ermitage.ca ermitage.ca www.doublenoir.fr doublenoir.fr smtp.doublenoir.fr ftp.doublenoir.fr pop.doublenoir.fr samariter-schattdorf.ch www.samariter-schattdorf.ch www.allodepute.fr allodepute.fr www.novascotia-ultrasound.ca novascotia-ultrasound.ca www.tikibiosciences.com tikibiosciences.com www.zelid.fr zelid.fr www.gmhonline.org gmhonline.org kimporter.co.uk www.johnknoxsexclub.com www.thehyerssisters.com johnknoxsexclub.com thehyerssisters.com marinemployment.org www.marinemployment.org www.hjemmekontorstoler.com www.lawetalnews.com hjemmekontorstoler.com meteo123.ro www.meteo123.ro www.cv-games.com www.mcajournal.org pokerfanatics.net kandswrestlefest.com redlambofficial.com gamblingseason.com wilsonwhirligigfestival.com senzalarestaurant.com www.deepimpactmovie.com adanja.net medicalofficeassistantjobdescription.com therednoseinstitute.com thebusinessmodels.com merseyrivercrafts.com chilledpoker.com robertsltd.co.uk phuketpropertymap.com dezinevalley.com eurobadminton2008.com androidapps.org www.event-o.net highplainswinegrowers.org onelocalnews.com bmbrealestate.com mmcd.hu un-complicate.com beforeandafterlooks.com nmgeocaching.com remix-nation.com bluemarlincasino.com markeemag.com mychromeaddons.com www.mychromeaddons.com mcajournal.org www.avonba.co.uk www.nuipohaku.com www.basketballsense.com event-o.net breizhweb.net encoreband.net rdargentina.com www.bukmacherskie-zaklady.pl www.bet-club.pl www.skinationals2020.ca skinationals2020.ca ergonomisk-kontorstol.com hodepine-stress.com traiteuraumaille.com www.lifesuccess.org www.vintagesaab.com www.servingupdiabetes.com kenwoodretreat.com vmmik.hu www.peggysharp.com www.myhealthline.co.uk www.rrhhpositivo.com www.forestworksme.org www.darwinsdemise.com lechameauivre.fr www.lechameauivre.fr www.madgoatlady.com www.freewebthemes.co.uk freewebthemes.co.uk www.tfgb.org.uk www.techairlines.com www.williamsadler.com williamsadler.com www.wirtualnybukmacher.pl www.sportnaukowo.pl www.firmybukmacherskie.pl www.rabatlocalcouncil.com www.synchronicitygallery.com synchronicitygallery.com computeredradio.com www.orvostortenet.hu orvostortenet.hu crazynfunny.com www.dietstory.fr dietstory.fr lawetalnews.com kerinstallmentcashadvance.com avonba.co.uk www.thederekbutlertrust.org.uk www.federicosirianni.it federicosirianni.it cucinafamiglia.com www.nomajormusik.com www.kontroverze.eu diamantring-smykker.com prisbelonnet-sommerdekk.com www.cornwall365.co.uk weekendtv.net dolchamar.net www.lbcma.org.uk www.californiastoragecompany.com hundefor-online.com lydplanke-online.com gulvlamper.com ronstetkewicz.com asempalodge.com takinstallasjon.com vaerbestandige-hagemobler.com lokale-elektriker.com just-grills.com madgoatlady.com nuipohaku.com tfgb.org.uk basketballsense.com techairlines.com cv-games.com sportnaukowo.pl firmybukmacherskie.pl advantagebehavioral.org rabatlocalcouncil.com cpcontacts.thederekbutlertrust.org.uk cpcalendars.thederekbutlertrust.org.uk thederekbutlertrust.org.uk nomajormusik.com cpcontacts.kontroverze.eu cpcalendars.kontroverze.eu kontroverze.eu evil.che.lu che.lu cpcontacts.cornwall365.co.uk cpcalendars.cornwall365.co.uk cornwall365.co.uk cpcalendars.lbcma.org.uk lbcma.org.uk cpcontacts.lbcma.org.uk cpcontacts.californiastoragecompany.com cpcalendars.californiastoragecompany.com californiastoragecompany.com wirtualnybukmacher.pl bukmacherskie-zaklady.pl bet-club.pl cpcontacts.deepimpactmovie.com cpcalendars.deepimpactmovie.com deepimpactmovie.com bingosites101.com cpcalendars.bingosites101.com cpcontacts.bingosites101.com servingupdiabetes.com lifesuccess.org vintagesaab.com peggysharp.com www.hotspotter.hu hotspotter.hu myhealthline.co.uk pop.scriptencode.org smtp.scriptencode.org scriptencode.org www.scriptencode.org ftp.scriptencode.org monsterlegends.rrhhpositivo.com rrhhpositivo.com freerobuxforkids.rrhhpositivo.com freeeshopcodes.rrhhpositivo.com freefirehack.rrhhpositivo.com darwinsdemise.com forestworksme.org cloud387.com securemychasesecure05bchase.pazizu59.xyz cln.squadpress.com ymn.drewme.com lookat.drewme.com whm.drw.fun drw.fun

Open Ports Detected

443

Map

Whois Information

NetRange: 107.189.0.0 - 107.189.31.255
CIDR: 107.189.0.0/19
NetName: PONYNET-11
NetHandle: NET-107-189-0-0-1
Parent: NET107 (NET-107-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: FranTech Solutions (SYNDI-5)
RegDate: 2014-04-17
Updated: 2014-04-17
Ref: https://rdap.arin.net/registry/ip/107.189.0.0
OrgName: FranTech Solutions
OrgId: SYNDI-5
Address: 1621 Central Ave
City: Cheyenne
StateProv: WY
PostalCode: 82001
Country: US
RegDate: 2010-07-21
Updated: 2024-11-25
Ref: https://rdap.arin.net/registry/entity/SYNDI-5
OrgTechHandle: FDI19-ARIN
OrgTechName: Dias, Francisco
OrgTechPhone: +1-702-728-8933
OrgTechEmail: admin@frantech.ca
OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
OrgAbuseHandle: FDI19-ARIN
OrgAbuseName: Dias, Francisco
OrgAbusePhone: +1-702-728-8933
OrgAbuseEmail: admin@frantech.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
NetRange: 107.189.0.0 - 107.189.7.255
CIDR: 107.189.0.0/21
NetName: BUYVM-LUXEMBOURG-02
NetHandle: NET-107-189-0-0-2
Parent: PONYNET-11 (NET-107-189-0-0-1)
NetType: Reallocated
OriginAS:
Organization: BuyVM (BUYVM)
RegDate: 2019-10-22
Updated: 2019-10-22
Ref: https://rdap.arin.net/registry/ip/107.189.0.0
OrgName: BuyVM
OrgId: BUYVM
Address: 3, op der Poukewiss
City: Roost
StateProv:
PostalCode: 7795
Country: LU
RegDate: 2017-10-01
Updated: 2017-10-01
Ref: https://rdap.arin.net/registry/entity/BUYVM
OrgAbuseHandle: FDI19-ARIN
OrgAbuseName: Dias, Francisco
OrgAbusePhone: +1-702-728-8933
OrgAbuseEmail: admin@frantech.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/FDI19-ARIN
OrgTechHandle: FDI19-ARIN
OrgTechName: Dias, Francisco
OrgTechPhone: +1-702-728-8933
OrgTechEmail: admin@frantech.ca
OrgTechRef: https://rdap.arin.net/registry/entity/FDI19-ARIN

Links to attack logs

****** bruteforce-ip-list-2021-07-31 bruteforce-ip-list-2021-07-12 ******

Share on: