IOC Radar
IPMediumSignal 70/100

45.135.194.28

Location
GermanyGermany
Langen, Hesse
ASN
AS51396
Pfcloud UG
First Seen
Feb 12, 2025
Last Seen
Apr 19, 2026
Feb 12
First Seen
487d ago
Apr 19
Last Seen
55d ago
19
Reports
source reports
70%
Confidence
medium
12/91
VirusTotal
detections
Found in 19 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
70%
Signal Score
70 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

37 techniques

Network Information

CountryDEGermany
RegionLangen, Hesse
ASNAS51396
OrganizationPfcloud UG

Feed Intelligence Summary

19 reports70% confidence
19
Source reports
70%
Confidence score
Category tags
abuseaccess controlactive scanactive scanningarmasyncratattackbackdoorbad reputationbase64base64 encodingbashbitbucketblankgrabberbookingbotnetbotnet activitybrute forcebulk emailcensyscoinminercommand and controlcommunication protocolcompromise ipv4cowrie honeypotcredential accesscredential harvestingcredential stuffingcredential theftcryptocurrencycurldata exfiltrationdata store exposuredcratddosddos attacksddosagentdecoy systemdenial of servicedionaea honeypotdistributed attackselfeuropeexeexecutable fileexploitexploitation activityfakecaptchaftp brute forcegafgytgermanygobackdoorguloaderhajimehtahttp brute forceidentity & access exploitationindicatorinfostealerinjection activityinternet of thingsintrusion detectioniociot botnetiot devicesiot securityiot/ics attackipv4ipv4 portlinuxlummastealermalicious activitymalicious softwaremalwaremalware behaviourmalware capturemetastealermipsmirai botnetmozinetherlandsnetworknetwork attacksnetwork intrusion attemptsnetwork protocolnetwork scanningnetwork securityopen-diropendirpasswordpassword theftphishingphishing attackphishing campaignprice requestprice request scamprocess injectionps1quasarratreconnaissanceredlinestealerremote accessremote servicesresearchedresource hijackingrev-base64-loadersaint helena, ascension and tristan da cunhascams & fraudscanscannerschedule themesecurity operationssecurity policysentrypeer botnetsftp attackshell scriptsip attackssocial engineeringssh attackssh monitoringsshdkitstealcsyn scant1021t1021.001t1027t1040t1041t1046t1055t1059t1059.004t1071.001t1076t1078t1078.001t1078.004t1105t1110t1110.002t1133t1190t1192t1204.002t1486t1496t1497t1499.001t1499.002t1499.003t1563t1565t1566t1566.001t1566.002t1566.003t1595t1595.001t1595.002t1595.003tariff server themetariffs servertcp protocoltcp scantelecommunicationsthreat actorthreat intelligencethreat preventiontor nodeua-wgetudp scanurlhausvoipvoip attackwetransfer abusewgetwsgidav

Activity Timeline

1 total obs
Apr 19Apr 19

Threat Activity Heatmap

· Peak: 2026-04-19
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
70
SIGNAL
Signal Score
70%
Confidence
19
Reports
First seenFeb 12, 2025
Last seenApr 19, 2026
GeolocationDE
CountryGermany
LocationLangen, Hesse
ASNAS51396
OrgPfcloud UG
Coords51.2993, 9.4910

VirusTotal

12/ 91vendors flagged
13% detection rateJun 8, 2026

WHOIS

raw
inetnum: 45.135.194.0 - 45.135.194.255 netname: PFCLOUD-NET org: ORG-PU39-RIPE country: DE admin-c: AA42303-RIPE tech-c: AA42303-RIPE status: ASSIGNED PA mnt-by: mnt-de-xsserver-1 created: 2025-01-26T11:42:47Z last-modified: 2025-01-26T11:42:47Z source: RIPE organisation: ORG-PU39-RIPE org-type: OTHER org-name: Pfcloud UG address: Lilienstra�e 5 address: 94051 Hauzenberg country: DE abuse-c: AA42303-RIPE mnt-ref: MNT-NETERRA mnt-ref: pfcloud-mnt mnt-ref: WHITELABEL-MNT mnt-ref: DGTL-MNT mnt-ref: LV-VERNET-HM-MNT mnt-ref: lir-ae-royal-1-MNT mnt-ref: mnt-de-xsserver-1 mnt-ref: Mnt-zexotek mnt-by: pfcloud-mnt created: 2023-11-26T15:29:32Z last-modified: 2025-04-09T11:06:56Z source: RIPE # Filtered role: Admin address: Lilienstra�e 5, 94051 Hauzenberg abuse-mailbox: [email protected] nic-hdl: AA42303-RIPE mnt-by: pfcloud-mnt created: 2023-11-26T15:27:29Z last-modified: 2024-02-08T20:37:11Z source: RIPE # Filtered route: 45.135.194.0/24 origin: AS51396 mnt-by: mnt-de-xsserver-1 created: 2025-01-26T11:42:15Z last-modified: 2025-01-26T11:42:15Z source: RIPE
references
https://github.com/telekom-security/tpotce, https://raw.githubusercontent.com/ahamed-rizvan/IOCs/refs/heads/main/Malicous%20IP%20Address.txt, https://1275.ru/ioc/gs-25-1169-mirai-botnet-iocs_9901, https://urlhaus.abuse.ch/browse/, https://example.com

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 19 threat reports